GB2368151A - Determining access privilege to electronic data - Google Patents

Abstract

Access privilege to electronic data e.g. on the internet is determined by accessing a database table having information corresponding to a user represented by a first set of characters, suitably in the form of a binary number 110, which consists of subsets 112-128 each being a code representing an access factor. The codes shown relate to the geographical location of the user. A second set of characters in the table may relate to the user's age. The electronic data may be accessed, when permitted, from a second table and displayed in accordance with display information stored in a third table.

Description

METHOD OF MANAGING DATA FIELD OF THE INVENTION The present invention relates to the management of data. More particularly, the present invention relates to the management of access to data and display of that data using database techniques.

BACKGROUND OF THE INVENTION Both the need and desire to manage access to electronic data, in all aspects of society, is well understood. Within any organization or relationship, e. g., companies, government agencies, schools, parent-child, purchaser-seller, advertiser consumer, etc. , an entity within the organization or relationship will have the need or desire to manage the electronic data provided to or accessible by another entity. As will be readily understood, the different needs to control access to electronic data which currently exist, or which will evolve as a result of technological, societal, and other factors, are too numerous to list.

An example of the foregoing needs is the need of commercial organizations to limit internal and external access to confidential business information

and trade secrets. Similarly, governmental agencies , gencies

need to limit internal and external access to information for policy, regulatory, political and legal reasons. In the context of familial relationships a parent, for example, may desire to control the electronic data a child is exposed to over the Internet. Purchasers of products or services over the Internet want a convenient way of letting sellers access identifying information about the purchaser, in order to complete a purchase, but want to be able to control who can access the information and when. Internet advertisers on the other hand want the ability to target advertising demographically in order to achieve the best return on their advertising expenditures.

The foregoing examples of access control needs are well understood and effective techniques for meeting individual ones of these needs have been developed. The most common technique for controlling access to electronic data is the use of password protection. By password protecting access to a system containing electronic data, i. e. , log-in password protection, or password protecting the electronic data within the system itself, only those users possessing a valid password will be able to access the system or electronic data. Hierarchical

password protection techniques also exist wherein users, who are provided with password access to electronic data, can be grouped into different authority levels, e. g., read-only, write-only, readwrite, etc.

A drawback to password protection is the onedimensional nature of this data access control technique. A user will either have the password and thus be able to access the data at any time from any access device or they will not have the password and thus, cannot access the data at all. Many instances will exist, however, in which access to data may be permissible at one time or location but not another.

For example, a parent may wish to limit a child's ability to browse the internet during certain times but not others or may allow access on one access device but not others.

Another technique used to limit access to electronic data is the use of encryption. In order to access encrypted data, an electronic key is needed to decrypt the data. Once possessing the electronic key, access to the data would not be restricted temporally or by location. In order to respond to different access restriction needs, different encryption techniques such as asymmetric,

symmetric, and key escrow encryption techniques have been developed. Each of these techniques requires different encryption engines. Another drawback to encryption is that the system resources required for encrypting data and the preparation needed, e. g., distributing the decryption keys, warrants its use only in circumstances where security of the data is needed. Encryption is also not effective in managing access to large databases of data, e. g., the internet, where an entity wishes to restrict access to data they do not control.

Techniques have evolved for streamlining the online purchasing process and for alleviating consumer concerns regarding the privacy of identifying information transmitted over the Internet. In these techniques, identifying information is provided to a seller and is stored in a profile database to be used in connection with subsequent purchases and communications with the seller and seller's call center.

A drawback to these techniques is that they require the consumer to enter the identifying information at least one time for each seller. While it would be preferable to have the identifying information stored in one centralized profile

database, and made available to sellers selected by the purchaser, an effective method of controlling access to information stored in such a profile clearinghouse has not been developed.

In addition, the existing techniques have been developed for use in connection with a single interactive medium, e. g., communicating over the Internet with a personal computer (PC), and cannot be used with other interactive medium, e. g., interactive television, and wireless access protocol (WAP) phones. Consequently, the existing techniques also do not include mechanisms for allowing the purchaser to separately control the information provided to the purchaser through different interactive media.

In the context of advertising over the Internet, methods have been developed to improve on the technique of broadcasting the same advertisement to all customers. The improved techniques rely on profile information provided by, or about, the customer to permit demographically targeted advertising. One such approach contemplates the provision of customer profile information, by a content provider, directly to an advertiser upon occurrence of a specified triggering event such as

the customer signaling their interest in receiving an advertisement by clicking on a pop-up ad on a web site.

While representing an enhancement over prior Internet advertising methods, the newly developed advertising methods still suffer from certain drawbacks. In particular, in these newly developed methods, the requirement of a triggering event means that the only customers who will receive an advertisement are those who actively indicate interest in a product or service. An advertiser will not, however, be able to passively advertise to demographically desirable consumers using the foregoing methods. Further, there is currently no way for an advertiser to control when and on what devices a user will be provided an advertisement. Thus, the advertiser is charged each time the same advertisement is provided to the same user.

In addition, the present methods generally link an access device, e. g., a computer, to a user profile by the computer's ISP and thus presume that a computer is being used by the same consumer who provided a profile. In the family environment it is generally the case, however, that all family members will utilize the same computer but only one,

typically the family member responsible for the bills, will provide any profile information. There are no mechanisms for requiring, or encouraging, all consumers to provide profile information which will be generally available for targeted advertising.

As is apparent from the foregoing discussion, the access control techniques that currently exist have individually developed in response to, and around, particular problems. Unfortunately these solutions are in many ways inconsistent and thus, none of the foregoing solution can respond to all of the access control needs.

There is therefore a need for a system and method for controlling access to electronic data which is multi-dimensional, requires limited system overhead by the user, is convenient, can be used with different interactive medium, provides an incentive for each individual user to provide profile information, and an incentive for each individual user to identify themselves during on online session.

SUMMARY OF THE INVENTION The present invention satisfies, to a great extent, the foregoing and other needs not currently

satisfied by existing access control and display techniques. This result is achieved, in an exemplary embodiment, by a method of determining an entity's access privileges to electronic data by accessing a first electronic database table having information represented therein by a first set of characters. The first set of characters includes a plurality of subsets of characters each of the subsets of characters being a code representing an access factor. The access privileges are determined using the first set of characters.

In another aspect of the invention a method of determining whether to provide information to an entity is provided wherein a first electronic database table having information represented therein by a first set of characters is accessed.

The first set of characters includes a plurality of subsets of characters. At least one of the subsets of characters is a code representing a geographic area within the geographic area represented by at least one other subset of characters. Further, all geographic areas worldwide can be specified, to the refinement of the postal code, by the first set of characters. The first set of characters are compared to data associated with the entity and the information is provided to the entity based upon

said comparison.

In yet another aspect of the invention, a method of determining an entity's access privileges to electronic data is provided. In accordance with this method, a first electronic database table having information represented therein by a plurality of sets of characters is accessed. The first set of characters includes a plurality of subsets of characters each of the subsets of characters being a code representing an access factor. A second set of characters includes a plurality of subsets of characters each of the subsets of characters representing access control data. The access privileges are determined using the plurality of sets of characters. The electronic data is then accessed from a second database table and displayed on a display device, in accordance with display information stored in a third database table when it is determined, following said determining step, that access to said electronic data is permitted.

With these and other objects, advantages and features of the invention that may become hereinafter apparent, the nature of the invention may be more clearly understood by reference to the following detailed description of the invention, the

appended claims and to the several drawings attached herein.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram of a communication system in accordance with a preferred embodiment of the present invention.

FIG. 2 is a sample gateway web page in accordance with a preferred embodiment of the present invention.

FIG. 3 is a representation of a database table structure of a preferred embodiment of the present invention.

FIG. 4 is a chart depicting a format for storing area data in the database tables of FIG 3.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS Referring now to the figures, wherein like reference numerals indicate like elements, in FIG. 1 there is shown a block diagram of a generic communication system 20. As depicted, there are three participants in the communication system 20, a user 22, a gateway provider 24, and a content provider 26, all in communication via the Internet

28.

In the depicted embodiment, the user 22 is capable of communicating directly with the content provider 26 as in a conventional system not employing the present invention. The user 22 and content provider 26 can, however, communicate through the gateway provider 24 in order to allow either, or both, to control access of the other to electronic data. Communication can be accomplished using any known transmission protocol including, but not limited to, TCP/IP.

The electronic data to which access is controlled can be content stored within the database 30 of the server 32 of the content provider 26 that the user wishes to access. Alternatively, the electronic data can be information stored within the user's computer 22 that the content provider 26 wishes to access, e. g, the content provider can be acting as a user.

The content provider 26 or user 22 may also be seeking access to information of the other party that is resident within the database 34 of the gateway server 36. The control of access can be imposed by the content provider 26 or the user 22

over their own data, or by some third party, such as the gateway provider, over the data of either or both.

A reason for controlling access to data can include a user's desire to filter out entirely, or during limited times, or in limited locations, the receipt by themselves or another of certain content, e. g., a parent's desire to limit a child's access to only age appropriate web sites during permissible times. Another example might include a teacher's desire to set subject matter limits on a student's access to on-line databases during certain times of the day.

A still further example might include a customer's desire to receive advertisements only for certain products and services, during certain times of the day or through certain medium. For example, a customer may be willing to receive certain advertisements over a WAP phone, to offset the cost of that service, but does not wish to receive these same advertisements on their interactive television.

It is presumed that, in a preferred embodiment of the invention, each user of the gateway will have registered and provided profile data that includes,

at a minimum, their role, requirement and local area. This profile information can be used as a beginning point for determining the data to be provided to the user. Additional profile data can be provided by the user, or by a third party having authority to control the data provided to the user, to limit or expand the data displayed to the user through the gateway.

It is noted that the depiction of only a single user 22, gateway provider 24, and content provider 26, communicating via the Internet 28, is for illustrative purposes only. It should be recognized that the systems and methods for carrying out the invention, as described herein, are not limited by the number of participants, by the medium over which they communicate, or by the input or display devices used. The systems and methods of the present invention are applicable to all existing interactive electronic medium and devices including, but not limited to, the Internet, intranets, PCs, interactive television, WAP phones, and other interactive electronic medium and devices to be developed in the future.

It should also be recognized that the user 22 of FIG. 1 can be any entity seeking access to

electronic data. By way of example, the user 22 can be an individual browsing the Internet via a personal computer, a call center seeking profile information for a caller, a system for providing advertising on multiple media seeking profile information for a targeted advertisement, or an employee seeking to access files on a corporate intranet.

As detailed below, in the context of a system for providing a gateway to the Internet, the gateway provider 24 of the present invention utilizes a fundamentally different paradigm for storing and manipulating electronic data. Because of this, an entity is capable of providing a high level of specificity through the gateway provider 24 with regard to who may access electronic data, where, when and why, what electronic data may be accessed, and how the electronic data may be accessed. The gateway will allow a user to add security to an object by changing the to create a"lock"on the data. The user can then create as many keys as they want to by changing the profile information of other users.

An exemplary gateway web page 36 in accordance with a preferred embodiment of the present invention

is depicted in FIG. 2. The web page 36 is comprised of three frames; the title frame 38, the navigation frame 40, and the detail frame 42. When a user first logs in to begin a gateway session the title frame 38 and a home page, not shown, is provided on the user's display device. The user may then click on any of the smaller icons 46, the icon titles 48, or the group page icon 50 to navigate from the home page. Clicking on the home page icon 44 returns the user to the home page.

After selecting one of the icons 48 in the title frame 38, the navigation bar 40 will appear and provide a list of headers 52 associated with the selected icon of the title frame 38. Each header 52 also have various levels of hidden subheaders, not shown, which would be presented when the user clicks on one of the headers 52. In addition, a default detail frame home page for the selected icon will be displayed. In the exemplar of FIG. 2, the user has selected the subjects icon 54, which brought up the navigation bar 40 containing education related headers 52.

By selecting one of the headers 52 or subheaders in the navigation bar 40, the detail frame 42 will be refreshed to display information relevant to that

header 52 or subheader. In the exemplar of FIG. 2, the user has selected the"English"subheader 56 which opened the"English"detail frame 42. In the detail frame 42, the user is first presented with a selection of headers 58 along with a default subheader frame 60. If a different header 58 is selected a different subheader frame 60 associated with that header is presented. Below the subheader frame 60, title bars 62 and descriptive text 64 are provided. By clicking on a title bar 62, the user is directed to the electronic data they wish to access, e. g., a web site related to the selected topic. In the exemplar of FIG. 2 the user has selected the"READING"header 66 which then provided all appropriate title bars 62 for that user relating to reading.

Educational information is merely one example of the information that may be accessed through the exemplary gateway of FIG. 2. As can be seen, the icon titles 48 of the title frame 38 include such other topics as"interests, ""fun & games,""shop," and"sports." Various other icons can be provided within the detail frame 42 of the gateway web page 36. For example, the following additional icons are provided

in the subheader frame 60 of the detail frame 42 : Tips and techniques 68-provides useful tips to the user relating to the subject matter of the subheader frame 60; revisions and testing 70-provides links to materials to help test knowledge of the subject of the subheader frame 60; discussion 72-allows users to have on-line discussions with other users interested in the same subject matter; suggest a site 74-allows users to make suggestions for related web pages or other electronic data; top of page 76-returns the user to the top of the detail frame.

It should be recognized that the foregoing described additional icons are for use in connection with an education gateway of a preferred embodiment of the invention. These additional icons would be different in other embodiments of the gateway for use in other environments. For example, for a gateway relating to government grants, additional icons may be provided to link to electronic versions

of forms used in applying for grants. In addition, for different user roles or requirements the additional icons may also be different.

Also provided in the detail frame 42 and linked to the individual pieces of data, e. g., web sites, are read or write a review icons 78 for allowing users to write reviews of the linked data or web sites and to read other users reviews. The reviews are stored in a central gateway database, rather than in memory on the users computer, and can be made available to anyone utilizing the gateway. To prevent inappropriate reviews from being provided to other users, newly created reviews are locked out until reviewed and approved by the gateway provider.

Again, for different roles and requirements the read or write a review icon 78 may be replaced or supplemented with a different icon providing a different functionality.

There is also a problems icon 80, which allows users to report on any problems they encountered with the linked data. Because user identified problems are entered into the gateway provider database, the gateway provider can routinely monitor the problem files and correct problems.

The group box icon 50 can be used to provide a direct link to the web site of any desired entity, e. g., the local education board. Usually, the group box icon 50 will link the user to the web site of the entity related to the access point or the controller of the access point. By way of example, the group box icon 50 for an education web site might be the local education board. The group box icon 50 may be different or may bring a user to a different web page depending on who the user is or where the group box icon 50 is accessed. For example, the group box icon 50 may be that of the local authority if the gateway is accessed from school but that of an employer if accessed from work. The group box icon 50 can also be set up to direct a user to the local authority's educational services web page if accessed from school or the local authority's general services web page if accessed from home.

It is noted that large sections of the detail frame 42 depicted in FIG. 2 are blank. It is presumed that these blank portions will be used to provide additional data and/or links to other data related to or connected with the data in the subheader frame 60. In particular, in an education

related gateway, these additional links may be local learning resources such as a library or museum, books or other resources for sale, or internet applications like diary or calendar events.

Electronic data can be sorted and provided to a user, through the gateway, according to the user's age and/or role, e. g., teacher, parent, employer, administrator, purchaser, seller, etc. A user's age and/or role profile information would be tied to their log-in password so that when that user logs in to the gateway that user will only be provided with those icons, headers, data, etc. , appropriate for, relevant to, and/or permitted for that user. It is anticipated that in the exemplary embodiment of FIG.

2, which will be used in conjunction with the education system in the U. K. , at least the following age and role categories will be provided for: age 3 to 5, age 5 to 7, age 7 to 11, age 11 to 14, age 14 to 16, age 16 to 18, parents, teachers, and administrators.

By presorting and classifying electronic data within the foregoing gateway, a user can quickly and easily be provided with relevant material about any desired subject. In the system of the preferred embodiment the hierarchical sorting of the data

allows children under eleven to navigate to any desired content, which is made available through the gateway, within three clicks. It should be readily apparent from the foregoing description that organization of data within the gateway can permit a user to navigate to any desired content in five or less mouse clicks without the need for the user to compose their own search query.

The gateway of the present invention is provided using a novel database table structure which will now be described with reference to FIG. 3. The tables include, but are not limited to, a category table 82, a listing table 84, an address table 86, and an entitycontrolprofile table 88. The functioning of the foregoing tables can be best understood when considered in connection with the exemplary gateway session described above in connection with FIG. 2.

The method of controlling access to electronic data will now be described with reference to the category table 82, listing table 84, address table 86, and entitycontrolprofile table 88. Broadly, the category table 82 stores all of the categorization data 90, e. g., headers, subheaders, icons, icon titles, and alt tags for icons,

contained in any of the title frame 38, navigation frame 40, or detail frame 42 of the gateway. The address table 86 contains all of the data, or links to data, 92 that may be provided to any user, e. g., data to be provided may be stored directly within the address table or links to other web sites may be stored therein.

The listing table 84, operating in conjunction with the entitycontrolprofile table 88, filters the data in the category table 82 and address table 86 so that only selected portions of the data will be supplied to a particular entity profiled in the entitycontrolprofile table 88. To accomplish this gateway filtering operation, the listing table 84 stores listing properties 94 for the data stored in the category table 82 and address table 86. That is, the data 94 in the listing table 84 are the rules and criteria to be applied in determining whether data will be displayed based on profile data 96 received from the entitycontrolprofile table 88.

The listing table 84 also contains the commands which associate data 92 in the address table 86 to categorization data 90 in the category table 82. Further, the listing table 84 stores pointers to scripts which control the way data in the address table 86 and category table 82 are displayed through the gateway.

The listing table 84 can also store individual user choices for data to be displayed and gateway "look and feel"options. For example, a user may only be studying a limited number of the educational subjects or be interested in a limited number of sports available through the gateway. The user may also decide that they prefer having the title frame 38, and navigation frame 40, and detail frame 42 displayed in a configuration other than the default configuration. The user may also, for example, wish to have smaller icons or fonts to fit more data on a page, or larger icons and fonts to be easier to read. These and other user choices can be entered and would be stored in the listing table 84 to tailor the gateway 36.

The entitycontrolprofile table 88 stores the profile information for each individual user permitted to access the gateway. It is contemplated that the profile information will be gathered through use of registration processes such as those commonly employed and known in the art. Because the gateway is configured to provide only relevant

information on an individual basis, profile information for each individual user will be required.

The unique interrelationship of the category table 82, listing table 84, and address table provide considerable flexibility of the gateway to be adapted to various applications. This interrelationship will be best understood by reference to the chart provided below, which describes the table entries, and by reference to the method of storing data which follows.

Title Description Category line number This entity is a unique key for this table. This entry also matches the entry in the header~number field of the listing table to join the table entries for a particular object to be displayed in the gateway. categorynumber A reference number which links all category information displayed in a single frame of the gateway. All linked category data can be displayed by referencing the categorynumber. categorytype Identifies what type of category data is being stored.

categorydescription Contains the category data, e. g., text, name of icon, link to. gif file, to be displayed on the display device. categorydetail Stores alt tags for icons or, if the data is not an icon, this field can be used for internal storage purposes. available In the listing table, this serves as a flag to identify whether the data can be displayed. A first value in this field identifies the data as being unavailable whereas a second value indicates the data is available, e. g., where a user creates a review of data, the available field will be flagged to make the review unavailable until the gateway provider reviews and approves the user generated review at which time the available field will be changed. This field could also be used by users to select who can see the data they enter.

In the category and address tables the available field is used for internal system control. For example, this field can be used to specify who to make the information available to. created. by Identifies for audit purposes who, generally within the gateway provider organization, created the table entry. create-date Identifies for audit purposes when the table entries were created. updated~by Identifies for audit purposes who, generally within the gateway provider organization, updated a table entry. updated-date Identifies for audit purposes when a table entry was updated. listing line number This entry is a unique key for this table. It is also a reference number for the listing table for a particular object. listingnumber A redundant field which, if desired, can be used to create many to many relationships. header~number Matches the"category line number"of the associated category table to link these two tables. address~number Matches the"address line number"of the associated address table to link these two tables. pagecurrent Reference number that links together all data currently displayed in a frame of the gateway, i. e. , each object displayed in a frame will have the same pagecurrent reference number. Frames in the gateway are generated by displaying all linked information. Thus, a single object will have a different pagecurrent number for each frame in which it can be displayed. page-target Reference number that links all data to be displayed in a frame of the gateway responsive to a user clicking on an object, i. e. , when a user clicks on an object in a frame, all objects having the same page~target reference number as the selected object will be displayed. display~type Identifies how the data is to be displayed by referencing either a display code or a markup language file in the database ownernumber Identifies an entity within a specific environment area~number Identifies the areas in which the data is relevant org~number Identifies relevant groupings of entities to which the data is relevant rights~number Contains data identifying the users role, requirement and rights to amend a piece of data speciall-speciallO Special fields are used for storing additional data not already stored in another field, or to store the same data differently. map Identifies the types of display devices that the data can be displayed on. sort Used to determine the ordering of the data in a field on the gateway. Since all data displayed in a field are linked by other fields, the sort field identifies the order in which each object will be displayed. address line number This entry is a unique key for this table. It also mtches the address~number field of the - listing table to join these two tables. address~number A redundant field which, if desired, can be used to create many to many relationships. title The text of the title objects 62, FIG. 2, to be displayed in the detail frame 42 are stored here. address Stores the URL for a title if the title is obtained from outside the database. If the title is obtained from within the database the name of the script file or path to the script file is stored here. description The descriptive text 64, FIG.

2, related to a header 62 in the frame is stored here.

It should be understood that each item displayed in the gateway web page 36 is a separate object selectable by the user. Thus, each item displayed on the gateway has an associated set of entries in the database tables.

It is noted that each of the"available, n "created~by,""create~date,""updatedby,"and "updateddate"fields contain the same type of data in each table. For example, a category record may be updated at a different time from an associated listing record and thus both records would contain data identifying a time and date of updating although not the same time and date.

Because the gateway will only provide data to those users permitted to receive the data based on their profile and the criteria set in the listing table, and because the criteria can be set based on any factors, e. g., time, date, location, access device, category of user, etc. , the system has

security built in. Thus, for example, if a corporation wants to limit access to certain data to specific classes of employees, or wishes to limit the specific devices, or types of devices, on which the data can be accessed, they need only specify those criteria in the tables associated with the data.

It will be readily understood that for data management purposes it may be desirable that the data of one table be stored in several separate databases. For example, as the number of users of the gateway increases, the spreading of entity profile information across a number of databases may be desirable to shorten the time necessary to gather the profile information. Similarly, as the volume of data in the address table database increases the volume of data in the listing table database and category table database will also increase making it desirable to share the data storage and retrieval processes.

One readily apparent method of subdividing the users in the entity profile table would be alphabetically by name. Another method of subdividing users would be by entity type, e. g., separating corporate users from individual users,

etc.

In addition to the foregoing tables, it is also contemplated that other tables may be provided to perform supporting tasks. For example, it is contemplated that one or more error tables 98,100 will be provided for storing and providing error messages within the gateway. An audit table 102 may be provided in order to maintain a record of a users navigation through the gateway. This record may be temporarily stored, e. g., during a session, or permanently stored for future audit purposes.

The electronic audit record can be accessed by the user, or by entities having authority to access the record, and printed out in reports. One anticipated use of this functionality is in the generation of reports by teachers as evidence that all elements of a required curriculum have been covered, i. e. , by generating an audit record of the students'navigation through the gateway it can be established that all curriculum requirements have been covered.

Other uses of the system, e. g., e-mail, calendar, etc. , could also have their own audit records with different users. For example, they

could be used for fraud management, e. g., used in conjunction with a session audit table which could record an IP address, a machine number, and a browser/access device.

The tables can also include an entitylogon table 104 for storing the data associated with the process of logging on to the gateway. For example, a user's identity and password, among other things, can be stored in the entity~logon table 104.

Other tables, not shown, which may be provided include a directory table for storing the actual text of user profile entries separate from profile

codes stored in the entitycontrolprofile table 88. A currentuser table may also be provided for temporarily storing rules and parameters to be applied during a particular gateway session. A maximum number table may also be provided for recording the maximum numbers being used in all of the other tables. Adding data to other tables is facilitated by the use of the maximum number table as it eliminates the need to search the database, which may have millions of entries, to identify the maximum number currently being used in connection with a data entry.

The techniques for storing information in the tables will now be explained with reference to the chart 108 of FIG. 4 wherein an example of area data is represented by the twenty digit decimal number "11055142010319376101"110. As shown in the chart, the twenty digit number 110 is subdivided into nine subsets 112-128 of between one and three digits each.

The first subset is a one digit decimal number 112 that theoretically can represent ten different

options for the data using the decimals"0"through "9". In the presently preferred embodiment, however, this digit has the values"I,""2,"or"3" which denote, respectively, whether that data can be used in a gateway window having any number of frames, a window having two frames, or a window having three frames.

The category number field 114 is a three digit decimal number which serves to identify the type of data represented by the remaining digits. The three digit number"105"in the category number field designates that the data represented by this twenty digit number is area data.

Each of the remaining subsets of digits 116-128

represents a geographical subdivision with the subset containing the least significant bit representing the smallest geographic subdivision.

In the example provided in FIG. 4, the continent of Europe is represented in the twenty digit number by the reference number"5"in the fifth digit from the most significant bit. Similarly, the United Kingdom is represented by the reference number"1420 in the sixth through eighth digits from the most significant bit. Thus, the value "11055142010319376101"would indicate that the data is associated with the W post code in the London Borough of Westminster, Greater London, England and the data can be used in a gateway having any number of frames.

The digits can also be used to provide geographic data in different ways to meet different needs. For example, the geographic data can be used to identify, individually, streets within a town.

A local authority can then use this geographic data to provide a gateway which can identify which public services, e. g., trash removal, street cleaning, etc. , will be provided on a particular street on a particular day.

It is noted that the foregoing description of

area data is only one of the categories of data that can be stored in the tables for use in the gateway filtering process. It is currently contemplated that at least the following eight categories of data will be used:

101 Column Type 102 ole & Requirement 104 Display Type 105 area 106 Posics/headers/Sub headers 107 Gifs - Screen/Partnerships/Shop 108 Partnerships 109 Shop Within the twenty digits used to represent data in different categories, the subsets of digits may be related, as in the area example provided above, or may be unrelated data types. A textual description of what each possible reference number of each subset of each category of data is, is stored in the category table in the categorydetail"field.

While the fields have been described as twenty digit decimal numbers, it should be understood that strings of any different lengths could be used, as appropriate, to provide different levels of granularity of the data. For example, by use of a thirty-two digit decimal number, the postal codes

for every individual worldwide can be specified with the described technique. It should be further understood that alphanumeric characters could be substituted for the decimal numbers to provide a greater degree of granularity of the data.

The foregoing method of storing data in the database tables is a marked departure from traditional database theory. In the database tables of the present invention unrelated data items can be recorded in the same database table and various levels of data, from macro to micro, can be stored in the same field in a table.

It should be recognized that the foregoing data storage techniques have broad ranging application beyond the described educational gateway. It is envisioned that the techniques of the present invention will be particularly useful to database companies who wish to provide users with the ability to create complex access privileges on multiple access devices.

Because of the ease in which the profile data can be modified and the degree to which access can be controlled through use of the provided techniques, these techniques are useful in applications requiring the tracking and control of items or objects. Examples of such uses would be the use of the techniques of the present invention with Global Positioning System (GPS) or other location determinative technology to control the geographic area in which a particular device may be used. As part of the service provided by an automobile telematics system such as the"On-Star" system, a user would be able to limit the geographic area or times during which the user's car may be operated. If attempts to operate the automobile outside the specified locations or times were made, the automobile would be disabled and the owner or appropriate authorities could be contacted. An onboard data entry device could be used by the user to change the criteria directly from the automobile.

This same application could be provided in connection with cellular phones and credit cards to limit the areas in which these may be used. The current method of making Internet purchases entails a buyer forwarding credit card information to a seller. The seller then debits the account of the buyer and provides the desired good or service. Using the techniques provided herein, a seller can make information about their account available to

potential purchasers on the gateway. A purchaser can direct their credit card company through the gateway to credit the seller's account. By password protecting access to the gateway for the profile information of a particular user, the incidences of fraudulent purchases can be reduced. The gateway can also be configured to allow a user to change the settings from a WAP phone to prevent theft by attaching a second level of PIN numbers for the information. These incidences can be further reduced through use of existing biometric devices such as retinal and fingerprint scanners.

Alternatively, the gateway provider itself could operate as the credit company.

In a related application, a user's account for such services as television and telephone could be made to travel with them as they move from one access device to another. For example, a user who signs up for cable television service normally can only use that service in one location, e. g., at home. By making the programming available through an appropriate gateway created using the techniques of the present invention, the profile for the user, including the service options selected by the user, could be used to allow the user to access their

programming options from anywhere. A business traveler could access their local programming, including local news, from anywhere in the world.

The techniques described herein are particularly suited to the tracking of records from the micro level to the macro level and vice versa. An example is the tracking of medical records. Through use of the techniques described herein, a single centralized set of medical records for a particular user would be created and added to on each subsequent doctor visit. When a user changed doctors, the user would make the records available to the new doctor simply by entering the new doctors identifying data into the appropriate profile field.

It should be readily recognized that, while the user can control which doctor can access the files, the gateway can be set up so that the user themselves may not have authority to access their own files. The system can also be used to track statistical data in different ways by different people.

The ability of users to tailor the availability of data to specific users makes the system ideal for use as an e-mail system. A user desiring to send an e-mail would create the text of the e-mail in a gateway frame designed for this purpose and then

click on an icon to direct the system to store the data in the database. The text of the e-mail would then be stored within a field in the address table 86. The user would then be presented with a screen allowing them to enter criteria regarding the distribution of the e-mail, e. g., user's who can access the e-mail text, the devices that can be used to access the e-mail text, etc. These criteria would be stored in the listing table associated with the address table storing the text of the e-mail.

By applying the criteria stored in the listing table to the user profile data, identified recipients of the e-mail will be presented with some indication, such as an e-mail icon, that a new email message exists. The specified recipients will then be permitted to access the e-mail.

It should be readily recognized that this e-mail system provides significant advantages over the present e-mail systems. In particular, less memory is required because only one version of the e-mail is stored in the gateway database, which is accessed by all identified recipients, rather than individual copies stored in the memory of each recipient's computer. Attachments can also be added to e-mails simply by adding a link to the attached

data in the address table associated with the email. Again, the attachment would only need to exist within the gateway database, or elsewhere, once rather than in individual copies in the sender and receiver's computer.

Extending this e-mail concept, it can be understood how the gateway concept of the present invention can be used to provide a system having centralized data storage. Individual users of the Internet or an intranet can be provided with"dumb" terminals used to access data stored in the centralized database. Although stored in the centralized database, access to data can be limited by the creator by setting the criteria of the listing table. Access can also be determined by another entity having authority, as established by criteria in the listing table, to limit or expand access privileges. For example, an employee in a corporation may have the right to limit access to data to certain ones of that employee's subordinates but may not limit access to superiors. Access can also be limited by the IP address of particular machines thus limiting where the data can be accessed and on what display device it can be accessed.

Similarly, this system can be used in distributing other types of data such as press releases, auctions, and resumes. A press release or resume could be created and the criteria entered in the listing table to make the press release or resume available at a specific time to specific entities. The press release or resume could then be accessed by the specified entities at or after the specified time.

Through use of data entered in one or more fields of the database tables, users can be linked to form user groups or communities. These user groups or communities can be used in both commercial and non-commercial settings. For example, a family tree group can be created to allow members to enter contact information and to share information with other family members. In a commercial setting, a company can create a group consisting of its customers. Information regarding new products can then be readily distributed to those customers.

Another application of the gateway techniques is in providing advertisers with"point of interest" advertising. Through entries in the listing table fields an advertisement can be linked directly to data relating to that advertisement. For example,

an advertisement for running sneakers can be linked directly to data files or web sites relating to running such that any time any such data file is accessed the advertisement is displayed. Using the user profile, the system would also be able to decide which advertisement amongst a variety would be most appropriate for the specific user.

It is also envisioned that the gateway techniques described herein will be used for providing intelligent call centers. Rather than a user entering the data each time they contact a call center, and then repeating it several times to different employees at the call center, the user can enter the data once and then change the listing table criteria at various times to make the data unavailable or available to one or more different specified representatives within the call center.

It should be recognized that the foregoing are only some examples of the many ways in which the database techniques described herein can be used to provide both new services or existing services in improved ways. The above description and drawings are only illustrative of preferred embodiments which achieve the objects, features, and advantages of the present invention, and it is not intended that the present invention be limited thereto. Any modification of the present invention which comes within the spirit and scope of the following claims is considered to be part of the present invention.

The present application can be embodied in any suitable apparatus such as dedicated hardware, or suitably programmed general purpose computing apparatus. The present invention thus encompasses computer programme code carried on any suitable carrier medium. The carrier medium can comprise any suitable transient carrier medium such as an electronic signal, microwave signal, optical signal or radio frequency signal (e. g. , a signal carrying computer code over a network such as the Internet), or any suitable storage medium such as a floppy disk, CD Rom, magnetic tape, or programmable memory device.

Claims (22)

CLAIMS:

1. A method of determining an entity's access privileges to electronic data, comprising the steps of: accessing a first electronic database table having information represented therein by a first set of characters; wherein said first set of characters includes a plurality of subsets of characters each of said subsets of characters being a code representing an access factor; and determining said access privileges using said first set of characters.

2. The method of claim 1 wherein at least one subset of characters is a code representing an entity.

3. The method of claim 1 wherein at least one subset of characters is a code representing the geographic area to which the electronic data is associated.

4. The method of claim 1 wherein at least one subset of characters represents a different access factor than at least one other subset of characters.

5. The method of claim 4 wherein a first subset of characters is a code representing the gender of a student and a second subset of characters is a code representing the type of educational institution attended by the student.

6. The method of claim 1 wherein at least one access factor represented by a subset of characters is a code representing a refinement of at least one other access factor represented by a subset of characters.

7. The method of claim 6 wherein a plurality of said subsets of characters are codes representing the geographic area to which the electronic data is associated; and wherein each of said plurality of subsets of characters representing the geographic area to which the electronic data is associated represents a successive refinement of the geographic area.

8. The method of claim 7 wherein a first subset of characters is a code designating a state and a second set of characters is a code designating a postal code to which the data is associated.

9. The method of claim 1 wherein all geographic areas worldwide can be specified, to the refinement of the postal code, by said first set of characters.

10. The method of claim 1 wherein said first database table further includes information in a second set of characters; wherein said second set of characters includes a plurality of subsets of characters each being a code representing an access factor; and wherein said access privileges are also determined from said second set of characters.

11. The method of claim 10 wherein a plurality of said subsets of said first set of characters are codes representing the geographic area to which the electronic data is associated and wherein a plurality of said subsets of said second set of characters are codes representing the entity.

12. The method of claim 11 wherein each of said plurality of subsets of said first set of characters representing the geographic area to which the electronic data is associated represent different successive refinements of the geographic area; and

wherein a subset of said second set of characters is a code identifying the entity as a corporation.

13. The method of claim 1 wherein said first database table further includes information represented by a second set of characters; wherein said second set of characters includes a plurality of subsets of characters each of said subsets of characters representing access control data.

14. The method of claim 13 wherein at least one subset of characters of said second set of characters represents an age delimiter.

15. The method of claim 14 wherein at least one subset of characters of said second set of characters is a role restriction.

16. The method of claim 1 further comprising the step of displaying said electronic data on a display device, in accordance with display information stored in a database table, when it is determined, following said determining step, that access to said electronic data is permitted.

17. The method of claim 16 wherein the electronic data is stored in a second database table distinct from the first database table in which the first set of characters are stored.

18. The method of claim 17 wherein said display information is stored in a third database table distinct from said first and second database tables.

19. A method of determining whether to provide information to an entity, comprising the steps of: accessing a first electronic database table having information represented therein by a first set of characters; wherein said first set of characters includes a plurality of subsets of characters at least one of said subsets of characters is a code representing a geographic area within the geographic area represented by at least one other subset of characters; and wherein all geographic areas worldwide can be specified, to the refinement of the postal code, by said first set of characters; comparing said first set of characters to data associated with said entity;

providing the information to the entity based upon said comparison.

20. A method of determining an entity's access privileges to electronic data, comprising the steps of: accessing a first electronic database table having information represented therein by a plurality of sets of characters; wherein a first set of characters includes a plurality of subsets of characters each of said subsets of characters being a code representing an access factor; wherein a second set of characters includes a plurality of subsets of characters each of said subsets of characters representing access control data; determining said access privileges using said plurality of sets of characters; accessing said electronic data from a second database table; displaying said electronic data on a display device, in accordance with display information stored in a third database table when it is determined, following said determining step, that access to said electronic data is permitted.

21. Apparatus for performing the method of any preceding claim.

22. A carrier medium carrying computer readable code for controlling a computer to carry out the method of any one of claims 1 to 20.