WO2001080149A2 - System and method for managing user demographic information using digital certificates - Google Patents

System and method for managing user demographic information using digital certificates Download PDF

Info

Publication number
WO2001080149A2
WO2001080149A2 PCT/US2001/040552 US0140552W WO0180149A2 WO 2001080149 A2 WO2001080149 A2 WO 2001080149A2 US 0140552 W US0140552 W US 0140552W WO 0180149 A2 WO0180149 A2 WO 0180149A2
Authority
WO
WIPO (PCT)
Prior art keywords
mformation
user
wherem
demographic
digital certificate
Prior art date
Application number
PCT/US2001/040552
Other languages
French (fr)
Other versions
WO2001080149A3 (en
Inventor
Brett B. Stewart
James W. Thompson
Original Assignee
Wayport, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wayport, Inc. filed Critical Wayport, Inc.
Priority to AU2001255859A priority Critical patent/AU2001255859A1/en
Publication of WO2001080149A2 publication Critical patent/WO2001080149A2/en
Publication of WO2001080149A3 publication Critical patent/WO2001080149A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising

Definitions

  • TITLE SYSTEM AND METHOD FOR MANAGING USER DEMOGRAPHIC INFORMATION USING DIGITAL CERTIFICATES
  • This invention relates generally to network communications, and more specifically to the management of user demographic information, such as the provision of infomediary services, usmg digital certificates and concepts of paired key cryptology
  • Electronic commerce or Internet commerce has become an mcreasmgly popular form of commerce m the United States and throughout the world
  • electronic commerce or Internet-based commerce often referred to as e-commerce
  • e-commerce provides vendors and service providers the ability to greatly increase their sales channel and distribution network with minimal cost
  • An electronic commerce site provides a convenient and effective mechanism for potential customers to use, select and purchase products m an easy and simple fashion
  • An infomediary can be defined as a busmess or company which helps customers to capture and maximize the value of their personal demographic information, possibly allowing customers to manage their personal data for financial benefit
  • infomediary can be defined as a busmess or company which helps customers to capture and maximize the value of their personal demographic information, possibly allowing customers to manage their personal data for financial benefit
  • new methods are desired for enablmg customer demographic data to be tracked and recorded while still allowing customers management and control over this data, mcludmg the ability of customers to selectively decide whether to release this data to third parties
  • Digital certificates are a very useful tool for Internet transactions
  • a digital certificate may reside in a client computer and may be used to identify the client computer
  • digital certificates are used to authenticate users and perform secure transactions
  • the client computer may transmit its digital certificate to the web server
  • user access to a web site may require registration and the use of passwords by users accessmg the site, which is generally inconvenient
  • a user typically receives different passwords and user ID information from different providers, and users may often times forget their individual passwords and IDs
  • digital certificates solve many of the problems associated with requiring registration and the use of passwords Therefore, digital certificates are useful for performing secure electronic commerce (e-commerce) transactions, and may be used to uniquely identify users.
  • e-commerce secure electronic commerce
  • This unique identification may allow an Internet-based busmess gather information about customers in order to customize their access to a given web site.
  • digital certificates allows a web site to restrict access, mcludmg the ability to allow different users different levels of access.
  • a digital certificate may also allow for the mstant authentication of a user without requiring the use of a user name or password.
  • Digital certificates utilize an encryption technology known as public/private key technology
  • a key is a unique encryption device, and no two keys are the same. This allows a given key to be used to identify its owner Keys function m pairs, where one key within the pair is referred to as the public key, while the other key is referred to as the p ⁇ vate key.
  • a user thus has both a public key and a private key. The user may provide his public key to various trusted entities, but keeps the p ⁇ vate key secure.
  • public keys may be distributed freely to any end user who wishes to conduct secure transactions with the distributing user or web site, while a pnvate key may be stored exclusively on a computer or server of the distnbuting user or web site.
  • Each user also maintains a list of public keys of other users for use in sendmg encrypted email.
  • the third party first must have that recipient's public key
  • the third party uses the recipient's public key to encrypt the message, and provides the encrypted message to the recipient.
  • the recipient of the message then uses his p ⁇ vate key to decrypt the message.
  • the public key of a user may encrypt information to be transmitted across the Internet to the user, and only the co ⁇ espondmg private key of the user may decrypt this information.
  • a pnvate key may encrypt information to be transmitted across the Internet, and only the corresponding public key may decrypt this information.
  • the digital certificate When a digital certificate is installed on the client computer of the end user, the digital certificate stores non-mutable or non-changeable information from the provider. If a server computer wishes to exchange information with the client computer of an end user, the server computer may access the digital certificate stored on the client computer, which contains the information from the certificate provider.
  • the server computer uses its public key to ensure the contents of the certificate are valid and un-modified, and may also validate the identity of the end user and to encrypt the information to be shared. Encryption may be accomplished usmg Secure Sockets Layer (SSL) technology
  • Subscriber based services may include Internet service providers, onlme services, and other types of information or service providers.
  • One embodiment of the present mvention comprises an improved system and method for enablmg users to more efficiently manage and control user demographic data m an information network, such as the Internet.
  • the present mvention may also comp ⁇ se an improved system and method for providmg infomediary services
  • the system may compnse a network, wherein a plurality of providers, such as information providers and service providers, may be coupled to the network.
  • the network may be a wired network, a wireless network, or a combmation.
  • One or more databases may also be coupled to the network which mclude demographic information of vanous users, such as one or more of identity information, contact information, profile information, sponsorship information, class transaction information, purchasmg habits, credit card usage, preferences and past activmes among others Users mav operate computing devices, e g , computers, personal digital assistants, etc , to access the network for information and services
  • the demographic information stored m the one or more databases on the network is not usable or accessible by third parties for providmg information to the vanous users
  • each of the computing devices operated by vanous users mcludes a digital certificate which may store access information for enablmg use of the respective user's demographic information
  • a user may use the stored digital certificate to manage access to the user s demographic data stored m the database
  • the users' computmg device may present the respective user's digital certificate to the database to enable use of the user's demographic information by third party providers
  • the user may provide his/her respective digital certificate to a provider coupled to the network When the provider receives the digital certificate the provider may then present the digital certificate to the database to enable access and use of the respective user's demographic information, e g , for targeted advertising etc
  • the user demographic information stored on the database is intelligible and accessible to third-party providers, but no user association is maintained with respect to the demographic information
  • the digital certificate may store identify information and other access information and operates to associate the respective user of the digital certificate with his her corresponding demographic information
  • presentation of the digital certificate to the database operates to associate the user with his respective demographic information
  • This embodiment may allow third-party providers to provide vanous targeted information or services to users, wherem the demographic information of the users is known, but the specific identities of respective users is unknown to the provider
  • the user can then provide his/her digital certificate m response to acceptance of the offer, e g , to purchase an advertised product
  • provision of the digital certificate allows the user s identity to be associated with the user's demographic information
  • each user's digital certificate may include access information, such as a decryption key, password or other mechanism, which operates to render the respective user s demographic information intelligible
  • the demographic information stored in the database may be encrypted usmg a first key, e g , a public key, and the digital certificate may mclude a second key, e g , a p ⁇ vate key wherem this private key is required to decrypt the respective user's demographic information
  • the demographic information stored m the database is unintelligible to providers, and the user first presents his/her digital certificate to the database, or to a provider, to render the demographic information intelligible and hence useful by a third- party provider This provides the user with greater control over his/her demographic data
  • the identity of the user may become known to the provider when the user presents his/her digital certificate Alternatively, the identity of the user may still remain anonymous,
  • the digital certificate itself may store a portion of the user's demographic data, such as sponsorship mformation, mcludmg information regardmg programs or entities m which the mobile user is a member or is affiliated
  • the digital certificate may be configured to selectively allow different levels of access to the user's demographic information, e g , depending on the trust level ascnbed to the provider
  • the demographic mformation or the access level mformation may be stored m extensions withm the digital certificate
  • each user's demographic mformation is stored and mamtamed on the database, perhaps by an infomediary, and this mformation is possibly not usable, not accessible, or unintelligible, by third-party providers without the user providmg express permission for transfer of the digital certificate stored on the respective user's computing device
  • the user is a mobile user (MU), also referred to as a subscnber, who may access the network service through a portable computmg device (PCD) usmg a wireless (or wired) network interface card
  • Access pomts (APs) for the network may be widely dist ⁇ aded m vanous facilities, such as airports, mass-transit stations, and vanous busmesses, such as coffee shops or restaurants at an airport When m sufficiently close range to an access pomt, the PCD may access the service through the network card
  • the APs are arranged at known geographic locations and may provide geographic location mformation regardmg the geographic location of the mobile user (MU)
  • a digital certificate may be stored on the mobile user's PCD When accessmg the network, the digital certificate may be selectively provided by the user to selectively enable access by providers to the user's demographic mformation stored on the network, or other mformation such as billing/charging information
  • Figure 1A is a block diagram of one embodiment of a wireless network communication system incorporating the present mvention
  • Figure 2 is a block diagram of one embodiment of a computer system of a provider
  • Figure 3 is a flowchart diagram of one embodiment of a method of allowing access to demographic mformation m a network usmg an improved infomediary model
  • Figure 1 illustrates a simplified and exemplary network system accordmg to one embodiment of the present invention.
  • the network system may be used for general mformation access and/or electronic commerce (e- commerce) or Internet commerce.
  • the embodiment illustrated in Figure 1 includes one provider server 102, one database server 108 and one client system 106, which each may be coupled to a network 104 such as the Internet.
  • the present mvention may be utilized with respect to any number of provider servers 102, database servers 108 and client systems 106
  • the provider who maintains the provider server 102 may offer one or more of mformation, content or products over network 104, such as the Internet.
  • the provider may offer advertising content, such as targeted advertising, to clients over the network 104.
  • the provider may also be a vendor who offers products, for sale over network 104, such as the Internet, and preferably maintains the provider server 102 as an e-commerce server 102.
  • e-commerce vendor is Amazon.com, which sells books and other items over the Internet.
  • the provider may offer any of vanous types of goods or services over the network 104, wherem services offered mclude any of various types of mformation or content, as well as services such as financial services, etc.
  • the provider server 102 may be connected to a network 104, preferably the Internet 104.
  • the Internet 104 is currently the primary mechanism for performing electronic commerce.
  • the network 104 may be any of vanous types of wide-area networks, local area networks, or networks of networks, such as the Internet, which connects computers and networks of computers together.
  • the network 104 may be any of vanous types of networks, mcludmg wired and wireless networks, or combmations thereof.
  • the network 104 may mclude or be coupled to other types of communications networks, (e.g , other than the Internet) such as the public switched telephone network (PSTN), among others.
  • PSTN public switched telephone network
  • the database server 108 may also be connected to the network 104
  • the database server 108 may be maintained by a provider, or by a third party "mfomediary"
  • the database server 108 may store demographic mformation for a plurality of different users
