WO2001090845A2 - A system and method for conducting anonymous transactions using a trusted intermediary - Google Patents

A system and method for conducting anonymous transactions using a trusted intermediary Download PDF

Info

Publication number
WO2001090845A2
WO2001090845A2 PCT/US2001/016316 US0116316W WO0190845A2 WO 2001090845 A2 WO2001090845 A2 WO 2001090845A2 US 0116316 W US0116316 W US 0116316W WO 0190845 A2 WO0190845 A2 WO 0190845A2
Authority
WO
WIPO (PCT)
Prior art keywords
buyer
alias
trusted intermediary
credit
seller
Prior art date
Application number
PCT/US2001/016316
Other languages
French (fr)
Other versions
WO2001090845B1 (en
WO2001090845A3 (en
Inventor
Srdjan Divac
Ted Pyne
Original Assignee
Mybusinessonly, Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mybusinessonly, Incorporated filed Critical Mybusinessonly, Incorporated
Priority to AU2001264728A priority Critical patent/AU2001264728A1/en
Publication of WO2001090845A2 publication Critical patent/WO2001090845A2/en
Publication of WO2001090845A3 publication Critical patent/WO2001090845A3/en
Publication of WO2001090845B1 publication Critical patent/WO2001090845B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes

Definitions

  • the invention relates to a method and system for allowing two parties to conduct a transaction while keeping the identity of at least one of the parties secret from the other party.
  • .5 means, communications service providers, vendors, marketers, hackers and others routinely collect identifying, demographic and behavioral information about individuals that use communications networks. This information may be collected whether a user is actually involved in a commercial transaction, or just simply using the communications network. Accordingly, it would be desirable to have a method and system for conducting a transaction that
  • the present invention provides a new method and system ⁇ 5 for privately conducting transactions.
  • the method and system of the invention allow the buyer to conduct a remote commercial transaction in such a way that no party to the transaction, except for the buyer and a trusted intermediary, has full knowledge of the transaction.
  • no party to the transaction, except for the buyer, the trusted intermediary, and a carrier has any of the buyer's identifying information.
  • the carrier only has, at most, the buyer's >0 name and ship-to address to which the purchased goods are to be shipped. The carrier does not even possess detailed knowledge of the goods being shipped.
  • the carrier will have agreed not to provide the buyer's name and ship-to address to any other party, regardless of whether that party is involved in the transaction. Additionally, as soon as the transaction is fully completed, the buyer has the option of deleting any record of the transaction possessed by the trusted intermediary. This ensures that the buyer is the only party to the transaction to retain a full knowledge of the transaction.
  • FIG. 1 is a flow chart showing a general method of conducting a transaction according to the invention.
  • Fig. 2 is a block diagram illustrating a system and method for conducting a transaction according to one embodiment of the invention.
  • Fig. 3 is a block diagram illustrating a system and method for conducting a transaction according to another embodiment of the invention.
  • Fig. 4 is a block diagram illustrating a system and method for conducting a transaction according to yet another embodiment of the invention.
  • Fig..5 is a block diagram illustrating a system and method for conducting a transaction according to still another embodiment of the invention.
  • Fig. 6 is a block diagram illustrating a system and method for conducting a transaction according to yet another embodiment of the invention.
  • Fig. 7 is a block diagram showing a system and method for conducting a transaction according to still yet another embodiment of the invention.
  • Fig. 8 is a block diagram illustrating a trusted intermediary according to one embodiment of the invention.
  • Buyer Any party purchasing a product or service remotely via a communications system, such as, for example, a communications network like the Internet, a telephone system, or a mail or parcel delivery system.
  • Seller Any party supplying a product or service to a buyer.
  • Carrier Any party charged with delivering physical goods from a seller to a buyer, or any party acting as a clearinghouse for a party charged with deliver physical goods from a seller to a buyer.
  • Authorization Network Any organization that maintains or manages credit providing services, including, but not limited to, the services of routing requests to authorize a charge from an acquiring bank to an issuing bank, setting forth regulations for issuing credit, and setting forth protocols for authorizing credit charges.
  • Credit Issuer Any party issuing credit to another party by itself or in conjunction with an authorization network.
  • a transaction An exchange of goods, services, and/or monetary instruments between a buyer and a seller that may involve one or more other parties.
  • a transaction may include, but is not limited to, selection of goods, services and/or monetary instruments by a buyer, payment for the goods, services and/or monetary instruments, and delivery of the goods, services and/or monetary instruments .
  • Trusted Intermediary Any party serving as a proxy for a buyer in a transaction in order to ensure the buyer's anonyminity to at least the seller.
  • Communications Provider Any party providing access to a communications system over which a transaction may be conducted, including, but not limited to, network service providers such as Internet service providers, telephone service providers, and parcel delivery service providers.
  • Identifying Information Any information that may identify or assist in identifying a party, including, but not limited to, names, social security numbers, driver's license numbers, US military identification numbers, Veteran's Administration identification numbers, medical insurance numbers, passport numbers, credit card numbers, addresses, telephone numbers, and e- mail addresses.
  • Secure Connection Any communication connection that carries communications which are relatively secure from interception by a party other than the intended recipient (e.g., an encrypted connection, a connection carried over a dedicated line, a connection that divides communications into separate packets for delivery along different routes, etc.).
  • Anonymized Connection Any .communication connection carried through a communications provider that prevents identifying information for the originator of the communication from becoming known to the end recipient of the communication.
  • Acquiring Bank a bank that settles accounts for a transaction on behalf of a seller.
  • Anonymous Payment Instrument Any data accepted by the seller and/or the seller's acquiring bank as payment for goods, services and/or monetary instruments that the seller cannot trace back to the buyer.
  • Alias Credit Data Credit information, such as, for example, a credit card number and expiration date, accepted by a seller for payment by credit, that is capable of identifying the buyer in a transaction to only the trusted intermediary, and to no other party involved in the transaction.
  • Alias credit data is one particular example of an A.P.I.
  • Alias Information Any information capable of identifying at least the buyer in a transaction and the transaction itself to a trusted intermediary, but to no other party involved in the transaction.
  • Ship-to Address Any address to which a buyer wishes goods, services and/or monetary instruments obtained in a transaction to be delivered to.
  • Alias Address Any address, other than a ship-to address, that is provided to a seller by either a buyer or trusted intermediary.
  • a transaction begins in step 101 when a buyer 10 initiates a secure connection with the trusted intermediary.
  • the trusted intermediary 30 identifies and authenticates the identity of the buyer 10. The identification may be accomplished a number of ways, depending upon the relationship between the buyer 10 and trusted intermediary 30. For example, if the buyer 10 has already established an account with the trusted intermediary 30, then the buyer 10 may need only to provide the trusted intermediary 30 with a previously agreed upon login name and password, or with a previously agreed upon set of keywords.
  • the buyer 10 may need to provide the trusted intermediary 30 with sufficient information necessary to establish an account. For example, the buyer 10 may need to provide the trusted intermediary 30 with his credit card information, his address, authorization to conduct a credit check, etc. The buyer 10 also uses this secure connection to provide the trusted intermediary 30 with a ship-to address for the transaction, which the trusted intermediary 30 stores for future use
  • the trusted intermediary 30 prepares alias information corresponding to the buyer 10 in step 105.
  • the alias information includes at least an alias name (i.e., an alias) and an alias address.
  • the alias name serves to disguise the buyer's actual identity to any parties to the transaction other than the trusted intermediary 30. Further, the alias name may serve to accurately identify the buyer 10 to the trusted intermediary 30 in all communications from other parties to the trusted intermediary 30.
  • the alias name may be a conventional name, a number, or any other type of identifying information. If the alias name is a number, then the trusted intermediary 30 can handle a large number of buyers without confusion. If the alias name is a conventional name (e.g., John Doe), however, then the alias name will be more readily compatible with the existing customer databases of most sellers.
  • the alias name may be one that has been permanently or semi-permanently assigned to the buyer 10, or it may be randomly assigned to the buyer 10 each time that a secure connection is established. If the alias name is permanently or semi-permanently assigned, this reduces the amount of alias names that will need to be generated for a large number of buyers. On the other hand, randomly assigning alias names when each secure connection is established provides for greater security.
  • the alias address is the address that will be used by the seller 20 when turning the purchased goods, services or monetary instruments over to a carrier 40 for shipment. Like the alias name, the alias address may be a number or, alternately, a conventional address (e.g., 123 Main Street, Springfield).
  • the alias address may further include a telephone number.
  • the alias address may permanently or semi-permanently assigned to the buyer 10, or it may be randomly assigned to the buyer 10 each time that a secure connection is established.
  • the alias address is a fictional address, but it may alternately be an actual address of someone other than the buyer 10.
  • the alias address may be the actual address of the trusted intermediary 30, and may even include the actual telephone number of the trusted intermediary.
  • the alias address may be the actual ship-to address if the buyer 10 is having the goods, services or monetary instruments delivered to someone else whose anonymity does not need to be protected.
  • the alias information preferably fulfills at least three functions.
  • the alias information serves to uniquely identify a particular transaction to the trusted intermediary 30.
  • the alias information may serve to notify a carrier 40 that the purchased goods, services or monetary instruments were purchased through the trusted intermediary 30.
  • the alias name and alias address are assigned so as to be able to perform all three functions alone, without any additional alias information.
  • the street name and number may uniquely identify the transaction
  • the addressee's company name e.g., MyBusinessOnly
  • the alias name may identify the buyer 10.
  • the actual address for the trusted intermediary may be employed as the alias address, thereby identifying the addressed goods, services or monetary instruments as having been purchased through the trusted intermediary 30.
  • the alias name may serve to then uniquely identify both the buyer 10 and the particular transaction.
  • the alias information may include additional information (e.g., a separate transaction number to uniquely identify the transaction) to perform the three functions described above.
  • additional information e.g., a separate transaction number to uniquely identify the transaction
  • alternate embodiments can be employed where the alias information omits either the alias name, the alias address, or both. For example, a single number may be employed to perform all three functions described above.
  • the alias information will also include alias credit data.
  • the buyer 10 can employ to purchase goods, services or monetary instruments from the seller 20 on credit, but which cannot be traced back to the buyer 10 by anyone other than the trusted intermediary 30.
  • the trusted intermediary 30 may maintain or issue a group of credit card accounts. It may then temporarily assign an account to the buyer 10 for the duration of the secure connection, or even for just a single transaction.
  • the alias credit data is the number and expiration date of the temporarily assigned credit card account. The buyer 10 can then use this credit information to make a purchase on credit, without anyone but the trusted intermediary 30 being able to trace the use of the credit card account back to the buyer 10.
  • the alias credit data may be the buyer's personal credit information disguised for the seller 20, as will be explained below. It should be noted that the buyer 10 may or may not have access to some or all of this alias information.
  • the alias information may be automatically associated with the buyer 10 in all future communications for the transaction, without the buyer 10 ever knowing the alias information.
  • some of the alias information may be disclosed to the buyer 10, while other portions of the alias information are only provided to the seller 20 without being disclosed to the buyer 10.
  • This connection is an anonymized connection, as the seller 20 does not receive any information that can identify or help identify the buyer 10. For example, if the connection is established over a network of computers, such as the Internet, then anonymization can be accomplished by a number of schemes, including the use of one or more proxy servers. Also, if information is transmitted in packets, then the regular identifying header for the packets can be deleted. If the connection is established over a telephone network, then the call signal may be modified to that it does not identify the caller. Alternately, or additionally, the call may be routed through a telephone switching connection so that the originator of the call cannot be identified.
  • the anonymized connection may be established through the trusted intermediary 30 (e.g., using a server of the trusted intermediary 30 as a proxy server), or it may be established independent of the trusted intermediary 30.
  • the buyer 10 selects the goods, services, and/or monetary instruments to be purchased from the seller 20. For example, if the buyer 10 is connected via a computer network to an online catalog maintained by the seller 20, then the buyer 10 may select various products described in the catalog for purchase. As another example, if the buyer 10 is connected to the seller 20 over a telephone network, the buyer 10 may select services for purchase by e.g., spoken commands or dialing numbers on the buyer's telephone.
  • this alias information may include alias credit data for payment on the purchase.
  • the trusted intermediary 30 may maintain or issue credit that can be temporarily used by the buyer 10. Alternately, the trusted intermediary 30 may disguise credit information for the buyer's personal credit account (e.g., by encrypting or scrambling the buyer's credit card number and expiration date).
  • the buyer 10 may anonymously pay the seller 20.
  • the seller 20 After the seller 20 has received payment for the goods, services, or monetary instruments, the seller 20 then transfers the goods, services, or monetary instruments to a carrier 40 in step 113 for delivery to the buyer 10.
  • the carrier 40 may be a parcel delivery service (e.g., the U.S. Postal Service or Federal Express). Alternately, if the buyer 10 has purchased a service, such as a singing telegram, then the seller 20 may instruct the carrier 40 may to actually perform that service. Still further, if the buyer 10 has purchased a monetary instrument, such as a stock or bond, the carrier 40 may be a broker or bank that transfers ownership in the stock or bond to the buyer 10.
  • the carrier 40 determines the ship-to address for the purchase from the trusted intermediary 30, and subsequently delivers the goods, services, or monetary instruments to the ship-to address in step 117.
  • the buyer 10 may not receive any of the alias information until after an anonymous connection with the seller 10 has been established.
  • the buyer 10 may be assigned a portion of the alias information (e.g., the alias name) before establishing the anonymous connection, and receive the remainder of the alias information only after selecting a purchase.
  • the buyer 10 may receive the alias information only after selecting a purchase. Numerous alternate combinations are possible, but they will be readily understood by those of ordinary skill in the art from this disclosure, and thus are encompassed by the scope of the invention. Particular embodiments of the invention will now be described referring to Figs. 2-7.
  • the trusted intermediary 30 acts as either a combined authorization network and credit issuer, or as the credit issuer alone.
  • a separate party acts as either or both of the authorization network and credit issuer.
  • the embodiment of the invention shown in Fig. 6 is then compatible with either type of implementation.
  • the trusted intermediary 30 supplies the buyer 10 with an anonymous payment instrument (i.e., anonymous at least with respect to the buyer 10) in the form of credit issued by or to the trusted intermediary 30.
  • Settlement between the credit issuer and the acquiring bank i.e., the bank representing the seller 20
  • the acquiring bank i.e., the bank representing the seller 20
  • settlement between the credit issuer and the acquiring bank then preferably occurs according to conventional banking practices.
  • an outside third party supplies the buyer 10 with the anonymous payment instrument used in the transaction. Accordingly, settlement of the anonymous payment instrument takes placed based upon the procedures prescribed by that outside third party.
  • the trusted intermediary 30 acts as both the authorization network and the credit issuer.
  • the trusted intermediary 30 issues credit to the buyers on a temporary or permanent basis.
  • a buyer 10 initiates a transaction by transmitting identifying information over a secure connection to the trusted intermediary 30 in data exchange 201.
  • This identifying information uniquely identifies the buyer 10 to the trusted intermediary 30. For example, if the buyer 10 has already established a permanent account with the trusted intermediary 30, then the buyer 10 may only need to provide his or her name and a prearranged password.
  • the buyer 10 may need to provide all of the information necessary to establish an account (e.g., a name, a ship-to address, credit information, a billing address, etc.).
  • the identifying information will preferably include a ship-to address for the goods, services or monetary instruments (i.e., the address to which the goods, services or monetary instruments should be delivered by the carrier 40).
  • the trusted intermediary 30 assigns alias information uniquely corresponding to the identifying information.
  • the alias information may include, for example, an alias name and an alias address.
  • the trusted intermediary 30 also temporarily assigns alias credit data, i.e., credit information for one of its credit accounts, to the buyer 10.
  • the anonymous connection may be established by, for example, allowing the buyer 10 to communicate with the seller 20 by way of a proxy address set up by the trusted intermediary 30. It should be noted that the assigned alias information may or may not be employed to establish the anonymous connection. For example, if establishing the connection does not require any identification
  • the alias information may not be employed. If establishing the connection requires identification information, however (e.g., the connection is to a website that requires the user's name to complete the login procedure), then sufficient alias information to anonymously establish the connection is conveyed to the seller 20.
  • the buyer 10 uses this anonymous connection to
  • the anonymous connection is also used, by the buyer 10, the trusted intermediary 30, or by both, to convey the alias information required to complete the transaction.
  • the trusted intermediary 30 acts as the credit issuer, so the
  • the alias credit data for one of the trusted intermediary's accounts is conveyed to the seller 20.
  • this alias information may be provided directly from the trusted intermediary 30, or it may be provided to the seller 20 through the buyer 10, or a combination of the two
  • the trusted intermediary 30 may directly provide the seller 10 with a credit card number and expiration date to use for the transaction, without disclosing this alias credit data to the buyer 10.
  • the seller 20 requests confirmation that payment will be made, based upon the trusted intermediary's credit information, from the seller's acquiring bank
  • the acquiring bank 50 asks for authorization to complete the credit charge from the trusted intermediary 30 in 01 16316
  • the alias name i.e., the alias
  • the alias address accompany the authorization request relayed from the seller 10 to the credit issuer.
  • This alias information may be conveyed with the authorization request to reduce the opportunity for fraud, but it may alternately be omitted from the authorization request.
  • the trusted intermediary 30 authorizes the charge based upon the proffered credit information. Subsequently, the seller 20 receives confirmation that payment will be made from the acquiring bank 50 in data exchange 213.
  • the seller 20 conveys the purchased goods to the carrier 40 in operation 215.
  • the alias information should preferably contain sufficient information to identify the transaction to the carrier 40 as one that was made through the trusted intermediary 30, and to uniquely identify at least the buyer 10 to the trusted intermediary. Accordingly, the seller 20 provides the carrier 40 with at least the portion of the alias information that fulfills these two functions.
  • the alias address serves to identify the goods as goods purchased through the trusted intermediary 30, while the alias name (or alias) uniquely corresponds to the buyer 10. Therefore, in this shown embodiment the seller 20 also provides the carrier 40 with the alias name and alias address in operation 215.
  • This alias information may, for example, be printed on a shipping label affixed to the purchased goods.
  • the carrier 40 Upon receiving the alias name and alias address from the seller 20 in data exchange 215, the carrier 40 forwards at least the alias name to the trusted intermediary 30 in data exchange 217.
  • the trusted intermediary 30 supplies the carrier 40 with the actual ship-to address provided by the buyer 10.
  • the carrier 40 may enter the alias name into a local computer terminal networked to the trusted intermediary 30, and have a shipping label with the ship-to address print out from a local printer in response. The new label can then be simply pasted over the previous shipping label with the alias address.
  • the trusted intermediary 30 may also supply the carrier 40 with the buyer's actual name, as shown in the figure. With this information, the carrier 40 then delivers the purchased goods, services and/or monetary instruments to the buyer 10 in operation 221.
  • the trusted intermediary 30 and carrier 40 are aware of the buyer's actual name and address.
  • the carrier 40 has only nominal information regarding the nature of the purchased goods. For example, the carrier 40 may only know if the purchased goods are perishable, flammable, explosive, fragile, etc. With the method and system according to the invention, the buyer's privacy is securely protected.
  • FIG. 3 This embodiment is similar to that of Fig. 2, but, with this embodiment, the trusted intermediary 30 employs a separate authorization network 60.
  • the buyer 10 starts the transaction by transmitting identifying information to the trusted intermediary 30 that uniquely identifies the buyer 10 in data exchange 301.
  • the trusted intermediary 30 assigns alias information uniquely corresponding to the identifying information in operation 303.
  • the alias information may include, for example, an alias name, an alias address, and alias credit data.
  • data exchange 305 at least a sufficient amount of the alias information is conveyed to the seller 20 to establish an anonymous connection between the buyer 10 and the seller 20.
  • the buyer 10 also anonymously selects a product, service or monetary instrument to purchase, and conveys relevant information relating to that purchase (e.g., required delivery date, method of shipment, etc.).
  • the trusted intermediary 30 acts as the credit issuer, so the selected purchase is made on the trusted intermediary's credit. Therefore, the trusted intermediary's credit information also is conveyed to the seller 20 in data exchange 305. Again, this information may be provided directly by the trusted intermediary 30, or it may be provided to the seller 20 through the buyer 10.
  • the seller 20 After receiving the trusted intermediary's credit information in data exchange 305, the seller 20 requests authorization to complete the charge from the seller's acquiring bank 50 in data exchange 307. In response to receiving the request for confirmation, the acquiring bank 50 forwards the request to the authorization network 60 in data exchange 309. Then, in data exchange 311, the authorization network 60 requests authorization to approve the charge from the trusted intermediary 30 (which, in this embodiment, is the credit issuer for the credit account used by the buyer 10). The trusted intermediary 30 replies with its approval for the charge in data exchange 313, and the authorization network 60 conveys this approval to the acquiring bank ,50 in data exchange 315. After receiving authorization to complete the transaction from the authorization network 60, the acquiring bank 50 then forwards the authorization to the seller 20 in data exchange 317.
  • the trusted intermediary 30 replies with its approval for the charge in data exchange 313, and the authorization network 60 conveys this approval to the acquiring bank ,50 in data exchange 315.
  • the seller 20 conveys the purchased goods to the carrier 40 in operation 319.
  • the alias address serves to indicate that the goods were purchased through the trusted intermediary 30, while the alias name uniquely corresponds to the buyer 10. Therefore, the seller 20 provides this alias information to the carrier 40 with the purchased goods in operation 319.
  • the carrier recognizes the goods as being purchased through the trusted intermediary 30, it forwards at least the alias name to the trusted intermediary 30 in data exchange 321.
  • the trusted intermediary 30 then supplies the carrier 40 with the buyer's actual name and ship-to address in data exchange 323, so that the carrier 40 can deliver the purchased goods to the buyer 10 in operation 325.
  • the trusted intermediary 30 is not a credit issuer in this embodiment. Instead, an issuing bank 70 issues the credit used by the buyer 10. As will be described in detail below, the credit can be issued to the trusted intermediary 30 or to the buyer 10.
  • the buyer 10 initially establishes a secure connection with the trusted intermediary 30 in data exchange 401, as described in detail above.
  • the trusted intermediary 30 assigns alias information, including alias credit data, for use by the buyer 10.
  • the issuing bank 70 can issue the credit to the trusted intermediary 30, or, alternately, directly to the buyer 10. If the issuing bank 70 issues the credit to the trusted intermediary 30, then the trusted intermediary 30 can allow the buyer 10 to use the credit account, as with the previous embodiments.
  • the trusted intermediary 30 then provides the buyer 10 with alias credit data including the number and expiration date for the account.
  • the trusted intermediary 30 provides alias credit data that disguises the actual credit information so that it cannot be traced back to the buyer 10 without the approval of the trusted intermediary 30.
  • the trusted intermediary 30 may generate a fake credit account number and expiration date corresponding to the buyer's actual credit account number and expiration date.
  • the fake number should still identify the issuing bank 70, but should not contain any information that can identify the buyer 10. Further, the fake number should include some indicator (e.g., an embedded code) that notifies the issuing bank it is a fake number generated by the trusted intermediary 30.
  • the issuing bank 70 When the issuing bank 70 recognizes this indicator, the issuing bank 70 will know to contact the trusted intermediary 30 to obtain the actual credit data to be used for the transaction. As will be appreciated by those of ordinary skill, this arrangement requires that one or more issuing banks cooperate with the trusted intermediary 30, and reduces the anonymity of the transaction for the buyer 10. This arrangement provides a great deal of flexibility for the buyer 10, however, while reducing the potential credit liability of the trusted intermediary 30.
  • the trusted intermediary 30 conveys at least a sufficient amount of the alias information to establish an anonymous connection between the buyer 10 and the seller 20. As with the previous embodiments, the buyer 10 also anonymously selects a purchase, and conveys any necessary information relating to that purchase.
  • the alias credit data also is conveyed to the seller 20 in data exchange 405.
  • the buyer 10 provides the alias credit data
  • other arrangements may have the alias credit data provided directly to the seller 20 by the trusted intermediary 30.
  • the seller 20 requests approval for the charge from the seller's acquiring bank 50 in data exchange 407.
  • the acquiring bank 50 then relays the request to the authorization network 60 in data exchange 409, and the authorization network 60 passes the request along to the issuing bank 70 in data exchange 411. If the alias credit data is for credit issued by the issuing bank 70 to the trusted intermediary 30, then the issuing bank 70 may approve the charge without consulting the trusted intermediary 30.
  • the issuing bank 70 requests payment approval from the trusted intermediary in data exchange 413. This prevents a previous buyer from fraudulently using alias credit data without the trusted intermediary's knowledge.
  • the trusted intermediary 30 then replies with its approval for the charge in data exchange 415.
  • the alias credit data disguises a credit account issued by the issuing bank 70 directly to the buyer 10
  • the alias credit data includes an indicator identifying itself as fake credit information. From this indicator, the issuing bank 70 then recognizes that the alias credit data disguises the information for the actual credit account, and submits some or all of the alias credit data to the trusted intermediary 30 in data exchange 413. In reply, the trusted intermediary 30 identifies the actual credit account in data exchange 415, so that the issuing bank 70 can approve the charge based upon the actual credit information.
  • the issuing bank 70 conveys its approval of the charge to the interchange network 60 in data exchange 417.
  • the authorization network 60 conveys this approval to the acquiring bank 50 in data exchange 419, which in turn forwards the authorization to the seller 20 in data exchange 421.
  • the seller 20 conveys the purchased goods to the carrier 40 in operation 423.
  • the alias address indicates that the goods were purchased through the trusted intermediary 30, while the alias name identifies the buyer 10 to the trusted intermediary.
  • the seller 20 provides this alias information to the carrier 40 with the purchased goods in operation 423, whereupon the carrier 40 forwards at least the alias name to the trusted intermediary 30 in data exchange 425.
  • the trusted intermediary 30 provides the carrier 40 with the buyer's actual name and ship-to address in data exchange 427, and the carrier 40 delivers the purchased goods to the buyer 10 at the ship-to address in operation 429.
  • Still another embodiment of the invention is shown in Fig. 5.
  • the buyer 10 has obtained an anonymous payment instrument through someone other than the trusted intermediary 30.
  • a number of variations of this type of anonymous money are currently available, and are becoming more commonly used over the Internet each day.
  • the trusted intermediary 30 assigns alias information to the buyer 10 in data exchange 503 that does not include credit information.
  • the trusted intermediary 30 may only assign the buyer 10 an alias name and alias address.
  • the buyer 10 uses the alias information to establish an anonymized connection with the seller 20 through the trusted intermediary 30.
  • the buyer 10 also selects a purchase and provides the seller with any relevant information relating to the purchase. Further, the buyer 10 provides the seller 20 with the anonymous payment instrument in data exchange 505.
  • the seller 20 After validating the use of the anonymous payment instrument, the seller 20 then conveys the purchased goods with the alias name and alias address to the carrier 40 in operation 507.
  • the carrier 40 transmits at least the alias name to the trusted intermediary 30, and receives in reply data exchange 511 the actual name and ship-to address of the buyer 10.
  • the carrier 40 then ships the purchased item to the buyer 10 in operation 513.
  • FIG. 6 Yet another embodiment of the invention is shown in Fig. 6.
  • the buyer 10 does not establish a secure connection through the trusted intermediary 30, as with the previous embodiments. Instead, the buyer 10 first obtains the alias information from the trusted intermediary 30, and then uses the alias information in a separate connection to the seller 20.
  • the buyer 10 starts the transaction by transmitting to the trusted intermediary 30, in data exchange 601, identifying information that uniquely identifies the buyer 10.
  • the trusted intermediary 30 provides alias information to the buyer 10 in data exchange 603.
  • the alias information preferably includes an alias name and alias address.
  • the embodiment shown in Fig. 6 may employ any of the credit arrangements of the previous embodiment. Accordingly, the alias information may also include alias credit data, corresponding to credit issued by or to the trusted intermediary 30, or to credit issued to the buyer 10.
  • the buyer 10 uses the alias information to establish an independent anonymous connection between with seller 20, without going through the trusted intermediary 30.
  • the buyer 10 then uses the anonymous connection to select goods, services, or monetary instruments for purchase and pay for the purchase. Approval of the credit purchase is then performed according to the previous embodiments. Similarly, the goods, services or monetary instruments can be delivered through a carrier in the same manner as the previous embodiments.
  • the exchange of information in this embodiment may occur in any order.
  • the alias information may be provided after the buyer 10 has established the anonymous connection with the seller 20.
  • a portion of the alias information may be transmitted to the buyer 10 before the buyer 10 establishes the anonymous connection with the seller 20, and the remaining portion transmitted after the anonymous connection has been established.
  • the specific order of steps described above is provided only to facilitate an understanding of this embodiment of the invention, and is not intended to be limiting.
  • the trusted intermediary 30 has partnered with a number of issuing banks, I l9 1 2 , 1 3 ,... IN, each of which has issued (or will issue) credit to or on behalf of the trusted intermediary 30.
  • the credit may be issued to the trusted intermediary 30, or simply provided for the trusted intermediary's use (to allocate to the buyer 10) at the request of the trusted intermediary 30.
  • at least one of the issuing banks also has issued credit to the buyer 10.
  • the buyer 10 first establishes a secure connection with the trusted intermediary 30 in data exchange 701.
  • the buyer 10 provides proof of a previously established account with the trusted intermediary 30, or with sufficient information to establish an account with the trusted intermediary 30.
  • the buyer 10 indicates his or her desire to use a personal credit account issued by one of the issuing banks, (i.e., issuing bank 70).
  • the buyer's desire to use the personal credit issued by issuing bank 70 may alternately be conveyed before or after the buyer 10 establishes the secure connection in data exchange 701 (e.g., when the buyer 10 initially establishes an account with the trusted intermediary 30).
  • the trusted intermediary assigns alias information for use by the buyer 10.
  • the alias information preferably includes an alias name and alias address that together uniquely identify the buyer 10 to the trusted intermediary 30, identify the particular transaction to be conducted using the alias information, and identify the transaction to the carrier 40 as one that was made through the trusted intermediary 30. Additionally, the alias information also includes alias credit data.
  • the alias credit data in this embodiment is for credit issued to the trusted intermediary 30 by one of the issuing banks Ii, I 2 , 1 3 ,... I N -
  • the trusted intermediary 30 specifically selects the alias credit data to ensure that it is for credit that was not issued by issuing bank 70 (i.e., the bank issuing credit to buyer 10).
  • the trusted intermediary 30 provides the buyer 10 with alias credit data for the credit issued by issuing bank 80.
  • the issuing bank 80 may be chosen according to an algorithm that randomly selects from among the partnered issuing banks l 2 , 1 3 ,... I N , but which does not select issuing bank 70.
  • the buyer 10 may provide the buyer 10 with alias credit data for the credit issued by issuing bank 70, however, for convenience.
  • data exchange 705 the buyer 10 establishes an anonymous connection with the seller 20 through the trusted intermediary 30.
  • the buyer 10 uses data exchange 705 to also anonymously select a purchase, convey any necessary information relating to that purchase credit information, and convey the necessary alias information (including the alias credit data) necessary to make the purchase.
  • the buyer 10 may provide some or all of the alias information directly, or the trusted intermediary 30 may provide some or
  • the seller 20 After receiving the alias credit data, the seller 20 requests approval for the charge from the seller's acquiring bank 50 in data exchange 707.
  • the acquiring bank 50 in turn relays the request for authorization to the authorization network 60 in data exchange 709.
  • the authorization network 60 passes the request along to the issuing bank 80, which issued
  • the issuing bank 80 then submits the request for approval of the charge to the trusted intermediary 30 in data exchange 713.
  • the trusted intermediary 30 Upon receiving the request for charge authorization from the issuing bank 80, the trusted intermediary 30 makes a corresponding charge to the buyer's personal credit issued by issuing
  • the trusted intermediary 30 may make a charge to the buyer's credit (issued by issuing bank 70) equivalent to or a percentage of the charge made by the seller 20 to the trusted intermediary's credit (issued by issuing bank 80). To do this, the trusted intermediary 30 requests authorization to make the corresponding charge from the authorization network 60 in data exchange 715. The authorization network 60 passes this request along to issuing bank 70 in
  • the issuing bank 70 approves the charge, and transmits approval to the authorization network in data exchange 719.
  • the authorization network 60 then relays the authorization to the trusted intermediary 30 in data exchange 721.
  • the trusted intermediary 30 When the trusted intermediary 30 receives confirmation that the issuing bank 70 has authorized the corresponding charge to the buyer's credit, the trusted intermediary 30 authorizes
  • the seller 20 subsequently conveys the purchased goods with the alias name and alias address to the carrier 40 in operation 731.
  • the carrier 40 recognizes that the goods were obtained through a transaction involving the trusted intermediary 30, and accordingly transmits at least the alias name to the trusted intermediary 30 in data exchange 733.
  • the trusted intermediary 30 replies in data exchange 735 with the actual name and ship-to address of the buyer 10.
  • the carrier 40 then ships the purchased item to the buyer 10 in operation 737.
  • the trusted intermediary 30 can postpone authorizing charges to its credit until it has received authorization to make a corresponding charge to the buyer's credit, the trusted intermediary 30 can minimize its risk in extending its own credit on behalf of the buyer 10. Further, if the buyer .10 is assigned alias credit that is issued by a bank different from that issuing the buyer's credit, then the buyer's issuing bank cannot discover the nature of the goods, services, or monetary instruments purchased by the buyer 10. In this way, the buyer's privacy is more securely protected.
  • various embodiments of the invention may be arranged so that the seller 20 is able to recognize when a transaction is occurring through the trusted intermediary 30, while other embodiments may be arranged so that the seller 20 cannot recognize when a transaction is occurring through the trusted intermediary 30.
  • the trusted intermediary 30 may employ extremely efficient alias information, such as a single number, to uniquely identify the buyer's name, the ship-to-address, and even the alias credit data.
  • alias information such as a single number
  • the alias information is preferably in a form that can be readily used by the seller 20 (e.g., an alias name that resembles a conventional name, an alias address that resembles a conventional address, and alias credit data that resembles conventional credit card information).
  • shipment of the goods to the buyer 10 is the final step.
  • additional steps e.g., a follow-up survey, catalog mailings, etc.
  • the process of exchanging a portion of the alias information i.e., the alias address
  • the ship-to address identifies a recipient other than the buyer 10.
  • the buyer 10 may wish to anonymously have a purchased gift shipped to a university or foundation.
  • the alias address may be the same as the ship-to address.
  • the carrier 40 would not then need to obtain a new ship-to address from the trusted intermediary 30.
  • alias information may be provided to the buyer 10 (or on behalf of the buyer 10) after the buyer 10 has established an anonymous connection with the seller 20, or even after the buyer 10 has selected a purchase.
  • some or all of the information exchanged between the buyer 10 and the seller 20 e.g., the nature afid/or price of each purchased item
  • the trusted intermediary 30 may be unaware of the characteristics of the particular goods, services or monetary instruments purchased by the buyer 10.
  • the trusted intermediary 30 may optionally provide authorization for any charges prior to or without receiving a formal request to authorize the charges. In other embodiments, the trusted intermediary 30 may postpone obtaining the ship-to address from the buyer 10 until after the ship-to address has been requested from the carrier 40.
  • the trusted intermediary 30 has a communications interface 801 for establishing the secure connection with the buyer 10, establishing the anonymous connection with the seller 20, and for receiving requests to authorize credit charges from issuing banks or authorization networks.
  • the communications interface 801 may be a single computer or a network of computers arranged to interface with a larger computer network, such as the Internet.
  • the trusted intermediary 30 also includes a database 803. The database may be arranged to store, for example, credit information for credit issued to or by the trusted intermediary 30, information relating to buyers (e.g., credit status, past purchases or charges, correspondence between alias information and buyers' names and ship-to information, etc.).
  • the database 803 may be embodied by one or more computers equipped with a mass storage device. As discussed above, in some embodiments of the invention the database 803 may also be set up to accept commands from a buyer 10 to delete information relating to one or more transactions by the buyer 10. This feature can provide even greater security for the buyer's anonyminity.
  • the trusted intermediary 30 includes a control unit 805 for controlling the operation of the communications interface 801 and the database 803.
  • a communication bus 807 then interconnects the communications interface 801, the database 803 and the control unit 805.
  • each of the control unit 805, the database 803 and the communications interface 801 may be divided into two or more units.

Abstract

A method and system for anonymous financial transactions. A trusted intermediary (30) receives identifier information from a buyer (10) and creates alias information based on the identifier. The buyer then conducts a transaction with a seller (20) using the alias information.

Description

A System And Method For Conducting
Anonymous Transactions Between Two Parties
At A Distance Using A Trusted Intermediary
5
Field Of The Invention The invention relates to a method and system for allowing two parties to conduct a transaction while keeping the identity of at least one of the parties secret from the other party.
[0 Background Of The Invention
In the physical world, privacy is lost in commercial transactions if the buyer pays by instruments that can uniquely identify him or her, or if the buyer has a purchased product shipped to his or her actual address including his or her actual name. With electronic commerce, there are additional opportunities for privacy loss. Through various authorized and unauthorized
.5 means, communications service providers, vendors, marketers, hackers and others routinely collect identifying, demographic and behavioral information about individuals that use communications networks. This information may be collected whether a user is actually involved in a commercial transaction, or just simply using the communications network. Accordingly, it would be desirable to have a method and system for conducting a transaction that
10 securely protects the privacy of at least the buyer in a transaction, particularly in transactions conducted over electronic communications networks.
Summary Of The Invention To address this loss of privacy, the present invention provides a new method and system ^5 for privately conducting transactions. The method and system of the invention allow the buyer to conduct a remote commercial transaction in such a way that no party to the transaction, except for the buyer and a trusted intermediary, has full knowledge of the transaction. According to the invention, no party to the transaction, except for the buyer, the trusted intermediary, and a carrier has any of the buyer's identifying information. Further, the carrier only has, at most, the buyer's >0 name and ship-to address to which the purchased goods are to be shipped. The carrier does not even possess detailed knowledge of the goods being shipped. Moreover, according to the method of the invention, the carrier will have agreed not to provide the buyer's name and ship-to address to any other party, regardless of whether that party is involved in the transaction. Additionally, as soon as the transaction is fully completed, the buyer has the option of deleting any record of the transaction possessed by the trusted intermediary. This ensures that the buyer is the only party to the transaction to retain a full knowledge of the transaction.
Brief Description Of The Drawings Fig. 1 is a flow chart showing a general method of conducting a transaction according to the invention. Fig. 2 is a block diagram illustrating a system and method for conducting a transaction according to one embodiment of the invention.
Fig. 3 is a block diagram illustrating a system and method for conducting a transaction according to another embodiment of the invention.
Fig. 4 is a block diagram illustrating a system and method for conducting a transaction according to yet another embodiment of the invention.
Fig..5 is a block diagram illustrating a system and method for conducting a transaction according to still another embodiment of the invention.
Fig. 6 is a block diagram illustrating a system and method for conducting a transaction according to yet another embodiment of the invention. Fig. 7 is a block diagram showing a system and method for conducting a transaction according to still yet another embodiment of the invention.
Fig. 8 is a block diagram illustrating a trusted intermediary according to one embodiment of the invention.
Detailed Description Of The Preferred Embodiments
Various embodiments of the invention will now be described with reference to the attached drawings. In order to facilitate understanding of this description, however, a brief definition of terms is provided immediately below.
Buyer : Any party purchasing a product or service remotely via a communications system, such as, for example, a communications network like the Internet, a telephone system, or a mail or parcel delivery system. Seller: Any party supplying a product or service to a buyer.
Carrier: Any party charged with delivering physical goods from a seller to a buyer, or any party acting as a clearinghouse for a party charged with deliver physical goods from a seller to a buyer. Authorization Network: Any organization that maintains or manages credit providing services, including, but not limited to, the services of routing requests to authorize a charge from an acquiring bank to an issuing bank, setting forth regulations for issuing credit, and setting forth protocols for authorizing credit charges.
Credit Issuer: Any party issuing credit to another party by itself or in conjunction with an authorization network.
Transaction: An exchange of goods, services, and/or monetary instruments between a buyer and a seller that may involve one or more other parties. A transaction may include, but is not limited to, selection of goods, services and/or monetary instruments by a buyer, payment for the goods, services and/or monetary instruments, and delivery of the goods, services and/or monetary instruments .
Trusted Intermediary (T.I.): Any party serving as a proxy for a buyer in a transaction in order to ensure the buyer's anonyminity to at least the seller.
Communications Provider: Any party providing access to a communications system over which a transaction may be conducted, including, but not limited to, network service providers such as Internet service providers, telephone service providers, and parcel delivery service providers.
Identifying Information: Any information that may identify or assist in identifying a party, including, but not limited to, names, social security numbers, driver's license numbers, US military identification numbers, Veteran's Administration identification numbers, medical insurance numbers, passport numbers, credit card numbers, addresses, telephone numbers, and e- mail addresses.
Secure Connection: Any communication connection that carries communications which are relatively secure from interception by a party other than the intended recipient (e.g., an encrypted connection, a connection carried over a dedicated line, a connection that divides communications into separate packets for delivery along different routes, etc.). Anonymized Connection: Any .communication connection carried through a communications provider that prevents identifying information for the originator of the communication from becoming known to the end recipient of the communication.
Acquiring Bank: a bank that settles accounts for a transaction on behalf of a seller. Anonymous Payment Instrument (A.P.I.): Any data accepted by the seller and/or the seller's acquiring bank as payment for goods, services and/or monetary instruments that the seller cannot trace back to the buyer.
Alias Credit Data: Credit information, such as, for example, a credit card number and expiration date, accepted by a seller for payment by credit, that is capable of identifying the buyer in a transaction to only the trusted intermediary, and to no other party involved in the transaction. Alias credit data is one particular example of an A.P.I.
Alias Information: Any information capable of identifying at least the buyer in a transaction and the transaction itself to a trusted intermediary, but to no other party involved in the transaction. Ship-to Address: Any address to which a buyer wishes goods, services and/or monetary instruments obtained in a transaction to be delivered to.
Alias Address: Any address, other than a ship-to address, that is provided to a seller by either a buyer or trusted intermediary.
General methods of conducting a transaction according to the invention will now be described with particular reference to the flow chart shown in Fig. 1. As seen in this figure, a transaction begins in step 101 when a buyer 10 initiates a secure connection with the trusted intermediary. Next, in step 103, the trusted intermediary 30 identifies and authenticates the identity of the buyer 10. The identification may be accomplished a number of ways, depending upon the relationship between the buyer 10 and trusted intermediary 30. For example, if the buyer 10 has already established an account with the trusted intermediary 30, then the buyer 10 may need only to provide the trusted intermediary 30 with a previously agreed upon login name and password, or with a previously agreed upon set of keywords. Alternately, if the buyer 10 has not previously established an account with the trusted intermediary 30, then the buyer 10 may need to provide the trusted intermediary 30 with sufficient information necessary to establish an account. For example, the buyer 10 may need to provide the trusted intermediary 30 with his credit card information, his address, authorization to conduct a credit check, etc. The buyer 10 also uses this secure connection to provide the trusted intermediary 30 with a ship-to address for the transaction, which the trusted intermediary 30 stores for future use
Once the buyer 10 has established some type of account with the trusted intermediary 30, then the trusted intermediary 30 prepares alias information corresponding to the buyer 10 in step 105. Preferably, the alias information includes at least an alias name (i.e., an alias) and an alias address.
The alias name (or alias) serves to disguise the buyer's actual identity to any parties to the transaction other than the trusted intermediary 30. Further, the alias name may serve to accurately identify the buyer 10 to the trusted intermediary 30 in all communications from other parties to the trusted intermediary 30. The alias name may be a conventional name, a number, or any other type of identifying information. If the alias name is a number, then the trusted intermediary 30 can handle a large number of buyers without confusion. If the alias name is a conventional name (e.g., John Doe), however, then the alias name will be more readily compatible with the existing customer databases of most sellers. The alias name may be one that has been permanently or semi-permanently assigned to the buyer 10, or it may be randomly assigned to the buyer 10 each time that a secure connection is established. If the alias name is permanently or semi-permanently assigned, this reduces the amount of alias names that will need to be generated for a large number of buyers. On the other hand, randomly assigning alias names when each secure connection is established provides for greater security. The alias address is the address that will be used by the seller 20 when turning the purchased goods, services or monetary instruments over to a carrier 40 for shipment. Like the alias name, the alias address may be a number or, alternately, a conventional address (e.g., 123 Main Street, Springfield). The alias address may further include a telephone number. Also, the alias address may permanently or semi-permanently assigned to the buyer 10, or it may be randomly assigned to the buyer 10 each time that a secure connection is established. Preferably, the alias address is a fictional address, but it may alternately be an actual address of someone other than the buyer 10. For example, the alias address may be the actual address of the trusted intermediary 30, and may even include the actual telephone number of the trusted intermediary. Also, the alias address may be the actual ship-to address if the buyer 10 is having the goods, services or monetary instruments delivered to someone else whose anonymity does not need to be protected. The alias information preferably fulfills at least three functions. First, it serves to accurately identify the buyer 10 to the trusted intermediary 30 in all communications from other parties to the trusted intermediary 30, while disguising the actual identity of the buyer 10 to anyone other than the trusted intermediary 30. Second, the alias information serves to uniquely identify a particular transaction to the trusted intermediary 30. Third (as will be explained in further detail below), the alias information may serve to notify a carrier 40 that the purchased goods, services or monetary instruments were purchased through the trusted intermediary 30. Preferably, the alias name and alias address are assigned so as to be able to perform all three functions alone, without any additional alias information. For example, if the alias address is generated in the form of a conventional address, then the street name and number may uniquely identify the transaction, the addressee's company name (e.g., MyBusinessOnly) may identify the addressed goods, services or monetary instruments as having been purchased through the trusted intermediary 30, while the alias name may identify the buyer 10. Alternately, the actual address for the trusted intermediary may be employed as the alias address, thereby identifying the addressed goods, services or monetary instruments as having been purchased through the trusted intermediary 30. The alias name may serve to then uniquely identify both the buyer 10 and the particular transaction.
As will be known to those of ordinary skill in the art, a variety of schemes for generating the alias name and alias address may be employed to fulfill at least the three functions described above. Still further, the alias information may include additional information (e.g., a separate transaction number to uniquely identify the transaction) to perform the three functions described above. Moreover, alternate embodiments can be employed where the alias information omits either the alias name, the alias address, or both. For example, a single number may be employed to perform all three functions described above. For some embodiments of the invention, the alias information will also include alias credit data. This is information that the buyer 10 can employ to purchase goods, services or monetary instruments from the seller 20 on credit, but which cannot be traced back to the buyer 10 by anyone other than the trusted intermediary 30. For example, the trusted intermediary 30 may maintain or issue a group of credit card accounts. It may then temporarily assign an account to the buyer 10 for the duration of the secure connection, or even for just a single transaction. With this arrangement, the alias credit data is the number and expiration date of the temporarily assigned credit card account. The buyer 10 can then use this credit information to make a purchase on credit, without anyone but the trusted intermediary 30 being able to trace the use of the credit card account back to the buyer 10. Alternately, the alias credit data may be the buyer's personal credit information disguised for the seller 20, as will be explained below. It should be noted that the buyer 10 may or may not have access to some or all of this alias information. For example, the alias information may be automatically associated with the buyer 10 in all future communications for the transaction, without the buyer 10 ever knowing the alias information. Alternately, some of the alias information may be disclosed to the buyer 10, while other portions of the alias information are only provided to the seller 20 without being disclosed to the buyer 10. For example, it may be useful for the buyer 10 to have the alias name and alias address in case a purchase needs to be returned, while the alias credit data can still be provided directly to the seller 20. Still further, all of the alias information may be disclosed to the buyer 10.
Referring back to the flowchart, the buyer 10 connects to the seller 20 in step 107. This connection is an anonymized connection, as the seller 20 does not receive any information that can identify or help identify the buyer 10. For example, if the connection is established over a network of computers, such as the Internet, then anonymization can be accomplished by a number of schemes, including the use of one or more proxy servers. Also, if information is transmitted in packets, then the regular identifying header for the packets can be deleted. If the connection is established over a telephone network, then the call signal may be modified to that it does not identify the caller. Alternately, or additionally, the call may be routed through a telephone switching connection so that the originator of the call cannot be identified. Those of ordinary skill in the art know a variety of schemes for anonymizing a communication connection that may be employed as appropriate. The anonymized connection may be established through the trusted intermediary 30 (e.g., using a server of the trusted intermediary 30 as a proxy server), or it may be established independent of the trusted intermediary 30.
Next, in step 109, the buyer 10 selects the goods, services, and/or monetary instruments to be purchased from the seller 20. For example, if the buyer 10 is connected via a computer network to an online catalog maintained by the seller 20, then the buyer 10 may select various products described in the catalog for purchase. As another example, if the buyer 10 is connected to the seller 20 over a telephone network, the buyer 10 may select services for purchase by e.g., spoken commands or dialing numbers on the buyer's telephone.
Once the buyer 10 has selected the goods, services or monetary instruments to be purchased, then the alias information is provided to the seller 20 in step 111. For some embodiments of the invention, this alias information may include alias credit data for payment on the purchase. For example, as previously noted, the trusted intermediary 30 may maintain or issue credit that can be temporarily used by the buyer 10. Alternately, the trusted intermediary 30 may disguise credit information for the buyer's personal credit account (e.g., by encrypting or scrambling the buyer's credit card number and expiration date). Various schemes for the buyer 10 to anonymously pay the seller 20 will be described in detail below.
After the seller 20 has received payment for the goods, services, or monetary instruments, the seller 20 then transfers the goods, services, or monetary instruments to a carrier 40 in step 113 for delivery to the buyer 10. For example, if the buyer 10 has purchased tangible goods, such as wine, then the carrier 40 may be a parcel delivery service (e.g., the U.S. Postal Service or Federal Express). Alternately, if the buyer 10 has purchased a service, such as a singing telegram, then the seller 20 may instruct the carrier 40 may to actually perform that service. Still further, if the buyer 10 has purchased a monetary instrument, such as a stock or bond, the carrier 40 may be a broker or bank that transfers ownership in the stock or bond to the buyer 10. In step 115, the carrier 40 determines the ship-to address for the purchase from the trusted intermediary 30, and subsequently delivers the goods, services, or monetary instruments to the ship-to address in step 117.
Those of ordinary skill in the art will appreciate that the various steps of the invention do not need to be performed in the order described above. For example, the buyer 10 may not receive any of the alias information until after an anonymous connection with the seller 10 has been established. Alternately, the buyer 10 may be assigned a portion of the alias information (e.g., the alias name) before establishing the anonymous connection, and receive the remainder of the alias information only after selecting a purchase. Still further, the buyer 10 may receive the alias information only after selecting a purchase. Numerous alternate combinations are possible, but they will be readily understood by those of ordinary skill in the art from this disclosure, and thus are encompassed by the scope of the invention. Particular embodiments of the invention will now be described referring to Figs. 2-7. In the embodiments illustrated in Figs. 2 and 3, the trusted intermediary 30 acts as either a combined authorization network and credit issuer, or as the credit issuer alone. In the embodiments shown in Figs. 3, 4 and 7, a separate party acts as either or both of the authorization network and credit issuer. The embodiment of the invention shown in Fig. 6 is then compatible with either type of implementation.
In the embodiments of Figs. 2, 3, 4, 6 and 7, the trusted intermediary 30 supplies the buyer 10 with an anonymous payment instrument (i.e., anonymous at least with respect to the buyer 10) in the form of credit issued by or to the trusted intermediary 30. Settlement between the credit issuer and the acquiring bank (i.e., the bank representing the seller 20) then preferably occurs according to conventional banking practices. As these procedures are well know to those of ordinary skill in the art and thus can be readily implemented without explanation, they are not specifically shown in the drawings. With regard to the embodiment shown in Fig. 5, an outside third party supplies the buyer 10 with the anonymous payment instrument used in the transaction. Accordingly, settlement of the anonymous payment instrument takes placed based upon the procedures prescribed by that outside third party.
Turning now to the embodiment of Fig. 2, the trusted intermediary 30 acts as both the authorization network and the credit issuer. Thus, the trusted intermediary 30 issues credit to the buyers on a temporary or permanent basis. A buyer 10 initiates a transaction by transmitting identifying information over a secure connection to the trusted intermediary 30 in data exchange 201. This identifying information uniquely identifies the buyer 10 to the trusted intermediary 30. For example, if the buyer 10 has already established a permanent account with the trusted intermediary 30, then the buyer 10 may only need to provide his or her name and a prearranged password. Alternately, if the buyer 10 has not already established a permanent account with the trusted intermediary 30, then the buyer 10 may need to provide all of the information necessary to establish an account (e.g., a name, a ship-to address, credit information, a billing address, etc.). In addition, the identifying information will preferably include a ship-to address for the goods, services or monetary instruments (i.e., the address to which the goods, services or monetary instruments should be delivered by the carrier 40). In operation 203, the trusted intermediary 30 assigns alias information uniquely corresponding to the identifying information. As discussed above, the alias information may include, for example, an alias name and an alias address. The trusted intermediary 30 also temporarily assigns alias credit data, i.e., credit information for one of its credit accounts, to the buyer 10.
Next, in data exchange 205, the buyer 10 establishes an anonymous connection with the
5 seller 20 through the trusted intermediary 30. As previously discussed, the anonymous connection may be established by, for example, allowing the buyer 10 to communicate with the seller 20 by way of a proxy address set up by the trusted intermediary 30. It should be noted that the assigned alias information may or may not be employed to establish the anonymous connection. For example, if establishing the connection does not require any identification
10 information, then the alias information may not be employed. If establishing the connection requires identification information, however (e.g., the connection is to a website that requires the user's name to complete the login procedure), then sufficient alias information to anonymously establish the connection is conveyed to the seller 20.
As described in detail above, the buyer 10 uses this anonymous connection to
.5 anonymously select a product, service or monetary instrument for purchase, and to convey relevant information relating to that purchase (e.g., required delivery date, method of shipment, etc.). The anonymous connection is also used, by the buyer 10, the trusted intermediary 30, or by both, to convey the alias information required to complete the transaction.
With this embodiment, the trusted intermediary 30 acts as the credit issuer, so the
'0 selected purchase is made using one of the trusted intermediary's credit accounts. Therefore, in data exchange 205, after the buyer 10 has conveyed a request to make a purchase to seller 20, the alias credit data for one of the trusted intermediary's accounts is conveyed to the seller 20. As previously noted, this alias information may be provided directly from the trusted intermediary 30, or it may be provided to the seller 20 through the buyer 10, or a combination of the two
'5 arrangements. For example, when the buyer 10 selects a purchase, the trusted intermediary 30 may directly provide the seller 10 with a credit card number and expiration date to use for the transaction, without disclosing this alias credit data to the buyer 10.
Next, in data exchange 207, the seller 20 requests confirmation that payment will be made, based upon the trusted intermediary's credit information, from the seller's acquiring bank
10 50. Because the trusted intermediary 30 is acting as its own authorization network, the acquiring bank 50 asks for authorization to complete the credit charge from the trusted intermediary 30 in 01 16316
data exchange 209. As shown in Fig. 2 (and in subsequent Figs. 3, 4, 6, and 7), the alias name (i.e., the alias) and the alias address accompany the authorization request relayed from the seller 10 to the credit issuer. This alias information may be conveyed with the authorization request to reduce the opportunity for fraud, but it may alternately be omitted from the authorization request. In data exchange 211 , the trusted intermediary 30 authorizes the charge based upon the proffered credit information. Subsequently, the seller 20 receives confirmation that payment will be made from the acquiring bank 50 in data exchange 213.
Once the seller 20 receives authorization to complete the charge, the seller 20 conveys the purchased goods to the carrier 40 in operation 215. As explained in detail above, the alias information should preferably contain sufficient information to identify the transaction to the carrier 40 as one that was made through the trusted intermediary 30, and to uniquely identify at least the buyer 10 to the trusted intermediary. Accordingly, the seller 20 provides the carrier 40 with at least the portion of the alias information that fulfills these two functions. In the particular illustrated embodiment, the alias address serves to identify the goods as goods purchased through the trusted intermediary 30, while the alias name (or alias) uniquely corresponds to the buyer 10. Therefore, in this shown embodiment the seller 20 also provides the carrier 40 with the alias name and alias address in operation 215. This alias information may, for example, be printed on a shipping label affixed to the purchased goods.
Upon receiving the alias name and alias address from the seller 20 in data exchange 215, the carrier 40 forwards at least the alias name to the trusted intermediary 30 in data exchange 217. In reply data exchange 219, the trusted intermediary 30 supplies the carrier 40 with the actual ship-to address provided by the buyer 10. For example, the carrier 40 may enter the alias name into a local computer terminal networked to the trusted intermediary 30, and have a shipping label with the ship-to address print out from a local printer in response. The new label can then be simply pasted over the previous shipping label with the alias address. The trusted intermediary 30 may also supply the carrier 40 with the buyer's actual name, as shown in the figure. With this information, the carrier 40 then delivers the purchased goods, services and/or monetary instruments to the buyer 10 in operation 221.
Thus, according to the method and system of the invention, only the trusted intermediary 30 and carrier 40 are aware of the buyer's actual name and address. Moreover, the carrier 40 has only nominal information regarding the nature of the purchased goods. For example, the carrier 40 may only know if the purchased goods are perishable, flammable, explosive, fragile, etc. With the method and system according to the invention, the buyer's privacy is securely protected.
Another embodiment of the invention will now be described with reference to Fig. 3. This embodiment is similar to that of Fig. 2, but, with this embodiment, the trusted intermediary 30 employs a separate authorization network 60.
As with the previous embodiment, the buyer 10 starts the transaction by transmitting identifying information to the trusted intermediary 30 that uniquely identifies the buyer 10 in data exchange 301. The trusted intermediary 30 then assigns alias information uniquely corresponding to the identifying information in operation 303. As before, the alias information may include, for example, an alias name, an alias address, and alias credit data. Next, in data exchange 305, at least a sufficient amount of the alias information is conveyed to the seller 20 to establish an anonymous connection between the buyer 10 and the seller 20. In data exchange 305, the buyer 10 also anonymously selects a product, service or monetary instrument to purchase, and conveys relevant information relating to that purchase (e.g., required delivery date, method of shipment, etc.).
The trusted intermediary 30 acts as the credit issuer, so the selected purchase is made on the trusted intermediary's credit. Therefore, the trusted intermediary's credit information also is conveyed to the seller 20 in data exchange 305. Again, this information may be provided directly by the trusted intermediary 30, or it may be provided to the seller 20 through the buyer 10.
After receiving the trusted intermediary's credit information in data exchange 305, the seller 20 requests authorization to complete the charge from the seller's acquiring bank 50 in data exchange 307. In response to receiving the request for confirmation, the acquiring bank 50 forwards the request to the authorization network 60 in data exchange 309. Then, in data exchange 311, the authorization network 60 requests authorization to approve the charge from the trusted intermediary 30 (which, in this embodiment, is the credit issuer for the credit account used by the buyer 10). The trusted intermediary 30 replies with its approval for the charge in data exchange 313, and the authorization network 60 conveys this approval to the acquiring bank ,50 in data exchange 315. After receiving authorization to complete the transaction from the authorization network 60, the acquiring bank 50 then forwards the authorization to the seller 20 in data exchange 317.
Once the seller 20 receives confirmation that the charge will be paid, the seller 20 conveys the purchased goods to the carrier 40 in operation 319. As with the previous embodiment, the alias address serves to indicate that the goods were purchased through the trusted intermediary 30, while the alias name uniquely corresponds to the buyer 10. Therefore, the seller 20 provides this alias information to the carrier 40 with the purchased goods in operation 319. When the carrier recognizes the goods as being purchased through the trusted intermediary 30, it forwards at least the alias name to the trusted intermediary 30 in data exchange 321. The trusted intermediary 30 then supplies the carrier 40 with the buyer's actual name and ship-to address in data exchange 323, so that the carrier 40 can deliver the purchased goods to the buyer 10 in operation 325.
Yet another embodiment of the invention is shown in Fig. 4. Unlike the previous embodiment, the trusted intermediary 30 is not a credit issuer in this embodiment. Instead, an issuing bank 70 issues the credit used by the buyer 10. As will be described in detail below, the credit can be issued to the trusted intermediary 30 or to the buyer 10.
Again, the buyer 10 initially establishes a secure connection with the trusted intermediary 30 in data exchange 401, as described in detail above. Next, in data exchange 403, the trusted intermediary 30 assigns alias information, including alias credit data, for use by the buyer 10. As noted above, with this embodiment, the issuing bank 70 can issue the credit to the trusted intermediary 30, or, alternately, directly to the buyer 10. If the issuing bank 70 issues the credit to the trusted intermediary 30, then the trusted intermediary 30 can allow the buyer 10 to use the credit account, as with the previous embodiments. The trusted intermediary 30 then provides the buyer 10 with alias credit data including the number and expiration date for the account.
If, on the other hand, the issuing bank 70 issues the credit account directly to the buyer 10, then the trusted intermediary 30 provides alias credit data that disguises the actual credit information so that it cannot be traced back to the buyer 10 without the approval of the trusted intermediary 30. For example, the trusted intermediary 30 may generate a fake credit account number and expiration date corresponding to the buyer's actual credit account number and expiration date. The fake number should still identify the issuing bank 70, but should not contain any information that can identify the buyer 10. Further, the fake number should include some indicator (e.g., an embedded code) that notifies the issuing bank it is a fake number generated by the trusted intermediary 30. When the issuing bank 70 recognizes this indicator, the issuing bank 70 will know to contact the trusted intermediary 30 to obtain the actual credit data to be used for the transaction. As will be appreciated by those of ordinary skill, this arrangement requires that one or more issuing banks cooperate with the trusted intermediary 30, and reduces the anonymity of the transaction for the buyer 10. This arrangement provides a great deal of flexibility for the buyer 10, however, while reducing the potential credit liability of the trusted intermediary 30. Next, in data exchange 405, the trusted intermediary 30 conveys at least a sufficient amount of the alias information to establish an anonymous connection between the buyer 10 and the seller 20. As with the previous embodiments, the buyer 10 also anonymously selects a purchase, and conveys any necessary information relating to that purchase. The alias credit data also is conveyed to the seller 20 in data exchange 405. As with the previous embodiments, for some arrangements the buyer 10 provides the alias credit data, while other arrangements may have the alias credit data provided directly to the seller 20 by the trusted intermediary 30. In response to receiving the alias credit data, the seller 20 requests approval for the charge from the seller's acquiring bank 50 in data exchange 407. The acquiring bank 50 then relays the request to the authorization network 60 in data exchange 409, and the authorization network 60 passes the request along to the issuing bank 70 in data exchange 411. If the alias credit data is for credit issued by the issuing bank 70 to the trusted intermediary 30, then the issuing bank 70 may approve the charge without consulting the trusted intermediary 30. Preferably, however, the issuing bank 70 requests payment approval from the trusted intermediary in data exchange 413. This prevents a previous buyer from fraudulently using alias credit data without the trusted intermediary's knowledge. The trusted intermediary 30 then replies with its approval for the charge in data exchange 415.
If, on the other hand, the alias credit data disguises a credit account issued by the issuing bank 70 directly to the buyer 10, then the alias credit data includes an indicator identifying itself as fake credit information. From this indicator, the issuing bank 70 then recognizes that the alias credit data disguises the information for the actual credit account, and submits some or all of the alias credit data to the trusted intermediary 30 in data exchange 413. In reply, the trusted intermediary 30 identifies the actual credit account in data exchange 415, so that the issuing bank 70 can approve the charge based upon the actual credit information.
In either arrangement, the issuing bank 70 conveys its approval of the charge to the interchange network 60 in data exchange 417. As with the previous embodiments, the authorization network 60 conveys this approval to the acquiring bank 50 in data exchange 419, which in turn forwards the authorization to the seller 20 in data exchange 421.
Once the seller 20 receives authorization to make the charge, the seller 20 conveys the purchased goods to the carrier 40 in operation 423. As before, the alias address indicates that the goods were purchased through the trusted intermediary 30, while the alias name identifies the buyer 10 to the trusted intermediary. The seller 20 provides this alias information to the carrier 40 with the purchased goods in operation 423, whereupon the carrier 40 forwards at least the alias name to the trusted intermediary 30 in data exchange 425. In response, the trusted intermediary 30 provides the carrier 40 with the buyer's actual name and ship-to address in data exchange 427, and the carrier 40 delivers the purchased goods to the buyer 10 at the ship-to address in operation 429.
Still another embodiment of the invention is shown in Fig. 5. With this embodiment, unlike the previous embodiments, the buyer 10 has obtained an anonymous payment instrument through someone other than the trusted intermediary 30. A number of variations of this type of anonymous money are currently available, and are becoming more commonly used over the Internet each day. Accordingly, after establishing a secure connection with the buyer 10 in data exchange 501, the trusted intermediary 30 assigns alias information to the buyer 10 in data exchange 503 that does not include credit information. For example, the trusted intermediary 30 may only assign the buyer 10 an alias name and alias address. In data exchange 505, the buyer 10 then uses the alias information to establish an anonymized connection with the seller 20 through the trusted intermediary 30. During data exchange 505, the buyer 10 also selects a purchase and provides the seller with any relevant information relating to the purchase. Further, the buyer 10 provides the seller 20 with the anonymous payment instrument in data exchange 505.
After validating the use of the anonymous payment instrument, the seller 20 then conveys the purchased goods with the alias name and alias address to the carrier 40 in operation 507. In data exchange 509, the carrier 40 transmits at least the alias name to the trusted intermediary 30, and receives in reply data exchange 511 the actual name and ship-to address of the buyer 10. The carrier 40 then ships the purchased item to the buyer 10 in operation 513.
Yet another embodiment of the invention is shown in Fig. 6. In this embodiment, the buyer 10 does not establish a secure connection through the trusted intermediary 30, as with the previous embodiments. Instead, the buyer 10 first obtains the alias information from the trusted intermediary 30, and then uses the alias information in a separate connection to the seller 20.
Referring now to Fig. 6, the buyer 10 starts the transaction by transmitting to the trusted intermediary 30, in data exchange 601, identifying information that uniquely identifies the buyer 10. In reply, the trusted intermediary 30 provides alias information to the buyer 10 in data exchange 603. Again, the alias information preferably includes an alias name and alias address. It should be noted that the embodiment shown in Fig. 6 may employ any of the credit arrangements of the previous embodiment. Accordingly, the alias information may also include alias credit data, corresponding to credit issued by or to the trusted intermediary 30, or to credit issued to the buyer 10. Next, in data exchange 605, the buyer 10 uses the alias information to establish an independent anonymous connection between with seller 20, without going through the trusted intermediary 30. The buyer 10 then uses the anonymous connection to select goods, services, or monetary instruments for purchase and pay for the purchase. Approval of the credit purchase is then performed according to the previous embodiments. Similarly, the goods, services or monetary instruments can be delivered through a carrier in the same manner as the previous embodiments.
It should be noted that the exchange of information in this embodiment may occur in any order. For example, the alias information may be provided after the buyer 10 has established the anonymous connection with the seller 20. Alternately, a portion of the alias information may be transmitted to the buyer 10 before the buyer 10 establishes the anonymous connection with the seller 20, and the remaining portion transmitted after the anonymous connection has been established. The specific order of steps described above is provided only to facilitate an understanding of this embodiment of the invention, and is not intended to be limiting.
Still another embodiment of the invention is shown in Fig. 7. In this embodiment, the trusted intermediary 30 has partnered with a number of issuing banks, Il912, 13,... IN, each of which has issued (or will issue) credit to or on behalf of the trusted intermediary 30. Depending upon the arrangement between the issuing bank and the trusted intermediary 30, the credit may be issued to the trusted intermediary 30, or simply provided for the trusted intermediary's use (to allocate to the buyer 10) at the request of the trusted intermediary 30. Preferably, at least one of the issuing banks also has issued credit to the buyer 10.
The buyer 10 first establishes a secure connection with the trusted intermediary 30 in data exchange 701. As with previous embodiments, during data exchange 701 the buyer 10 provides proof of a previously established account with the trusted intermediary 30, or with sufficient information to establish an account with the trusted intermediary 30. In addition, the buyer 10 indicates his or her desire to use a personal credit account issued by one of the issuing banks, (i.e., issuing bank 70). Of course, the buyer's desire to use the personal credit issued by issuing bank 70 may alternately be conveyed before or after the buyer 10 establishes the secure connection in data exchange 701 (e.g., when the buyer 10 initially establishes an account with the trusted intermediary 30).
Next, in operation 703, the trusted intermediary assigns alias information for use by the buyer 10. Again, the alias information preferably includes an alias name and alias address that together uniquely identify the buyer 10 to the trusted intermediary 30, identify the particular transaction to be conducted using the alias information, and identify the transaction to the carrier 40 as one that was made through the trusted intermediary 30. Additionally, the alias information also includes alias credit data.
As with previous embodiments, the alias credit data in this embodiment is for credit issued to the trusted intermediary 30 by one of the issuing banks Ii, I2, 13,... IN- With this embodiment, however, the trusted intermediary 30 specifically selects the alias credit data to ensure that it is for credit that was not issued by issuing bank 70 (i.e., the bank issuing credit to buyer 10). As shown in Fig. 7, for example, the trusted intermediary 30 provides the buyer 10 with alias credit data for the credit issued by issuing bank 80. For this embodiment, the issuing bank 80 may be chosen according to an algorithm that randomly selects from among the partnered issuing banks l2, 13,... IN, but which does not select issuing bank 70. By choosing an issuing bank 80 other than the issuing bank 70, the buyer's anonymity is further protected. Alternate embodiments may provide the buyer 10 with alias credit data for the credit issued by issuing bank 70, however, for convenience. Next, in data exchange 705, the buyer 10 establishes an anonymous connection with the seller 20 through the trusted intermediary 30. Again, the buyer 10 uses data exchange 705 to also anonymously select a purchase, convey any necessary information relating to that purchase credit information, and convey the necessary alias information (including the alias credit data) necessary to make the purchase. As with the previous embodiments, the buyer 10 may provide some or all of the alias information directly, or the trusted intermediary 30 may provide some or
5 all of the alias information without revealing it to the buyer 10.
After receiving the alias credit data, the seller 20 requests approval for the charge from the seller's acquiring bank 50 in data exchange 707. The acquiring bank 50 in turn relays the request for authorization to the authorization network 60 in data exchange 709. In data exchange 711, the authorization network 60 passes the request along to the issuing bank 80, which issued
0 the credit to the trusted intermediary 30. In accordance with a prior arrangement, the issuing bank 80 then submits the request for approval of the charge to the trusted intermediary 30 in data exchange 713.
Upon receiving the request for charge authorization from the issuing bank 80, the trusted intermediary 30 makes a corresponding charge to the buyer's personal credit issued by issuing
5 bank 70. For example, the trusted intermediary 30 may make a charge to the buyer's credit (issued by issuing bank 70) equivalent to or a percentage of the charge made by the seller 20 to the trusted intermediary's credit (issued by issuing bank 80). To do this, the trusted intermediary 30 requests authorization to make the corresponding charge from the authorization network 60 in data exchange 715. The authorization network 60 passes this request along to issuing bank 70 in
,0 data exchange 717. The issuing bank 70 approves the charge, and transmits approval to the authorization network in data exchange 719. The authorization network 60 then relays the authorization to the trusted intermediary 30 in data exchange 721.
When the trusted intermediary 30 receives confirmation that the issuing bank 70 has authorized the corresponding charge to the buyer's credit, the trusted intermediary 30 authorizes
15 the seller's charge to the trusted intermediary's credit issued by issuing bank 80. This authorization is transmitted to the issuing bank 80 in data exchange 723. In data exchange 725, the issuing bank 80 conveys the authorization to the authorization network 60, which then delivers the authorization to the acquiring bank 50 in data exchange 727. The acquiring bank 50 then passes the authorization back to the seller 20 in data exchange 729.
(0 As with previous embodiments, the seller 20 subsequently conveys the purchased goods with the alias name and alias address to the carrier 40 in operation 731. From the alias address, the carrier 40 recognizes that the goods were obtained through a transaction involving the trusted intermediary 30, and accordingly transmits at least the alias name to the trusted intermediary 30 in data exchange 733. The trusted intermediary 30 replies in data exchange 735 with the actual name and ship-to address of the buyer 10. The carrier 40 then ships the purchased item to the buyer 10 in operation 737.
While the embodiment depicted in Fig. 7 is more complex than previously discussed embodiments, it offers significant advantages for both the trusted intermediary 30 and the buyer 10. For example, because the trusted intermediary 30 can postpone authorizing charges to its credit until it has received authorization to make a corresponding charge to the buyer's credit, the trusted intermediary 30 can minimize its risk in extending its own credit on behalf of the buyer 10. Further, if the buyer .10 is assigned alias credit that is issued by a bank different from that issuing the buyer's credit, then the buyer's issuing bank cannot discover the nature of the goods, services, or monetary instruments purchased by the buyer 10. In this way, the buyer's privacy is more securely protected.
It should be noted that various embodiments of the invention may be arranged so that the seller 20 is able to recognize when a transaction is occurring through the trusted intermediary 30, while other embodiments may be arranged so that the seller 20 cannot recognize when a transaction is occurring through the trusted intermediary 30. For example, with some embodiments, it may be desirable to alert the seller 10 to the use of the trusted intermediary 30. If the seller 20 and trusted intermediary 30 cooperate, then the trusted intermediary 30 may employ extremely efficient alias information, such as a single number, to uniquely identify the buyer's name, the ship-to-address, and even the alias credit data. Alternately, keeping the seller 20 unaware of the intervention of the trusted intermediary 30 provides additional protection for the buyer's privacy. As previously noted, however, if the seller 20 is unaware of the use of the trusted intermediary 30, then the alias information is preferably in a form that can be readily used by the seller 20 (e.g., an alias name that resembles a conventional name, an alias address that resembles a conventional address, and alias credit data that resembles conventional credit card information).
It should be noted that in each of the illustrated embodiments described above, shipment of the goods to the buyer 10 is the final step. Those of ordinary skill in the art will appreciate, however, that additional steps (e.g., a follow-up survey, catalog mailings, etc.) may be included in other embodiments. Further, in each of the above embodiments, the process of exchanging a portion of the alias information (i.e., the alias address) for the ship-to address may be omitted where the ship-to address identifies a recipient other than the buyer 10. For example, the buyer 10 may wish to anonymously have a purchased gift shipped to a university or foundation. In this circumstance, the alias address may be the same as the ship-to address. The carrier 40 would not then need to obtain a new ship-to address from the trusted intermediary 30.
Also, while each of the above-described embodiments refers primarily to goods, those of ordinary skill in the art will understand that the methods and systems of the invention can be applied to allow the anonymous purchase of any goods, services, monetary instruments, or any other purchasable item, whether tangible or intangible.
Again, those of ordinary skill in the art will appreciate that a number of various embodiments are encompassed by the invention. For example, some or all of the alias information may be provided to the buyer 10 (or on behalf of the buyer 10) after the buyer 10 has established an anonymous connection with the seller 20, or even after the buyer 10 has selected a purchase. Further, with some embodiments of the invention, some or all of the information exchanged between the buyer 10 and the seller 20 (e.g., the nature afid/or price of each purchased item) may be disclosed to the trusted intermediary 30. With other embodiments, however, the trusted intermediary 30 may be unaware of the characteristics of the particular goods, services or monetary instruments purchased by the buyer 10. Still further, if the trusted intermediary 30 is informed of the information exchanged between the buyer 10 and the seller 20, then the trusted intermediary 30 may optionally provide authorization for any charges prior to or without receiving a formal request to authorize the charges. In other embodiments, the trusted intermediary 30 may postpone obtaining the ship-to address from the buyer 10 until after the ship-to address has been requested from the carrier 40.
Turning now to Fig. 8, this figure illustrates a trusted intermediary 30 according to one embodiment of the invention. As seen from the figure, the trusted intermediary 30 has a communications interface 801 for establishing the secure connection with the buyer 10, establishing the anonymous connection with the seller 20, and for receiving requests to authorize credit charges from issuing banks or authorization networks. The communications interface 801 may be a single computer or a network of computers arranged to interface with a larger computer network, such as the Internet. The trusted intermediary 30 also includes a database 803. The database may be arranged to store, for example, credit information for credit issued to or by the trusted intermediary 30, information relating to buyers (e.g., credit status, past purchases or charges, correspondence between alias information and buyers' names and ship-to information, etc.). The database 803 may be embodied by one or more computers equipped with a mass storage device. As discussed above, in some embodiments of the invention the database 803 may also be set up to accept commands from a buyer 10 to delete information relating to one or more transactions by the buyer 10. This feature can provide even greater security for the buyer's anonyminity.
In addition, the trusted intermediary 30 includes a control unit 805 for controlling the operation of the communications interface 801 and the database 803. A communication bus 807 then interconnects the communications interface 801, the database 803 and the control unit 805. Of course, those of ordinary skill in the art will appreciate that each of the control unit 805, the database 803 and the communications interface 801 may be divided into two or more units.
Although the invention has been described with reference to specific exemplary embodiments, it will be evident to those of ordinary skill in the art that various modifications and changes may be made to these embodiments without departing from the broader scope and spirit of the invention as set forth in the claims. Accordingly, this specification and the drawings are to be regarded in an illustrative rather than restrictive sense.

Claims

What is claimed is:
1. A method for facilitating a transaction between a buyer and a seller, comprising: receiving identification information from a buyer in a transaction; and
5 providing alias information for use in the transaction, such that the alias information corresponds to the identification information received from the buyer but does not identify the buyer to a seller in the transaction.
2. The method of claim 1, wherein the alias information is provided to the seller. 0
3. The method of claim 1, wherein the alias information is provided to the buyer.
4. The method of claim 1, wherein the alias information includes alias credit data for credit used by the buyer in the transaction.
L5
5. The method of claim 4, further including issuing the credit to the buyer.
6. The method of claim 4, further including having the credit issued by an issuing bank, and 0 arranging for the buyer to use the credit in the transaction.
7. The method of claim 6, further including: receiving a request for authorization of a charge on the credit from the seller, and transmitting an authorization for the charge on the credit to the seller. 5
8. The method of claim 1 , further including receiving at least a portion of the alias information from a carrier; and providing at least a portion of the identification information to the carrier in response to receiving the at least a portion of the alias information from a carrier. 0
9. The method of claim 1, further including providing an anonymous connection between the buyer and the seller.
10. A trusted intermediary for allowing a buyer to anonymously conduct a transaction with a seller, comprising: a communications interface for receiving identification information from the buyer and providing alias information corresponding to the identification information in response; a database configured to delete stored data upon command from the buyer, and a control unit for controlling the communications interface and the database.
PCT/US2001/016316 2000-05-19 2001-05-21 A system and method for conducting anonymous transactions using a trusted intermediary WO2001090845A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001264728A AU2001264728A1 (en) 2000-05-19 2001-05-21 A system and method for conducting anonymous transactions between two parties ata distance using a trusted intermediary

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US57425700A 2000-05-19 2000-05-19
US09/574,257 2000-05-19

Publications (3)

Publication Number Publication Date
WO2001090845A2 true WO2001090845A2 (en) 2001-11-29
WO2001090845A3 WO2001090845A3 (en) 2002-03-28
WO2001090845B1 WO2001090845B1 (en) 2002-05-23

Family

ID=24295333

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/016316 WO2001090845A2 (en) 2000-05-19 2001-05-21 A system and method for conducting anonymous transactions using a trusted intermediary

Country Status (2)

Country Link
AU (1) AU2001264728A1 (en)
WO (1) WO2001090845A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2867585A1 (en) * 2004-03-15 2005-09-16 France Telecom Client terminal e.g. mobile telephone, and payment receiving server transacting method, involves transmitting authentication parameters to virtual card server which then calculates number of card and transmits it to recharging server
US8135621B2 (en) 2002-04-26 2012-03-13 At&T Intellectual Property I, L.P. System and method for supporting anonymous transactions
US8175930B2 (en) 2005-02-17 2012-05-08 Shopmedia Inc. Apparatus for selling shipping services through a mediator's web site
US20230252537A1 (en) * 2007-02-27 2023-08-10 Emmigrant Bank Method and system of facilitating a purchase between a buyer and a seller

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5864667A (en) * 1995-04-05 1999-01-26 Diversinet Corp. Method for safe communications
US6014646A (en) * 1995-06-08 2000-01-11 France Telecom Process for making a payment using an account manager

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5864667A (en) * 1995-04-05 1999-01-26 Diversinet Corp. Method for safe communications
US6014646A (en) * 1995-06-08 2000-01-11 France Telecom Process for making a payment using an account manager

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8135621B2 (en) 2002-04-26 2012-03-13 At&T Intellectual Property I, L.P. System and method for supporting anonymous transactions
FR2867585A1 (en) * 2004-03-15 2005-09-16 France Telecom Client terminal e.g. mobile telephone, and payment receiving server transacting method, involves transmitting authentication parameters to virtual card server which then calculates number of card and transmits it to recharging server
WO2005101336A1 (en) * 2004-03-15 2005-10-27 France Telecom Transaction device with improved efficiency
US8175930B2 (en) 2005-02-17 2012-05-08 Shopmedia Inc. Apparatus for selling shipping services through a mediator's web site
US20230252537A1 (en) * 2007-02-27 2023-08-10 Emmigrant Bank Method and system of facilitating a purchase between a buyer and a seller

Also Published As

Publication number Publication date
AU2001264728A1 (en) 2001-12-03
WO2001090845B1 (en) 2002-05-23
WO2001090845A3 (en) 2002-03-28

Similar Documents

Publication Publication Date Title
US8719106B2 (en) Identity theft and fraud protection system and method
US8396747B2 (en) Identity theft and fraud protection system and method
US9582802B2 (en) Identity theft and fraud protection system and method
US7213748B2 (en) Anonymous mailing and shipping transactions
US7536353B2 (en) Secure transaction processing system and method
US7249097B2 (en) Method for ordering goods, services, and content over an internetwork using a virtual payment account
US20010025271A1 (en) Commercial transaction system and method for protecting the security and privacy of buyers transacting business over a communication network
US8190484B2 (en) Electronic commerce system and electronic commerce method
US20040148254A1 (en) Method for performing a secure cash-free payment transaction and a cash-free payment system
US20040260653A1 (en) Anonymous transactions
US20100293093A1 (en) Alterable Security Value
JP2002541601A (en) Person-to-person, person-to-company, company-to-person, and company-to-company financial transaction systems
WO2000002150A1 (en) Transaction authorisation method
US20190244184A1 (en) Online electronic transaction and funds transfer method and system
AU775065B2 (en) Payment method and system for online commerce
EP1234223A2 (en) System and method for secure electronic transactions
US20050015304A1 (en) Secure purchasing over the internet
WO2001090845A2 (en) A system and method for conducting anonymous transactions using a trusted intermediary
US20020123935A1 (en) Secure commerce system and method
US20040167826A1 (en) Anonymous electronic funds transfer system and method, and anonymous shipping system and method
JP2002133339A (en) Bi-directional authentication device, terminal adaptor, and accident managing device
JP2004514200A (en) System and method for performing anonymous ID transactions on the Internet
JP2002352172A (en) Method and device for electronic commercial transaction

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: B1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: B1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION UNDER RULE 69 EPC (EPO FORM 1205A DATED 25.04.2003)

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP