Data processing: financial – business practice – management – or co – Electronic negotiation
Reexamination Certificate
1999-11-03
2001-07-31
Swann, Tod R (Department: 2132)
Data processing: financial, business practice, management, or co
Electronic negotiation
Reexamination Certificate
active
06269349
ABSTRACT:
BACKGROUND OF THE INVENTION
A. Field of the Invention
The present invention relates generally to privacy protection and, more particularly, to systems and methods that protect private information provided to a third party.
B. Description of Related Art
Electronic commerce (“eCommerce”) has dramatically increased in recent years. Many server operators now have web sites on the Internet that users can access to seek out or research information, purchase or research goods and/or services, and communicate with other users, web sites, or services. In a typical commercial transaction, a user browses a vendor's catalog, selects a product, places an order for the product, and pays for the product, all electronically over the Internet.
In some conventional eCommerce systems, the server operator requests the user to provide confidential personal and/or corporate information, such as a name, address, telephone number, or account data, in order to proceed with the on-line transaction. The user transmits the confidential information to the server operator over the Internet. The server operator may then use the confidential information to complete the transaction.
In other conventional eCommerce systems, a growing number of transactions are performed across intranets and internets (including the Internet) by protocols or mechanisms other than the hypertext transfer protocol (http://). Such non-http-based transactions use a myriad of different protocols and languages to encode the information, including electronic data interchange (EDI), file transfer protocol (FTP), extensible markup language (XML) send and receive, standard generalized markup language (SGML), etc. Furthermore, transactions such as these use transport mechanisms with protocols other than, or built upon, transmission control protocol/Internet protocol (TCP/IP), such as internetwork packet exchange (IPX), Internet protocol security (IPSEC), Internet protocol version
6
(Ipv
6
), secure sockets layer (SSL), etc. Also, these non-Web-based transactions can occur as a result of interconnections between systems through a common language specified by a metalanguage (e.g., specified by XML) or through direct binary communication between systems (e.g., via distributed component object model (DCOM), common object request broker architecture (CORBA), or other distributed object, procedural, or client-server architectures).
Two problems that exist in conventional eCommerce systems pose a major concern to businesses and individuals. The first problem includes the risk of invasion of privacy imposed on a user (corporate or individual) seeking goods, services, and/or information. The user may provide personal information, such as a name or credit card number, corporate information, such as a corporate name or account data, or a combination of personal and corporate information to a server operator offering these goods, services, and/or information. The user, however, has no way of knowing whether the provided information will be kept secure by the server operator and not used in a manner against his wishes. For example, the user may provide his name and telephone number as part of a standard eCommerce transaction. In some cases, the server operator sells or trades the user's information to telemarketing services without the knowledge of the user or stores the information in an insecure manner that permits access by a third party.
In the case of business-to-business transactions, information on what the business is buying, what quality and quantity, from whom, and what the business is thinking of buying (as evidenced by research and browsing habits) constitutes critical confidential information to the business. The risk of interception or misuse of this information is as great or greater than that of other types of personal or corporate information.
The second problem involves the irritating, time-consuming, and generally repetitious data entry required for a user (corporate or individual) to open a new account or use an existing one. For example, to open a new account, the user must provide private information regarding the user or the business. Some server operators will store a user's private information on their server for subsequent transactions by the user. To set up the account, however, the user must enter the information manually. To use a previously-opened account, the user must go through a tedious and mistake-fraught process and recall a password which, if the user follows security doctrines, should be unique to each site the user visits.
As a result, a need has arisen for a mechanism to insure the security of private information provided to a third party. A need has also arisen for a simplified, expedited, and automated mechanism for providing such information.
SUMMARY OF THE INVENTION
Systems and methods consistent with the present invention address these needs by facilitating the provision of private information of a client to a server in a secure, highly automated, efficient manner that imposes minimal physical burden and no uncovered risk to the client or server.
In accordance with the purpose of the invention as embodied and broadly described herein, a system protects private information provided in an exchange between a client and a server. The system receives the private information from the client and determines whether it is of a type to which a bond may be assigned. The bond provides an indemnity to the client for misuse of the private information. The system then assigns a bond to the private information, if it is determined to be of the type to which a bond may be assigned, and provides the private information to the server under bond.
In another implementation consistent with the present invention, an object, accessed or executable by a client entity communicating with several server entities, protects private information of a user associated with the client entity. The executable object includes instructions for obtaining private information from the user for use in an information exchange with one of the server entities; instructions for sending the private information to an external object to obtain a bondability assessment regarding the private information; the bondability assessment indicating whether an indemnity will be paid to the user if the private information is misused; instructions for obtaining the bondability assessment from the external object; and instructions for providing the private information to the server entity under bond.
In a further implementation consistent with the present invention, an object, executable by a client entity communicating with at least one server entity, protects private information provided to the server entity. The executable object includes instructions for obtaining private information from a user associated with the client entity for use in an information exchange with the server entity; instructions for assessing bondability of the private information, the bondability assessment indicating whether an indemnity will be paid to the user if the private information is misused; and instructions for providing the private information to the server entity under bond.
In another implementation consistent with the present invention, a method of doing business includes providing information, services, and/or products for browsing and purchase by consumers during a transaction; requesting private information from the consumers prior to completing the transaction; receiving the requested information under bond, the bond providing an indemnity to the consumers for misuse of the requested information; and completing the transaction.
In yet another implementation consistent with the present invention, a system facilitates the provision of private information of a client to a server during an information exchange. The system includes a memory that stores data and a processor. The processor receives a request for private information of the client from the server, generates an intended response to the request, provides the intended response to the client, receives au
Aieta Mario A.
Beldock Donald T.
Beldock James G.
A6B
Harrity & Snyder L.L.P.
Smithers Matthew
Swann Tod R
LandOfFree
Systems and methods for protecting private information does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Systems and methods for protecting private information, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Systems and methods for protecting private information will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2469673