  • the demographic mformation of a first user stored on the database server 108 is not useable by a provider for providmg mformation (e g , content) to the first user without a digital certificate provided from the first user
  • the demographic information of a first user stored on the database server 108 is not associable to the first user without a digital certificate provided from the first user
  • the demographic mformation of a first user compnsed m the database is unintelligible, e g , is encrypted, and the digital certificate provided from the first user is necessary to decrypt this mformation
  • the database server 108 may be operated or maintained by a third party, which may be referred to as an "mfomedia
  • the term "demographic mformation” m cludes one or more of identity mformation, contact mformation, profile information, sponsorship mformation, past transaction information, purchasing habits, credit card usage, restaurant or hotel preferences, rental car preferences, past activities, and past commercial activities, among other types of customer or user data
  • profile mformation mcludes one or more of age, weight, mcome level, residence location, and travel history, among other types of mformation
  • response mformation includes one or more of mformation regardmg memberships of the user, information regardmg mcentive programs m which the user is a member, and mformation regardmg entities m which the user is affiliated, among others
  • sponsorship mformation may include mformation regardmg frequent flier program memberships (e g , the Amencan Airlines Advantage Program), rental car mcentive programs (e g .
  • the demographic mformation thus may take anv of vanous forms
  • Client system 106 may also be connected to the network 104
  • the client system 106 is also referred to herem as a "computmg device"
  • the client system or computmg device 106 may be of vanous kinds of systems such as a computer system, a network appliance, an Internet appliance, a Personal Digital Assistant (PDA), WebTV, telephone, two way pager, etc
  • the client system 106 may execute web browser software for allowing a user of the client system 106 to browse and/or search the Internet 104, as well as enablmg the user to conduct transactions or commerce and/or receive information or content over the Internet 104
  • the web browser software in client computer system 106 may optionally utilize a 64-bit or 128-bit encryption technology to securely communicate with the provider server 102
  • the web browser software preferably accesses the Web site of the respective provider server 102.
  • the client system 106 of a first user may store a digital certificate which is used m managmg or controlling access to the first user's demographic mformation compnsed m the network, e.g., stored m the database 108.
  • the digital certificate stored on the client system 106 of the first user mcludes access mformation for enablmg access to or use of the first demographic information by a provider, e.g., m providmg mformation or content to the user.
  • the digital certificate may also mclude an identity of the user, as well as other information. For example, the digital certificate may compnse a portion of the user's demographic mformation.
  • access charges for access to the network may be computed based on mformation, such as chargmg mformation and or sponsorship mformation, compnsed m the user's digital certificate.
  • mformation such as chargmg mformation and or sponsorship mformation
  • digital certificate is mtended to encompass any of vanous types of data structures which are used for gammg access to network resources
  • the computmg device 106 may be operable to present its digital certificate to the database server 108 or to the provider 102, wherem the user ' s provision of the digital certificate may enable one or more uses of the demographic mformation of the user compnsed in the database 108
  • the user's provision of the digital certificate may enable a provider to provide targeted content or mformation, e.g., advertising or mducements, to the computmg device 106 of the user.
  • the user's provision of his/her digital certificate may also or mstead operate to associate the user with the corresponding demographic information and/or render the demographic mformation intelligible, e g., decrypted.
  • the demographic lnformanon of a user is not associable to the user without the first digital certificate, and the respective user's digital certificate compnses access mformation for associating the user with his/her demographic information.
  • the user ' s provision of his her digital certificate may also or mstead operate to associate the user with his/her corresponding demographic information.
  • the demographic information of a user comprised m the database is unintelligible, e.g., is encrypted, and the digital certificate of the respective user contams the "key" necessary to decrypt the demographic information.
  • presentation of the respective user ' s digital certificate to the database 108 renders the user's demographic mformation intelligible or unencrypted.
  • the demographic mformation of a user comprised m the database may be encrypted usmg a first key, and the digital certificate of the respective user may include a second key, wherem the second key from the user's digital certificate is used to decrypt the user's demographic mformation.
  • the computmg device 106 may present the digital certificate directly to the database server 108.
  • the provider server 102 may receive the digital certificate from the computing device 106 and then present the digital certificate to the database server 108
  • presentation of the digital certificate to the database server 108 may enable use of or access to the demographic mformation of the user compnsed in the database server 108.
  • a user's digital certificate may compnse access information for enablmg use of or access to the user's demographic mformation. and provision of the digital certificate enables use of or access to the demog ⁇ aph ⁇ c mformation of the user compnsed m the database
  • the user may receives some type of financial benefit m return for provision of the first digital certificate.
  • the provider may take vanous actions m response to gammg access to the user's demographic information.
  • the provider server 102 may provide mformation or content to the user based on the demographic mformation.
  • the provider server 102 may use the demographic mformation to select or generate targeted advertising, mducements. offers, etc. to the user.
  • Database Server 108 Provider Server 102 and Client System 106
  • the database server 108, the provider server 102, and the client system 106 may each mclude vanous standard components such as one or more processors or central processmg units, one or more memory media, and other standard components, e.g., a display device, mput devices, a power supply or batte ⁇ es, etc.
  • the provider server 102 and the database server 108 may also each be implemented as two or more different computer systems.
  • One or more of the database server 108, the provider server 102, and/or the client system 106 may each mclude a memory medium on which computer programs or data (e g., a digital certificate) accordmg to the present mvention may be stored.
  • the term "memory medium" is intended to mclude vanous types of memory or storage, mcludmg an installation medium, e g., a CD-ROM, or floppy disks, a computer system memory, e.g . random access memory (RAM), such as DRAM, SRAM, EDO RAM, Rambus RAM. etc., or a non-volatile memory such as a magnetic media, e.g., a hard drive, or optical storage.
  • RAM random access memory
  • the memory medium may compnse other types of memory as well, or combmations thereof.
  • the memory medium may be located m a first computer m which the programs are executed, or may be located m a second different computer which connects to the first computer over a network. In the latter mstance, the second computer provides the program instructions to the first computer for execution.
  • the servers 102 and/or 108 may take vanous forms, mcludmg a computer system, mainframe computer system, workstation, or other device.
  • the term "computer system” or "server” can be broadly defined to encompass any device havmg a processor that executes instructions from a memory medium.
  • the memory mediums on each of the database server 108, the provider server 102, and/or the client system 106 may store software or data to enable users to manage and/or control their demographic information m a network system according to the methods or flowcharts descnbed below
  • the software programs may be implemented in any of various ways.
  • the digital certificate may have any of vanous forms.
  • a CPU. such as the host CPU, executmg code and data from a memory medium compnses a means for implementing the network system descnbed herem.
  • Vanous embodiments further mclude receivmg or storing instructions and/or data implemented in accordance with the foregomg descnption upon a earner medium
  • Suitable earner media mclude memory media or storage media such as magnetic or optical media, e.g., disk or CD-ROM, as well as signals such as electncal, electromagnetic, or digital signals, conveyed via a communication medium such as networks and or a wireless link.
  • FIG. 1 A - Wireless Network Communication System
  • FIG. 1A shows one embodiment of an exemplary wireless network communication system 100A.
  • the wireless network communication system 100A may mclude a portable computmg device (PCD) 106A with a wireless connection 1 1 1 (e.g , an antenna) m communication with a wireless access pomt (AP) 120 havmg a wireless connection 121 (e g , an antenna)
  • the AP 120 may be coupled to a provider 102 and a management mformation base (MLB) 150 through network 104
  • the network 104 may compnse a wired network, a wireless network or a combmation of wired and wireless networks
  • the network communication svstem 100A may be geographic -based In other words, the network communication system 100A may provide mformation and/or services to the MU based at least partly on the known geographic location of the MU, e g , as indicated by the access pomts 120 or as indicated by geographic mformation (e g , GPS mformation) provided from the PCD 106A
  • geographic mformation e g , GPS mformation
  • the wireless communication system 100 A may mclude a plurality of wireless access pomts 120, a plurality of providers 102, and or a plurality of MIBs 150 Access pomts (APs) for the network may be widely distnaded m various facilities, such as airports, mass-transit stations, shoppmg malls, and other busmesses, such as coffee shops or restaurants at an airport
  • the PCD 106A may access the network through, for example, a wireless network card
  • the APs 120 are arranged at known geographic locations and may pro ⁇ ide geographic location mformation regardmg the geographic location of the mobile user (MU) or the PCD 106A
  • the PCD 106A may provide geographic location mformation of the PCD 106A through the AP 120 to the network 130
  • the PCD 106A may mclude GPS (Global Positioning System) equipment to enable the PCD 106A to provide its geographic location through the AP 120 to the network 130
  • GPS Global Positioning System
  • the service providers 140 and MIBs 150 each may compnse a computer system coupled to the network 130
  • the netwoik 130 may comprise one or more wired or wireless local area networks and/or one or more wide area networks (e g , the Internet)
  • Each service provider 102 may mclude one or more computers or computer systems configured to provide goods, mformation, and/or services as appropnate for the service provider
  • the one or more service providers 102 may connect to network 104 m a wired or wireless fashion
  • the one or more MIBs 150 may be compnsed m a provider 102
  • the wireless communication may be accomplished m a number of ways
  • PCD 106A and wireless AP 120 are both equipped w ith an appropnate transmitter and receiver compatible in power and frequencv range (e g , 2 4GHz) to establish a wireless communication link (e g , wireless connection 111 and wireless connection 121, respectively)
  • Wireless communication may also be accomplished through cellular, digital, or infrared communication technologies, among others
  • the MU may also be equipped with a code generator that generates an identification code that may be transmitted to and recognized by the wireless AP 120 This identification code may then be relayed to different service providers 102 and/or MIB 150 that are coupled to wireless AP 120 via network 104
  • Such an identification code may utilize recognition of a MU before providmg access to system services, thereby providmg a measure of security and a service billing mechanism
  • the PCD 106A may selectively provide a digital certificate or other data to selectively enable
  • the system 100 may be a wired network communication system or a hybnd (wired and wireless) network communication system
  • mcludmg vanous embodiments of the access pomts 120 and the PCD 106A please see U S Patent Nos 5,835,061 and 5,969,678, and U S patent application Serial No 09/433,817 which are hereby incorporated by reference as though fully and completely set forth herem
  • the computmg device or client system 106 may be any of vanous types of devices, mcludmg a computer system, such as a portable computer, a personal digital assistant (PDA), an Internet appliance, a communications device, such as a cellular phone, digital wireless telephone or other wired or wireless device
  • the computmg device 106 may mclude vanous wireless or wired communication devices, such as a wireless Ethernet card, cellular telephone logic, paging logic, RF communication logic, a wired Ethernet card, a modem, a DSL device, an ISDN device, an ATM device, a parallel or serial port interface, or other type of communication device
  • the computmg device 106 preferably mcludes a memory medium which stores a digital certificate
  • the digital certificate may also be referred to as a personal certificate
  • the digital certificate may be stored m a web browser of the personal computmg device 110
  • the digital certificate may compnse a reference or cookie to the user s demographic mformation, which may be kept on a separate serv er, e g , the database server 108
  • the references or cookies may take the form of a URL, a pointer, an IP address, or other reference or cookie
  • the digital certificate stored on the client system or computmg device 106 m cludes access mformation for rendering the respective user's demographic mformation useable, accessible, or intelligible
  • the access mformation may be stored in extensions within the digital certificate, such as non-cntical extensions
  • the access mformation may take any of various forms Where the demographic information is stored m an encrypted format on the database server 108, the access mformation may comprise a "key" or other data for decrypting the mformation In general, the access mformation may compnse some type of data which may operate to effectively "unlock" the demographic information or make the demographic mformation useable or accessible m some way
  • the digital certificate may also store vanous other information, such as chargmg mformation of the user or sponsorship information of the user.
  • vanous other information such as chargmg mformation of the user or sponsorship information of the user
  • the sponsorship mformation and/or chargmg mformation may also be stored in extensions within the digital certificate, such as non-cntical extensions of the digital certificate
  • Figure 2 is an exemplary block diagram of one embodiment of a database server 108
  • the database server 108 may take any of vanous forms, and Figure 2 is exemplary only
  • the database server 108 may compnse a processor 310 coupled to a system bus 330
  • Processor 310 may be any of several different processors
  • a database 325 and memory 320 may also be coupled to the system bus 330
  • the database 325 preferably stores user demographic mformation of a plurality of users
  • System bus 330 may be coupled to I/O bus 335
  • Network interface 340 may also be coupled to I O bus 335
  • System bus 330 and I/O bus 335 may be coupled to other devices, such as a display
  • the demographic mformation of the plurality of users is preferably stored m a manner where the demographic mformation of a user is not useable or accessible to providers without bemg paired with the corresponding user's digital certificate This allows each user a manner of control or management of his/her respective demographic mformation
  • the demographic mformation is stored m an encrytped format, and the digital certificate from the corresponding user is required to decrypt the demographic mformation
  • the demographic mformation is stored in a normal readable format.
  • the database server 108 may be configured to provide the demographic mformation of a user m an encrypted or unintelligible format unless the user's digital certificate has been provided.
  • Database server 108 may be operable to receive a digital certificate from a client system 106 of a user and extract vanous mformation from the digital certificate, such as a user identification and the access information. The access information may then be used for enablmg access to the user's demographic mformation.
  • the database 325 may store vanous types of mformation, such as demographic mformation of users, chargmg mformation of users, and or other information.
  • the digital certificate may make this other mformation accessible as well.
  • the database 325 may store user demographic mformation that may only be available to registered network users or registered network providers usmg an access code or access mformation that has been approved by the user.
  • the database 325 may selectively store user mformation, based on a permission received from the respective user. This mformation may be selectively provided by the database 325, upon the approval of the user as mdicated by provision of a digital certificate of the user
  • the database server 325 may act as an mfomediary for users
  • the processor 310 may use this access mformation m the digital certificate to access the respective user ' s demographic mformation from the database 325
  • the processor 310 may also access other information from the database 325, such as chargmg or usage mformation.
  • This demographic mformation may be used by a provider, possibly m conjunction with geographic location mformation of the client system 106, to provide targeted services or mformation (e.g., advertising mformation) to the user.
  • the provider computer 102 may receive mformation or service requests from network 104, determine what mformation fulfills each request, and make the information available to the user over the network 104.
  • the database server 108 may also store chargmg mformation used for chargmg the user for network access.
  • the chargmg mformation may include information regardmg participation m vanous mcentive programs which may affect network access chargmg, e.g., programs which offer a limited time pe ⁇ od of free or reduced charge network access.
  • the chargmg mformation may also mclude mformation regardmg an amount of available network access usage, e g,, a time amount, a dollar amount, or an amount of accrued "points". For example, the amount of "pomts" may mdicate an amount of network usage available to the user.
  • Figure 3 is a flowchart diagram illustrating operation of allowing access to demographic mformation m a network using an improved infomediary model
  • the client system or computmg device 106 mcludes a digital certificate stored m the memory of the computmg device 106.
  • the digital certificate may store mformation need for user authentication and security on the network.
  • the digital certificate may also store access mformation, as descnbed above, for selectively allowing access to the user's demographic data.
  • the digital certificate may also store references to other information, such as demographic mformation of the user, chargmg mformation of the user, or other mformation
  • the network access method of the present mvention may be operable to receive and use the digital certificate for authentication and secunty, as well as for enablmg access to the user's demographic mformation.
  • the system and method may extract and use mformation stored m the digital certificate, possibly m conjunction with geographic location mformation of the user and other mformation, to provide an improved mfomediary service.
  • Vanous providers on the network 104 may be allowed by the user to gam access to the user's demographic information, as mdicated by the user's provision of his her digital certificate The providers may use this demographic mformation, possibly m con uncnon with geographic location mformation of the user and/or other mformation, to provide various targeted services or information to the user.
  • m step 202 the user connects to the network 104 (e.g., to an access pomt of the network).
  • the user may connect to the Internet from his/her home or office
  • the user may be walking m an airport with a portable computmg device and may connect m a wireless fashion to an access pomt located at the airport.
  • the user may enter a hotel room and connect to an Ethernet port m his/her room which is connected to the network.
  • the user may connect to the network 104 m a wired or wireless fashion.
  • the computmg device 106 of the user may optionally transmit identification mformation (ID information) to the network or to the access pomt (AP) of the network.
  • ID information may take any of various forms.
  • the identification mformation compnses a digital certificate which contams various identification or authentication mformation
  • the identification mformation compnses a MAC (media access controller) ID which is compnsed on a wired or wireless Ethernet card of the personal computmg device used by the user.
  • the identification mformation compnses an 802.11 (wireless Ethernet) System ID (SID).
  • the identification mformation may identify the user without "giving away” the user's identity (e g , "anonymous identification”).
  • the MAC ID or SID may be used to reference the proper demographic mformation, without mdicatmg the actual identity or name of the user associated with this demographic information.
  • the identification information may compnse other types of mformation, e.g., more secure identification, as desired.
  • the network provider may examine and validate the received identification mformation, e.g., the certificate, MAC ID, the 802.11 System ID, or other identification information.
  • the identification information may be accompanied by a password or other type of mformation.
  • the identification mformation may also be compnsed in a digital certificate, which may be different than the digital certificate used to grant access to the user's demographic mformation.
  • Steps 204 and 206 may be performed where the user is connecting through a propnetary (third party) network 104 or through a propnetary portion of the network 104, or through an ISP.
  • steps 204 and 206 may be performed where the user is connecting through a propnetary portion of the network 104, e.g., where the user is a mobile user connecting to a propnetary wireless network for Internet access, or possible connecting through a third party ISP (Internet service provider)
  • ISP Internet service provider
  • geographic location mformation may be transmitted to the network.
  • the access pomt 120 to which the user has connected may transmit known geographic location mformation to the network (e.g., an mformation provider on the network).
  • the user ' s computmg device 106 may transmit geographic location information usmg GPS technology or other means
  • this known geographic location mformation of the user may be used to provide mformation or services to the user which are dependent upon the geographic location of the user.
  • vanous tasks as is well known.
  • the user may access vanous web sites to read or review vanous content such as travel mformation, weather mformation, stock market mformation, news or any of other vanous types of content.
  • the user may also initiate purchase of vanous products, e.g., goods or services, available on electronic commerce sites, as is well known.
  • Vanous providers may desire to access the demographic mformation of vanous users for commercial purposes. For example, providers may desire access to users' demographic mformation to provide targeted advertismg or mducements over the Internet or to provide vanous advertismg mailings, etc. Thus, m step 212 a provider may transmit a request to access demographic mformation to a user.
  • the provider may transmit the request directly to the user to ask the user whether the provider can access that respective user ' s demographic mformation.
  • the user i.e., the client system 106 of the user, may receive and evaluate the request. If the user decides to provide the requesting provider access to the user's demographic mformation in step 216, then in step 218 the client system 106 of the user may transmit its respective digital certificate to grant the requested access to the user's demographic information. Alternatively, the client system 106 may direct another computer to provide the digital certificate.
  • the user may provide the digital certificate to the provider, wherem the provider may then forward the digital certificate to the database 108 to gam access to the user's demographic mformation.
  • the user or another computer may provide the digital certificate directly to the database 108, perhaps accompanied with or mcludmg a cookie or other reference to the respective provider whose request has been granted.
  • the provision of the digital certificate to the database 108 operates to enable access to or use of the respective user's demographic mformation.
  • the user may provide the digital certificate with an access level or pnvilege level incorporated m the certificate, wherem this access level indicates the amount of the user's demographic information to which the provider may have access.
  • the provider may then access the user's demographic mformation and use this mformation for vanous purposes, such as providmg targeted advertismg mducements or offers to the user.
  • m step 224 the provider provides various content or services to the user based on the demographic mformation.
  • a provider who gams access to a respective user's demographic mformation may then incorporate a preset or pre-determined discount to the user who granted the providers request, this discount forming an mcentive to the user to grant access to the user's demographic mformation to the provider.
  • the discount may also be based on the access level or pnvilege level provided in the user's digital certificate.
  • the client system 106 may provide a message to the provider mdicatmg that the demographic mformation of the user is not available or accessible to that provider.
  • the provider may then optionally provider a greater incentive or mducement to the user for the user to release his/her demographic mformation.
  • each of the users who have demographic mformation stored or collected on the database 108 may have previously transmitted their respective digital certificates to the respective infomediary who maintains the database 108, accompanied with directions or instructions as to when the respective user consents to a provider's request to access the demographic information
  • respective users may require certain discounts or financial mcentives from providers before they will grant access to this demographic mformation
  • the database server 108 mamtams user demographic mformation for a plurality of users, and mamtams a corresponding digital certificate for each of the respecnve users, wherem the digital certificate contains the necessary access mformation for enablmg access to or use of the user demographic mformation, and further the database 108 may mamtam instructions from each of the respective users which specify c ⁇ tena for granting access to the respective user's mformation to providers
  • the provider transmits request access demographic mformation, wherem the request is made directly to the mfomediary who mamtams the database server 108
  • the mfomediary may receive and evaluate the request based on the user's previously specified instructions as to when to provide demographic mformation to providers
  • the mfomediary may retneve the user's c ⁇ te ⁇ a for releasmg this mformation such as types and or kmds of providers, types of products offered, type and/or amount of discount offered, etc
  • users may be treated as groups or classes, and the mfomediary may selectively allow access to demographic mformation of respective groups or classes of users based on vanous cntena or financial incentives offered to the group or class of users This may allow the infomediary to aggregate users, or allow the users to aggregate themselves, to negotiate higher discounts or greater mcentives for access to their collective demographic information
  • the infomediary may retneve the digital certificate stored m its database or from the user's client system 106 and use the certificate to enable access to the demographic mformation m step 220 The provider may then access the demographic information of the user(s) m step 222
  • the infomediary determines to not provide access as determined m step 216, then in step 232 the mfomediary provides a message to the provider mdicatmg that the demographic information of the user is not available or accessible to that provider The provider may then optionally provider a greater mcentive or mducement to the user, or group of users, for the mfomediary to release this demographic mformation
  • the infomediary may thus negotiate on behalf of the group of users to obtam the best discounts, incentives, or mducements to release demographic mformation of the users

Abstract

A system and method for enabling users to more efficiently manage and control user demographic data in an information network, such as the Internet, including provision of infomediary services. The system may comprise a network, wherein a plurality of providers, such as information providers and service providers, may be coupled to the network. One or more databases may also be coupled to the network which include demographic information of various users. Users may operate computing devices to access the network for information and services. The demographic information stored in databases on the network is not usable or accessible by third parties for providing information to the various users. Each of the computing devices operated by various users may include a digital certificate which may store access information for enabling use of the respective user's demographic information. Thus, a user may use the stored digital certificate to manage access to the user's demographic data stored in the database. A user may selectively provide a digital certificate to the database, or a provider, to selectively allow access to the respective user's demographic data.

Description

TITLE: SYSTEM AND METHOD FOR MANAGING USER DEMOGRAPHIC INFORMATION USING DIGITAL CERTIFICATES
BACKGROUND OF THE INVENTION
1 Field of the Invention
This invention relates generally to network communications, and more specifically to the management of user demographic information, such as the provision of infomediary services, usmg digital certificates and concepts of paired key cryptology
2 Descπption of the Relevant Art
Electronic commerce or Internet commerce has become an mcreasmgly popular form of commerce m the United States and throughout the world In general, electronic commerce or Internet-based commerce, often referred to as e-commerce, provides vendors and service providers the ability to greatly increase their sales channel and distribution network with minimal cost An electronic commerce site provides a convenient and effective mechanism for potential customers to use, select and purchase products m an easy and simple fashion
The Internet has dramatically changed many types of business practices and busmess models Many busmesses attempt to capture customer information and use this information for commercial purposes For example, vanous busmesses operate to track, record and sell customer information for personal gam, mcludmg personal data about customers such as buying habits, income levels, credit card usage etc The result to consumers is typically large amounts of unwanted junk mail, unwelcome advertising and solicitations A relatively new concept m Internet busmess models is referred to as an "infomediary" (information intermediary) An infomediary can be defined as a busmess or company which helps customers to capture and maximize the value of their personal demographic information, possibly allowing customers to manage their personal data for financial benefit In order to support the business model of an infomediary, new methods are desired for enablmg customer demographic data to be tracked and recorded while still allowing customers management and control over this data, mcludmg the ability of customers to selectively decide whether to release this data to third parties In general, it would be very desirable to provide customers or users with an improved mechanism for managing and controlling their personal customer data, while still allowing selective access to this data by vanous third party providers
Background on digital certificates is deemed appropπate Digital certificates are a very useful tool for Internet transactions A digital certificate may reside in a client computer and may be used to identify the client computer In general, digital certificates are used to authenticate users and perform secure transactions When a client or user accesses a web site, the client computer may transmit its digital certificate to the web server Without the use of digital certificates, user access to a web site may require registration and the use of passwords by users accessmg the site, which is generally inconvenient For example, a user typically receives different passwords and user ID information from different providers, and users may often times forget their individual passwords and IDs Thus, digital certificates solve many of the problems associated with requiring registration and the use of passwords Therefore, digital certificates are useful for performing secure electronic commerce (e-commerce) transactions, and may be used to uniquely identify users. This unique identification may allow an Internet-based busmess gather information about customers in order to customize their access to a given web site. For example, the use of digital certificates allows a web site to restrict access, mcludmg the ability to allow different users different levels of access. A digital certificate may also allow for the mstant authentication of a user without requiring the use of a user name or password.
Digital certificates utilize an encryption technology known as public/private key technology A key is a unique encryption device, and no two keys are the same. This allows a given key to be used to identify its owner Keys function m pairs, where one key within the pair is referred to as the public key, while the other key is referred to as the pπvate key. A user thus has both a public key and a private key. The user may provide his public key to various trusted entities, but keeps the pπvate key secure. Thus, public keys may be distributed freely to any end user who wishes to conduct secure transactions with the distributing user or web site, while a pnvate key may be stored exclusively on a computer or server of the distnbuting user or web site. Each user also maintains a list of public keys of other users for use in sendmg encrypted email. When a third party desired to send an encrypted message to a recipient, the third party first must have that recipient's public key The third party uses the recipient's public key to encrypt the message, and provides the encrypted message to the recipient. The recipient of the message then uses his pπvate key to decrypt the message. Thus the public key of a user may encrypt information to be transmitted across the Internet to the user, and only the coπespondmg private key of the user may decrypt this information. Alternatively, a pnvate key may encrypt information to be transmitted across the Internet, and only the corresponding public key may decrypt this information.
When a digital certificate is installed on the client computer of the end user, the digital certificate stores non-mutable or non-changeable information from the provider. If a server computer wishes to exchange information with the client computer of an end user, the server computer may access the digital certificate stored on the client computer, which contains the information from the certificate provider. The server computer uses its public key to ensure the contents of the certificate are valid and un-modified, and may also validate the identity of the end user and to encrypt the information to be shared. Encryption may be accomplished usmg Secure Sockets Layer (SSL) technology
Digital certificates are particularly useful for providmg access to network services in subscnber based services. Subscriber based services may include Internet service providers, onlme services, and other types of information or service providers.
SUMMARY OF THE INVENTION
One embodiment of the present mvention comprises an improved system and method for enablmg users to more efficiently manage and control user demographic data m an information network, such as the Internet. The present mvention may also compπse an improved system and method for providmg infomediary services
The system may compnse a network, wherein a plurality of providers, such as information providers and service providers, may be coupled to the network. The network may be a wired network, a wireless network, or a combmation. One or more databases may also be coupled to the network which mclude demographic information of vanous users, such as one or more of identity information, contact information, profile information, sponsorship information, class transaction information, purchasmg habits, credit card usage, preferences and past activmes among others Users mav operate computing devices, e g , computers, personal digital assistants, etc , to access the network for information and services
In the preferred embodiment, the demographic information stored m the one or more databases on the network is not usable or accessible by third parties for providmg information to the vanous users Preferably, each of the computing devices operated by vanous users mcludes a digital certificate which may store access information for enablmg use of the respective user's demographic information Thus, a user may use the stored digital certificate to manage access to the user s demographic data stored m the database For example, the users' computmg device may present the respective user's digital certificate to the database to enable use of the user's demographic information by third party providers As another example, m one embodiment the user may provide his/her respective digital certificate to a provider coupled to the network When the provider receives the digital certificate the provider may then present the digital certificate to the database to enable access and use of the respective user's demographic information, e g , for targeted advertising etc
In one embodiment, the user demographic information stored on the database is intelligible and accessible to third-party providers, but no user association is maintained with respect to the demographic information Thus the providers can access and use the demographic information, without knowledge of the identities of the users In this embodiment, the digital certificate may store identify information and other access information and operates to associate the respective user of the digital certificate with his her corresponding demographic information Thus, presentation of the digital certificate to the database operates to associate the user with his respective demographic information This embodiment may allow third-party providers to provide vanous targeted information or services to users, wherem the demographic information of the users is known, but the specific identities of respective users is unknown to the provider As one example, if the user chooses to respond to a provider's offer or accept information from the user, the user can then provide his/her digital certificate m response to acceptance of the offer, e g , to purchase an advertised product As mentioned above, provision of the digital certificate allows the user s identity to be associated with the user's demographic information
In another embodiment, the user demographic information stored m the database is unintelligible or encrypted In this embodiment, each user's digital certificate may include access information, such as a decryption key, password or other mechanism, which operates to render the respective user s demographic information intelligible For example, the demographic information stored in the database may be encrypted usmg a first key, e g , a public key, and the digital certificate may mclude a second key, e g , a pπvate key wherem this private key is required to decrypt the respective user's demographic information Thus, m this embodiment, the demographic information stored m the database is unintelligible to providers, and the user first presents his/her digital certificate to the database, or to a provider, to render the demographic information intelligible and hence useful by a third- party provider This provides the user with greater control over his/her demographic data In this embodiment, the identity of the user may become known to the provider when the user presents his/her digital certificate Alternatively, the identity of the user may still remain anonymous, wherem the access information or key stored in the digital certificate merely allows a provider to discover the demographic information of the user, possibly without discovermg the identity of the user who is associated with this demographic information This would allow the providers, at the user's discretion, to provide targeted mformation or services to users who are essentially anonymous to the provider
In another embodiment, the digital certificate itself may store a portion of the user's demographic data, such as sponsorship mformation, mcludmg information regardmg programs or entities m which the mobile user is a member or is affiliated In yet another embodiment, the digital certificate may be configured to selectively allow different levels of access to the user's demographic information, e g , depending on the trust level ascnbed to the provider In this embodiment, the demographic mformation or the access level mformation may be stored m extensions withm the digital certificate
Therefore, the system and method descnbed herem operates to provide users and customers with greater control and access over their customer data or demographic mformation Thus, each user's demographic mformation is stored and mamtamed on the database, perhaps by an infomediary, and this mformation is possibly not usable, not accessible, or unintelligible, by third-party providers without the user providmg express permission for transfer of the digital certificate stored on the respective user's computing device This allows use of user demographic mformation by various third-party providers while providmg control or management of this mformation by the respective users
In one embodiment, the user is a mobile user (MU), also referred to as a subscnber, who may access the network service through a portable computmg device (PCD) usmg a wireless (or wired) network interface card Access pomts (APs) for the network may be widely distπbuted m vanous facilities, such as airports, mass-transit stations, and vanous busmesses, such as coffee shops or restaurants at an airport When m sufficiently close range to an access pomt, the PCD may access the service through the network card In one embodiment, the APs are arranged at known geographic locations and may provide geographic location mformation regardmg the geographic location of the mobile user (MU) A digital certificate may be stored on the mobile user's PCD When accessmg the network, the digital certificate may be selectively provided by the user to selectively enable access by providers to the user's demographic mformation stored on the network, or other mformation such as billing/charging information
BRIEF DESCRIPTION OF THE DRAWINGS
Other objects and advantages of the mvention will become apparent upon readmg the following detailed description and upon reference to the accompanying drawings in which- Figure 1 is a block diagram of one embodiment of a network system incorporating the present invention,
Figure 1A is a block diagram of one embodiment of a wireless network communication system incorporating the present mvention,
Figure 2 is a block diagram of one embodiment of a computer system of a provider, and
Figure 3 is a flowchart diagram of one embodiment of a method of allowing access to demographic mformation m a network usmg an improved infomediary model
While the mvention is susceptible to vanous modifications and alternative forms, specific embodiments thereof are shown by way of example m the drawings and will herem be descnbed m detail It should be understood, however, that the drawings and detailed descnption thereto are not intended to limit the mvention to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope of the present mvention as defined by the appended claims.
DETAILED DESCRIPTION OF THE EMBODIMENTS
Incorporation by Reference
U.S. Patent No. 5,835,061, titled "Method and Apparatus for Geographic-Based Communications
Service", whose mventor is Brett B. Stewart, is hereby incorporated by reference m its entirety as though fully and completely set forth herem. U.S. Patent Application Seπal No 09/433,817 titled "Geographic Based Communications Service" and filed on November 3, 1999, whose mventors are Brett B. Stewart and James Thompson, is hereby incorporated by reference m its entirety as though fully and completely set forth herem
U.S. Patent Application Senal No 09/433,818 titled "A Network Communications Service with an
Improved Subscnber Model Using Digital Certificates" and filed on November 3, 1999, whose mventors are Brett B. Stewart and James Thompson, is hereby incorporated by reference m its entirety as though fully and completely set forth herem
Figure 1 - Exemplary Network Communication System
Figure 1 illustrates a simplified and exemplary network system accordmg to one embodiment of the present invention. The network system may be used for general mformation access and/or electronic commerce (e- commerce) or Internet commerce. The embodiment illustrated in Figure 1 includes one provider server 102, one database server 108 and one client system 106, which each may be coupled to a network 104 such as the Internet. However, it is noted that the present mvention may be utilized with respect to any number of provider servers 102, database servers 108 and client systems 106 As shown m Figure 1, the provider who maintains the provider server 102 may offer one or more of mformation, content or products over network 104, such as the Internet. For example, the provider may offer advertising content, such as targeted advertising, to clients over the network 104. The provider may also be a vendor who offers products, for sale over network 104, such as the Internet, and preferably maintains the provider server 102 as an e-commerce server 102. One example of an e-commerce vendor is Amazon.com, which sells books and other items over the Internet. In general, the provider may offer any of vanous types of goods or services over the network 104, wherem services offered mclude any of various types of mformation or content, as well as services such as financial services, etc.
As shown, the provider server 102 may be connected to a network 104, preferably the Internet 104. The Internet 104 is currently the primary mechanism for performing electronic commerce. However, the network 104 may be any of vanous types of wide-area networks, local area networks, or networks of networks, such as the Internet, which connects computers and networks of computers together. Thus, the network 104 may be any of vanous types of networks, mcludmg wired and wireless networks, or combmations thereof. The network 104 may mclude or be coupled to other types of communications networks, (e.g , other than the Internet) such as the public switched telephone network (PSTN), among others. As shown, the database server 108 may also be connected to the network 104 The database server 108 may be maintained by a provider, or by a third party "mfomediary" The database server 108 may store demographic mformation for a plurality of different users In the preferred embodiment, the demographic mformation of a first user stored on the database server 108 is not useable by a provider for providmg mformation (e g , content) to the first user without a digital certificate provided from the first user Alternatively, or in addition, the demographic information of a first user stored on the database server 108 is not associable to the first user without a digital certificate provided from the first user Alternatively, or m addition, the demographic mformation of a first user compnsed m the database is unintelligible, e g , is encrypted, and the digital certificate provided from the first user is necessary to decrypt this mformation As noted above, the database server 108 may be operated or maintained by a third party, which may be referred to as an "mfomediary" The party who maintains the database server 108 may collect and store demographic information on users, such as past transactions and commercial activities of the users, and other types of demographic information The demographic mformation is stored on the database server 108, and, as mentioned above, the user preferably mamtams at least some control and management of his/her demographic information The mfomediary may receive a financial benefit from a provider 102 when the mfomediary provides demographic mformation to the provider The user may also receive a financial benefit when the user chooses to allow a provider access to his/her demographic mformation
As used herem, the term "demographic mformation" mcludes one or more of identity mformation, contact mformation, profile information, sponsorship mformation, past transaction information, purchasing habits, credit card usage, restaurant or hotel preferences, rental car preferences, past activities, and past commercial activities, among other types of customer or user data The term "profile mformation" mcludes one or more of age, weight, mcome level, residence location, and travel history, among other types of mformation The term "sponsorship mformation" includes one or more of mformation regardmg memberships of the user, information regardmg mcentive programs m which the user is a member, and mformation regardmg entities m which the user is affiliated, among others Thus, sponsorship mformation may include mformation regardmg frequent flier program memberships (e g , the Amencan Airlines Advantage Program), rental car mcentive programs (e g . Hertz Number One Club Gold), bank affiliations, country club affiliations, and other programs or affiliations, such as other incentive programs, prefeπed status memberships, other programs sponsored by vendors of goods or services, and other organizations of which the user is affiliated The demographic mformation thus may take anv of vanous forms
Client system 106 may also be connected to the network 104 The client system 106 is also referred to herem as a "computmg device" The client system or computmg device 106 may be of vanous kinds of systems such as a computer system, a network appliance, an Internet appliance, a Personal Digital Assistant (PDA), WebTV, telephone, two way pager, etc The client system 106 may execute web browser software for allowing a user of the client system 106 to browse and/or search the Internet 104, as well as enablmg the user to conduct transactions or commerce and/or receive information or content over the Internet 104 The web browser software in client computer system 106 may optionally utilize a 64-bit or 128-bit encryption technology to securely communicate with the provider server 102 When the user of the client system 106 desires to access a site, such as a site of the provider server 102 over the Internet 104, the web browser software preferably accesses the Web site of the respective provider server 102.
The client system 106 of a first user may store a digital certificate which is used m managmg or controlling access to the first user's demographic mformation compnsed m the network, e.g., stored m the database 108. In one embodiment, the digital certificate stored on the client system 106 of the first user mcludes access mformation for enablmg access to or use of the first demographic information by a provider, e.g., m providmg mformation or content to the user. The digital certificate may also mclude an identity of the user, as well as other information. For example, the digital certificate may compnse a portion of the user's demographic mformation. such as sponsorship mformation, or may compnse chargmg and netw ork usage mformation. In this embodiment, access charges for access to the network may be computed based on mformation, such as chargmg mformation and or sponsorship mformation, compnsed m the user's digital certificate. As used herem, the term "digital certificate" is mtended to encompass any of vanous types of data structures which are used for gammg access to network resources
The computmg device 106 may be operable to present its digital certificate to the database server 108 or to the provider 102, wherem the user's provision of the digital certificate may enable one or more uses of the demographic mformation of the user compnsed in the database 108 For example, the user's provision of the digital certificate may enable a provider to provide targeted content or mformation, e.g., advertising or mducements, to the computmg device 106 of the user. The user's provision of his/her digital certificate may also or mstead operate to associate the user with the corresponding demographic information and/or render the demographic mformation intelligible, e g., decrypted.
Thus, m one embodiment, the demographic lnformanon of a user is not associable to the user without the first digital certificate, and the respective user's digital certificate compnses access mformation for associating the user with his/her demographic information. Thus the user's provision of his her digital certificate may also or mstead operate to associate the user with his/her corresponding demographic information. In another embodiment, the demographic information of a user comprised m the database is unintelligible, e.g., is encrypted, and the digital certificate of the respective user contams the "key" necessary to decrypt the demographic information. Thus, presentation of the respective user's digital certificate to the database 108 renders the user's demographic mformation intelligible or unencrypted. For example, the demographic mformation of a user comprised m the database may be encrypted usmg a first key, and the digital certificate of the respective user may include a second key, wherem the second key from the user's digital certificate is used to decrypt the user's demographic mformation.
The computmg device 106 may present the digital certificate directly to the database server 108. Alternatively, the provider server 102 may receive the digital certificate from the computing device 106 and then present the digital certificate to the database server 108 As noted above, presentation of the digital certificate to the database server 108 may enable use of or access to the demographic mformation of the user compnsed in the database server 108.
As noted above, a user's digital certificate may compnse access information for enablmg use of or access to the user's demographic mformation. and provision of the digital certificate enables use of or access to the demogτaphιc mformation of the user compnsed m the database In one embodiment, the user may receives some type of financial benefit m return for provision of the first digital certificate.
The provider may take vanous actions m response to gammg access to the user's demographic information. For example, the provider server 102 may provide mformation or content to the user based on the demographic mformation. The provider server 102 may use the demographic mformation to select or generate targeted advertising, mducements. offers, etc. to the user.
Database Server 108, Provider Server 102 and Client System 106
The database server 108, the provider server 102, and the client system 106 may each mclude vanous standard components such as one or more processors or central processmg units, one or more memory media, and other standard components, e.g., a display device, mput devices, a power supply or batteπes, etc. The provider server 102 and the database server 108 may also each be implemented as two or more different computer systems.
One or more of the database server 108, the provider server 102, and/or the client system 106 may each mclude a memory medium on which computer programs or data (e g., a digital certificate) accordmg to the present mvention may be stored. The term "memory medium" is intended to mclude vanous types of memory or storage, mcludmg an installation medium, e g., a CD-ROM, or floppy disks, a computer system memory, e.g . random access memory (RAM), such as DRAM, SRAM, EDO RAM, Rambus RAM. etc., or a non-volatile memory such as a magnetic media, e.g., a hard drive, or optical storage. The memory medium may compnse other types of memory as well, or combmations thereof. In addition, the memory medium may be located m a first computer m which the programs are executed, or may be located m a second different computer which connects to the first computer over a network. In the latter mstance, the second computer provides the program instructions to the first computer for execution. Also, the servers 102 and/or 108 may take vanous forms, mcludmg a computer system, mainframe computer system, workstation, or other device. In general, the term "computer system" or "server" can be broadly defined to encompass any device havmg a processor that executes instructions from a memory medium. The memory mediums on each of the database server 108, the provider server 102, and/or the client system 106 may store software or data to enable users to manage and/or control their demographic information m a network system according to the methods or flowcharts descnbed below The software programs may be implemented in any of various ways. Also, the digital certificate may have any of vanous forms. A CPU. such as the host CPU, executmg code and data from a memory medium compnses a means for implementing the network system descnbed herem.
Vanous embodiments further mclude receivmg or storing instructions and/or data implemented in accordance with the foregomg descnption upon a earner medium Suitable earner media mclude memory media or storage media such as magnetic or optical media, e.g., disk or CD-ROM, as well as signals such as electncal, electromagnetic, or digital signals, conveyed via a communication medium such as networks and or a wireless link.
Figure 1 A - Wireless Network Communication System
Figure 1A shows one embodiment of an exemplary wireless network communication system 100A. The wireless network communication system 100A may mclude a portable computmg device (PCD) 106A with a wireless connection 1 1 1 (e.g , an antenna) m communication with a wireless access pomt (AP) 120 havmg a wireless connection 121 (e g , an antenna) The AP 120 may be coupled to a provider 102 and a management mformation base (MLB) 150 through network 104 The network 104 may compnse a wired network, a wireless network or a combmation of wired and wireless networks
The network communication svstem 100A may be geographic -based In other words, the network communication system 100A may provide mformation and/or services to the MU based at least partly on the known geographic location of the MU, e g , as indicated by the access pomts 120 or as indicated by geographic mformation (e g , GPS mformation) provided from the PCD 106A
The wireless communication system 100 A may mclude a plurality of wireless access pomts 120, a plurality of providers 102, and or a plurality of MIBs 150 Access pomts (APs) for the network may be widely distnbuted m various facilities, such as airports, mass-transit stations, shoppmg malls, and other busmesses, such as coffee shops or restaurants at an airport When m sufficiently close range to an access pomt, the PCD 106A may access the network through, for example, a wireless network card In one embodiment, the APs 120 are arranged at known geographic locations and may pro\ ide geographic location mformation regardmg the geographic location of the mobile user (MU) or the PCD 106A In another embodiment, the PCD 106A may provide geographic location mformation of the PCD 106A through the AP 120 to the network 130 For example, the PCD 106A may mclude GPS (Global Positioning System) equipment to enable the PCD 106A to provide its geographic location through the AP 120 to the network 130, e g , service provider 140 located on the network 130
The service providers 140 and MIBs 150 each may compnse a computer system coupled to the network 130 The netwoik 130 may comprise one or more wired or wireless local area networks and/or one or more wide area networks (e g , the Internet) Each service provider 102 may mclude one or more computers or computer systems configured to provide goods, mformation, and/or services as appropnate for the service provider The one or more service providers 102 may connect to network 104 m a wired or wireless fashion The one or more MIBs 150 may be compnsed m a provider 102
The wireless communication may be accomplished m a number of ways In a preferred embodiment, PCD 106A and wireless AP 120 are both equipped w ith an appropnate transmitter and receiver compatible in power and frequencv range (e g , 2 4GHz) to establish a wireless communication link (e g , wireless connection 111 and wireless connection 121, respectively) Wireless communication may also be accomplished through cellular, digital, or infrared communication technologies, among others To provide user identification and/or ensure security, the MU may also be equipped with a code generator that generates an identification code that may be transmitted to and recognized by the wireless AP 120 This identification code may then be relayed to different service providers 102 and/or MIB 150 that are coupled to wireless AP 120 via network 104 Such an identification code may utilize recognition of a MU before providmg access to system services, thereby providmg a measure of security and a service billing mechanism As descnbed above, the PCD 106A may selectively provide a digital certificate or other data to selectively enable a provider 102 to use or access demographic mformation of the user In one embodiment, the demographic mformation of the user may be used in conjunction with the known geographic location of the user to provide specific or targeted mformation (e g , advertising) to the user
In vanous other embodiments, the system 100 may be a wired network communication system or a hybnd (wired and wireless) network communication system For more mformation on possible embodiments of the system, mcludmg vanous embodiments of the access pomts 120 and the PCD 106A, please see U S Patent Nos 5,835,061 and 5,969,678, and U S patent application Serial No 09/433,817 which are hereby incorporated by reference as though fully and completely set forth herem
Computmg Device 106 As noted above, the computmg device or client system 106 may be any of vanous types of devices, mcludmg a computer system, such as a portable computer, a personal digital assistant (PDA), an Internet appliance, a communications device, such as a cellular phone, digital wireless telephone or other wired or wireless device The computmg device 106 may mclude vanous wireless or wired communication devices, such as a wireless Ethernet card, cellular telephone logic, paging logic, RF communication logic, a wired Ethernet card, a modem, a DSL device, an ISDN device, an ATM device, a parallel or serial port interface, or other type of communication device As mentioned above the computmg device 106 preferably mcludes a memory medium which stores a digital certificate The digital certificate may also be referred to as a personal certificate The digital certificate may be stored m a web browser of the personal computmg device 110
The digital certificate may compnse a reference or cookie to the user s demographic mformation, which may be kept on a separate serv er, e g , the database server 108 The references or cookies may take the form of a URL, a pointer, an IP address, or other reference or cookie
The digital certificate stored on the client system or computmg device 106 mcludes access mformation for rendering the respective user's demographic mformation useable, accessible, or intelligible The access mformation may be stored in extensions within the digital certificate, such as non-cntical extensions The access mformation may take any of various forms Where the demographic information is stored m an encrypted format on the database server 108, the access mformation may comprise a "key" or other data for decrypting the mformation In general, the access mformation may compnse some type of data which may operate to effectively "unlock" the demographic information or make the demographic mformation useable or accessible m some way
The digital certificate may also store vanous other information, such as chargmg mformation of the user or sponsorship information of the user The sponsorship mformation and/or chargmg mformation may also be stored in extensions within the digital certificate, such as non-cntical extensions of the digital certificate
Figure 2 - Database Server Service Provider
Figure 2 is an exemplary block diagram of one embodiment of a database server 108 The database server 108 may take any of vanous forms, and Figure 2 is exemplary only The database server 108 may compnse a processor 310 coupled to a system bus 330 Processor 310 may be any of several different processors A database 325 and memory 320 may also be coupled to the system bus 330 The database 325 preferably stores user demographic mformation of a plurality of users System bus 330 may be coupled to I/O bus 335 Network interface 340 may also be coupled to I O bus 335 System bus 330 and I/O bus 335 may be coupled to other devices, such as a display
The demographic mformation of the plurality of users is preferably stored m a manner where the demographic mformation of a user is not useable or accessible to providers without bemg paired with the corresponding user's digital certificate This allows each user a manner of control or management of his/her respective demographic mformation In one embodiment, the demographic mformation is stored m an encrytped format, and the digital certificate from the corresponding user is required to decrypt the demographic mformation In another embodiment, the demographic mformation is stored in a normal readable format. However, the database server 108 may be configured to provide the demographic mformation of a user m an encrypted or unintelligible format unless the user's digital certificate has been provided. Database server 108 may be operable to receive a digital certificate from a client system 106 of a user and extract vanous mformation from the digital certificate, such as a user identification and the access information. The access information may then be used for enablmg access to the user's demographic mformation. The database 325 may store vanous types of mformation, such as demographic mformation of users, chargmg mformation of users, and or other information. The digital certificate may make this other mformation accessible as well. Thus the database 325 may store user demographic mformation that may only be available to registered network users or registered network providers usmg an access code or access mformation that has been approved by the user. Alternatively, the database 325 may selectively store user mformation, based on a permission received from the respective user. This mformation may be selectively provided by the database 325, upon the approval of the user as mdicated by provision of a digital certificate of the user Thus the database server 325 may act as an mfomediary for users
The processor 310 may use this access mformation m the digital certificate to access the respective user's demographic mformation from the database 325 The processor 310 may also access other information from the database 325, such as chargmg or usage mformation. This demographic mformation may be used by a provider, possibly m conjunction with geographic location mformation of the client system 106, to provide targeted services or mformation (e.g., advertising mformation) to the user. The provider computer 102 may receive mformation or service requests from network 104, determine what mformation fulfills each request, and make the information available to the user over the network 104.
The database server 108 may also store chargmg mformation used for chargmg the user for network access. The chargmg mformation may include information regardmg participation m vanous mcentive programs which may affect network access chargmg, e.g., programs which offer a limited time peπod of free or reduced charge network access. The chargmg mformation may also mclude mformation regardmg an amount of available network access usage, e g,, a time amount, a dollar amount, or an amount of accrued "points". For example, the amount of "pomts" may mdicate an amount of network usage available to the user.
Figure 3 - Demographic Information Management using the Improved Infomediary Model
Figure 3 is a flowchart diagram illustrating operation of allowing access to demographic mformation m a network using an improved infomediary model In one embodiment, as descnbed above, the client system or computmg device 106 mcludes a digital certificate stored m the memory of the computmg device 106. The digital certificate may store mformation need for user authentication and security on the network. The digital certificate may also store access mformation, as descnbed above, for selectively allowing access to the user's demographic data. The digital certificate may also store references to other information, such as demographic mformation of the user, chargmg mformation of the user, or other mformation
The network access method of the present mvention may be operable to receive and use the digital certificate for authentication and secunty, as well as for enablmg access to the user's demographic mformation. In one embodiment, the system and method may extract and use mformation stored m the digital certificate, possibly m conjunction with geographic location mformation of the user and other mformation, to provide an improved mfomediary service. Vanous providers on the network 104 may be allowed by the user to gam access to the user's demographic information, as mdicated by the user's provision of his her digital certificate The providers may use this demographic mformation, possibly m con uncnon with geographic location mformation of the user and/or other mformation, to provide various targeted services or information to the user.
As shown, m step 202 the user connects to the network 104 (e.g., to an access pomt of the network). For example, the user may connect to the Internet from his/her home or office Where the user is a mobile user, the user may be walking m an airport with a portable computmg device and may connect m a wireless fashion to an access pomt located at the airport. In another scenaπo. the user may enter a hotel room and connect to an Ethernet port m his/her room which is connected to the network. Thus, the user may connect to the network 104 m a wired or wireless fashion.
In step 204 the computmg device 106 of the user may optionally transmit identification mformation (ID information) to the network or to the access pomt (AP) of the network. The identification mformation may take any of various forms. In one embodiment, the identification mformation compnses a digital certificate which contams various identification or authentication mformation In another embodiment, the identification mformation compnses a MAC (media access controller) ID which is compnsed on a wired or wireless Ethernet card of the personal computmg device used by the user. In another embodiment, the identification mformation compnses an 802.11 (wireless Ethernet) System ID (SID). Thus, m one embodiment, the identification mformation may identify the user without "giving away" the user's identity (e g , "anonymous identification"). In other words, the MAC ID or SID may be used to reference the proper demographic mformation, without mdicatmg the actual identity or name of the user associated with this demographic information. The identification information may compnse other types of mformation, e.g., more secure identification, as desired.
In step 206 the network provider may examine and validate the received identification mformation, e.g., the certificate, MAC ID, the 802.11 System ID, or other identification information. The identification information may be accompanied by a password or other type of mformation. As noted above, the identification mformation may also be compnsed in a digital certificate, which may be different than the digital certificate used to grant access to the user's demographic mformation.
Steps 204 and 206 may be performed where the user is connecting through a propnetary (third party) network 104 or through a propnetary portion of the network 104, or through an ISP. For example, steps 204 and 206 may be performed where the user is connecting through a propnetary portion of the network 104, e.g., where the user is a mobile user connecting to a propnetary wireless network for Internet access, or possible connecting through a third party ISP (Internet service provider)
In one embodiment, in step 208 geographic location mformation may be transmitted to the network. For example, where the user is a mobile user who connects to an access pomt 120, the access pomt 120 to which the user has connected may transmit known geographic location mformation to the network (e.g., an mformation provider on the network). Alternatively, the user's computmg device 106 may transmit geographic location information usmg GPS technology or other means As discussed further below, this known geographic location mformation of the user may be used to provide mformation or services to the user which are dependent upon the geographic location of the user. For more information on the use of geographic location information for providmg geographic based information and services, please see U.S. Patent No. 5,835,061, referenced above
Once the user has connected to the network 104, e g., the Internet, the user may perform vanous tasks as is well known. For example, the user may access vanous web sites to read or review vanous content such as travel mformation, weather mformation, stock market mformation, news or any of other vanous types of content. The user may also initiate purchase of vanous products, e.g., goods or services, available on electronic commerce sites, as is well known.
Vanous providers, either information providers or service providers, may desire to access the demographic mformation of vanous users for commercial purposes. For example, providers may desire access to users' demographic mformation to provide targeted advertismg or mducements over the Internet or to provide vanous advertismg mailings, etc. Thus, m step 212 a provider may transmit a request to access demographic mformation to a user.
In one embodiment, the provider may transmit the request directly to the user to ask the user whether the provider can access that respective user's demographic mformation. In this embodiment, m step 214 the user, i.e., the client system 106 of the user, may receive and evaluate the request. If the user decides to provide the requesting provider access to the user's demographic mformation in step 216, then in step 218 the client system 106 of the user may transmit its respective digital certificate to grant the requested access to the user's demographic information. Alternatively, the client system 106 may direct another computer to provide the digital certificate. In one embodiment, the user may provide the digital certificate to the provider, wherem the provider may then forward the digital certificate to the database 108 to gam access to the user's demographic mformation. In an alternate embodiment, the user or another computer may provide the digital certificate directly to the database 108, perhaps accompanied with or mcludmg a cookie or other reference to the respective provider whose request has been granted. As discussed m detail above, the provision of the digital certificate to the database 108 operates to enable access to or use of the respective user's demographic mformation. In one embodiment, the user may provide the digital certificate with an access level or pnvilege level incorporated m the certificate, wherem this access level indicates the amount of the user's demographic information to which the provider may have access.
In step 222, m response to the digital certificate being provided to the database server 108, the provider may then access the user's demographic mformation and use this mformation for vanous purposes, such as providmg targeted advertismg mducements or offers to the user. For example, m step 224 the provider provides various content or services to the user based on the demographic mformation.
In one embodiment, a provider who gams access to a respective user's demographic mformation may then incorporate a preset or pre-determined discount to the user who granted the providers request, this discount forming an mcentive to the user to grant access to the user's demographic mformation to the provider. The discount may also be based on the access level or pnvilege level provided in the user's digital certificate.
If the user decides to not provide access to the provider as determined m step 216, then in step 232 the client system 106 may provide a message to the provider mdicatmg that the demographic mformation of the user is not available or accessible to that provider. The provider may then optionally provider a greater incentive or mducement to the user for the user to release his/her demographic mformation. Alternate Embodiment
In an alternate embodiment of the mvention, each of the users who have demographic mformation stored or collected on the database 108 may have previously transmitted their respective digital certificates to the respective infomediary who maintains the database 108, accompanied with directions or instructions as to when the respective user consents to a provider's request to access the demographic information For example, respective users may require certain discounts or financial mcentives from providers before they will grant access to this demographic mformation Thus, m this embodiment, the database server 108 mamtams user demographic mformation for a plurality of users, and mamtams a corresponding digital certificate for each of the respecnve users, wherem the digital certificate contains the necessary access mformation for enablmg access to or use of the user demographic mformation, and further the database 108 may mamtam instructions from each of the respective users which specify cπtena for granting access to the respective user's mformation to providers
In this embodiment, m step 212 the provider transmits request access demographic mformation, wherem the request is made directly to the mfomediary who mamtams the database server 108 In step 214 the mfomediary may receive and evaluate the request based on the user's previously specified instructions as to when to provide demographic mformation to providers For example, the mfomediary may retneve the user's cπteπa for releasmg this mformation such as types and or kmds of providers, types of products offered, type and/or amount of discount offered, etc In one embodiment, users may be treated as groups or classes, and the mfomediary may selectively allow access to demographic mformation of respective groups or classes of users based on vanous cntena or financial incentives offered to the group or class of users This may allow the infomediary to aggregate users, or allow the users to aggregate themselves, to negotiate higher discounts or greater mcentives for access to their collective demographic information
If the mfomediary decides to allow access to the user's demographic mformation as determined in step 216 then in step 218 the infomediary may retneve the digital certificate stored m its database or from the user's client system 106 and use the certificate to enable access to the demographic mformation m step 220 The provider may then access the demographic information of the user(s) m step 222
If the infomediary determines to not provide access as determined m step 216, then in step 232 the mfomediary provides a message to the provider mdicatmg that the demographic information of the user is not available or accessible to that provider The provider may then optionally provider a greater mcentive or mducement to the user, or group of users, for the mfomediary to release this demographic mformation The infomediary may thus negotiate on behalf of the group of users to obtam the best discounts, incentives, or mducements to release demographic mformation of the users
While the present mvention has been descnbed with reference to particular embodiments, it will be understood that the embodiments are illustrative and that the invention scope is not so limited Any vanations, modifications, additions, and improvements to the embodiments descnbed are possible These vanations, modifications, additions, and improvements may fall withm the scope of the mventions as detailed withm the following claims

Claims

WHAT IS CLAIMED IS:
1 A system, compnsmg. a computmg device operated by a user, wherem the computing device mcludes a first digital certificate, a network, wherem the computmg device is operable to be coupled to the network; and a database coupled to the network which stores first demographic mformation of the user; wherem the first demographic mformation is not useable for providmg mformation to the user without the first digital certificate.
2. The system of claim 1, wherem the first digital certificate mcludes access mformation for enablmg use of the first demographic mformation m providmg mformation to the user.
3. The system of claim 1 , wherem the computmg device is operable to present the first digital certificate to the database, wherem presentation of the first digital certificate to the database enables use of the first demographic mformation of the user compnsed m the database.
4. The system of claim 1, further compnsmg' at least one provider connected to the network, wherem the provider is operable to receive the digital certificate from the computmg device, wherem the provider is operable to present the first digital certificate to the database, wherem presentation of the first digital certificate to the database enables use of the first demographic mformation of the user compnsed m the database
5. The system of claim 1 , wherem the first demographic mformation m the database is not associable to the user without the first digital certificate; wherem presentation of the first digital certificate to the database operates to associate the user with the first demographic mformation.
6. The system of claim 5, wherem the first digital certificate compnses access mformation for associating the user with the first demographic mformation.
7 The system of claim 6, wherem the first digital certificate includes an identity of the user.
8. The system of claim 1, wherem the first demographic mformation compnsed m the database is unintelligible without the first digital certificate; wherem the first digital certificate compnses access information for rendering the first demographic information intelligible
9 The system of claim 8, wherem the first demographic mformation compnsed m the database is encrypted usmg a first key, wherem the first digital certificate mcludes a second key, wherem the second key from the first digital certificate is used to decrypt the first demographic information
10 The system of claim 1, wherem the first digital certificate compnses access information for enablmg use of the first demographic mformation m providmg mformation to the user, wherem provision of the first digital certificate enables use of the first demographic mformation of the user compnsed in the database, wherem the user receives a financial benefit m return for provision of the first digital certificate
11 The system of claim 1 wherem the demographic mformation includes one or more of identity information, contact mformation, profile mformation, sponsorship mformation, past transaction mformation, purchasing habits, credit card usage, restaurant or hotel preferences, rental car preferences, and past activities, wherem profile mformation includes one or more of age, weight mcome level, residence location, and travel history, wherem sponsorship mformation mcludes one or more of mformation regardmg memberships of the mobile user, mformation regardmg mcentive programs m which the mobile user is a member, and information regardmg entities m which the mobile user is affiliated
12 The system of claim 1, wherem the first digital certificate compnses sponsorship mformation, wherem access charges for access to the network are computed based on the sponsorship information comprised m the first digital certificate
13 The system of claim 1 , further compnsmg at least one provider connected to the network, wherem the provider is operable to receive the fust digital certificate from the computmg device, wherem at least one provider is operable to access the first demographic information in the database usmg the first digital certificate and provide mformation to the user based on the first demographic mformation
14 The system of claim 1 , further compnsmg at least one provider connected to the network, wherem the provider is operable to receive the digital certificate from the computmg device, wherem at least one provider is operable to access the demographic mformation m the database usmg the first digital certificate and provide a service to the user based on the first demographic mformation..
15 The system of claim 1. wherem the computmg device is a portable computing device operated by a mobile user: the system further compnsmg: a plurality of access pomts connected to said network, wherem each of the plurality of access pomts is configured to detect the portable computmg device.
16 The system of claim 1. wherem the computmg device is a portable computmg device operated by a mobile user; wherem the portable computing device is configured to transmit a signal mdicatmg a presence of the portable computmg device
17 A system, compnsmg a computmg device operated by a user, wherem the computmg device mcludes a first digital certificate, a network, wherem the computmg device is operable to be coupled to the network; and a database coupled to the network which stores first demographic information of the user, wherem the first demographic mformation is not associable to the user without the first digital certificate.
18 The system of claim 17, wherem presentation of the first digital certificate to the database operates to associate the user with the first demographic mformation.
19 The system of claim 17, wherem the first digital certificate compnses access mformation for associating the user with the first demographic mformation
20 The system of claim 17, further compnsmg at least one provider connected to the network, wherem the provider is operable to examine the first demographic mformation m the database and provide mformation to the user based on the first demographic information, wherem the provider provides mformation to the user without knowledge of an identity of the user associated with the first demographic mformation
21. A method for selectively providmg access to demographic mformation of users in a network system, the method compnsmg: storing a first digital certificate m a memory of a computmg device operated by the user; storing first demographic information of a user m a database, wherem the first demographic mformation m the database is not useable for providmg mformation to the user without the first digital certificate; transmitting the first digital certificate to the database, wherem the first digital certificate mcludes access information for enablmg use of the first demographic mformation m providmg mformation to the user; and accessmg the first demographic mformation after said transmitting
22 The method of claim 21, wherem the network system mcludes at least one provider connected to the network, wherem the provider performs said accessmg the first demographic information, the method further compnsmg the provider providmg one or more of information or a service to the user based on the first demographic information
23 The method of claim 23, wherem the network system mcludes at least one provider connected to the network, wherem the provider performs said transmitting the first digital certificate to the database
24 The method of claim 21 , wherein the first demographic mformation m the database is not associable to the user without the first digital certificate, wherem said transmitting the first digital certificate to the database operates to associate the user with the first demographic mformation
25 The method of claim 24, wherem the first digital certificate compnses access mformation for associatmg the user with the first demographic mformation
26 The method of claim 21, wherem the first demographic mformation compnsed m the database is unintelligible without the first digital certificate, wherem the first digital certificate compnses access mformation for rendering the first demographic mformation intelligible
27 The method of claim 26, wherem the first demographic mformation compnsed m the database is encrypted usmg a first key, wherem the first digital certificate mcludes a second key, wherem the second key from the first digital certificate is used to decrypt the first demographic mformation
28 The method of claim 21, wherem the user receives a financial benefit in return for said transmitting the first digital certificate
29 The method of claim 21, wherem the demographic mformation mcludes one or more of identity mformation, contact mformation, profile mformation, sponsorship mformation, past transaction mformation, purchasing habits, credit card usage, restaurant or hotel preferences, rental car preferences, and past activities, wherem profile mformation mcludes one or more of age, weight income level, residence location, and travel history, wherem sponsorship mformation mcludes one or more of mformation regardmg memberships of the mobile user, information regarding mcentive programs m which the mobile user is a member, and information regardmg entities m which the mobile user is affiliated
30 A method for providmg targeted mformation to a user m a network system, the method compnsmg storing a first digital certificate m a memory of a computmg device operated by the user, storing first demographic mformation of a user m a database, wherem the first demographic mformation m the database is not useable for providmg mformation to the user without the first digital certificate, transmitting the first digital certificate to the database, wherem the first digital certificate mcludes access information for enablmg use of the first demographic mformation m providmg mformation to the user, accessmg the first demographic mformation usmg the first digital certificate, providmg targeted mformation to the user usmg the first demographic mformation
31 A computmg device operated by a user on a network, compnsmg a processmg unit, a memory medium coupled to the processmg unit mcludmg a first digital certificate, wherem the first digital certificate comprises access mformation for enablmg use of first demographic information stored m the network, a communication device for communicating with the network, wherem the communication device is also configured to transmit the first digital certificate, wherem the first demographic mformation is not useable for providmg mformation to the user without the first digital certificate
32 A network system, compnsmg a database coupled to the network which stores first demographic mformation of a user, at least one provider coupled to the network, wherem the provider is operable to receive a first digital certificate from a computmg device operated by a user, wherem the first digital certificate compnses access information for enablmg access to the first demographic mformation of the user stored m the database, wherem the at least one provider is operable to access the first demographic mformation of the user stored m the database m response to receivmg the first digital certificate from the computmg device operated by the user, wherem the first demographic mformation is not useable by the provider without the first digital certificate
33 The network system of claim 32, further compnsmg a plurality of access pomts coupled to the network, wherem each of the plurality of access pomts is configured to detect a computmg device operated by a mobile user,
PCT/US2001/040552 2000-04-18 2001-04-18 System and method for managing user demographic information using digital certificates WO2001080149A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001255859A AU2001255859A1 (en) 2000-04-18 2001-04-18 System and method for managing user demographic information using digital certificates

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US55130900A 2000-04-18 2000-04-18
US09/551,309 2000-04-18

Publications (2)

Publication Number Publication Date
WO2001080149A2 true WO2001080149A2 (en) 2001-10-25
WO2001080149A3 WO2001080149A3 (en) 2003-10-30

Family

ID=24200739

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/040552 WO2001080149A2 (en) 2000-04-18 2001-04-18 System and method for managing user demographic information using digital certificates

Country Status (2)

Country Link
AU (1) AU2001255859A1 (en)
WO (1) WO2001080149A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1485832A1 (en) * 2002-02-27 2004-12-15 Oneempower PTE Ltd. Activity management method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5835087A (en) * 1994-11-29 1998-11-10 Herz; Frederick S. M. System for generation of object profiles for a system for customized electronic identification of desirable objects
EP0991005A2 (en) * 1998-10-02 2000-04-05 Ncr International Inc. Privacy-enhanced database
WO2001033936A2 (en) * 1999-10-29 2001-05-17 Privacomp, Inc. System for providing dynamic data informed consent to provide data privacy and security in database systems and in networked communications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5835087A (en) * 1994-11-29 1998-11-10 Herz; Frederick S. M. System for generation of object profiles for a system for customized electronic identification of desirable objects
EP0991005A2 (en) * 1998-10-02 2000-04-05 Ncr International Inc. Privacy-enhanced database
WO2001033936A2 (en) * 1999-10-29 2001-05-17 Privacomp, Inc. System for providing dynamic data informed consent to provide data privacy and security in database systems and in networked communications

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
AZIZ A ET AL: "PRIVACY AND AUTHENTICATION FOR WIRELESS LOCAL AREA NETWORKS A SECURE COMMUNICATIONS PROTOCOL TO PREVENT UNAUTHORIZED ACCESS" IEEE PERSONAL COMMUNICATIONS, IEEE COMMUNICATIONS SOCIETY, US, vol. 1, no. 1, 1994, pages 25-31, XP000460718 ISSN: 1070-9916 *
ELGAMAL T ET AL: "Securing Communications on the Intranet and over the Internet" , July 1996 (1996-07), XP002066298 Retrieved from the Internet: <URL:www.go-digital.net/whitepapers/secure comm.html> [retrieved on 1998-05-27] *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1485832A1 (en) * 2002-02-27 2004-12-15 Oneempower PTE Ltd. Activity management method
EP1485832A4 (en) * 2002-02-27 2005-03-23 Oneempower Pte Ltd Activity management method

Also Published As

Publication number Publication date
AU2001255859A1 (en) 2001-10-30
WO2001080149A3 (en) 2003-10-30

Similar Documents

Publication Publication Date Title
US6571221B1 (en) Network communication service with an improved subscriber model using digital certificates
US7975150B1 (en) Method and system for protecting queryable data
US20050050352A1 (en) Method and system for privacy in public networks
US6892064B2 (en) Method and system for presentation of content from one cellular phone to another through a computer network
US8015117B1 (en) Method and system for anonymous reporting
US20030105719A1 (en) Information content distribution based on privacy and/or personal information
US20020173981A1 (en) Domain place registration system and method for registering for geographic based services
US20010020242A1 (en) Method and apparatus for processing client information
US20140372176A1 (en) Method and apparatus for anonymous data profiling
US20120246065A1 (en) Techniques for offering context to service providers utilizing incentives
US20050108107A1 (en) Systems and methods of providing marketing campaign management services
US20110247029A1 (en) Techniques for offering context to service providers utilizing incentives
US20070060117A1 (en) Short-range wireless architecture
WO2002019682A1 (en) Advanced air time management
JPH09114891A (en) Device and method for processing information
US20110246213A1 (en) Techniques for offering context to service providers utilizing an approval service and incentives utlizing online secure profile storage
US20110247030A1 (en) Incentives based techniques for offering context to service providers utilizing syncronizing profile stores
US20110246283A1 (en) Approval service based techniques for offering context to service providers utilizing incentives
US8504829B2 (en) Certification system in network and method thereof
WO2007006009A2 (en) Managed e-community environments
WO2001080149A2 (en) System and method for managing user demographic information using digital certificates
JP2003345280A (en) Method for distributing advertisement and virtual communication system
JP2002329143A (en) Deal support device
KR100345617B1 (en) a cyber village system
JP3552098B2 (en) Information processing method and information processing apparatus

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP