[go: up one dir, main page]

HK1046044A1 - Method and apparatus for computed relevance messaging - Google Patents

Method and apparatus for computed relevance messaging Download PDF

Info

Publication number
HK1046044A1
HK1046044A1 HK02107360.5A HK02107360A HK1046044A1 HK 1046044 A1 HK1046044 A1 HK 1046044A1 HK 02107360 A HK02107360 A HK 02107360A HK 1046044 A1 HK1046044 A1 HK 1046044A1
Authority
HK
Hong Kong
Prior art keywords
notification
user
checker
computer
relevance
Prior art date
Application number
HK02107360.5A
Other languages
Chinese (zh)
Inventor
Leigh Donoho David
Salim Hindawi David
Ellen Lippincott Lisa
Original Assignee
比克福克斯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/272,937 external-priority patent/US6256664B1/en
Priority claimed from US09/351,416 external-priority patent/US6263362B1/en
Application filed by 比克福克斯股份有限公司 filed Critical 比克福克斯股份有限公司
Publication of HK1046044A1 publication Critical patent/HK1046044A1/en

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Description

Method and apparatus for communication via computed associations
Background
Technical Field
The present invention relates to a novel communication process that utilizes a computer and associated communication infrastructure. More particularly, the present invention relates to a method and apparatus for computed association communication.
Description of the prior art
The purpose of the communication process is to communicate information between pairs of participants, and as discussed herein, these operators are comprised of information providers and information users. Each consideration will be briefly described below.
Consideration of information provider
The information provider knows the information items and the corresponding situations of the specific user who gets the interesting, useful or valuable information. For example, such information may relate to a problem that a user with a particular attribute desires to solve, or to something that the user with the particular attribute is interested in. Providers wish to communicate information to users in a particular state.
In principle, an information provider may know thousands or millions of conditions about which it can provide information. The public under these conditions may involve thousands or millions of users.
A particular situation of interest occurs when a typical data is only sent to users with a particular set of circumstances. In principle, only a small portion of users of a typical data item will be interested, however, this small portion of users represents a large number of users.
One very challenging and very important situation is when certain data is ascertained to be applicable, a great deal of detailed information about the user, the user's needs considerations or attributes must be known. Such data can be very sensitive to the user and thus the user is reluctant to participate in the process of having to disclose the information to the information provider. Because only the user can obtain the information needed to make a decision suitable for himself, and the user is reluctant to expend excessive effort in the process of making his/her own decision, or to provide the sensitive data needed to make a decision to others in lieu of making it; therefore, it seems unlikely that the information of the user is regarded as a target.
Consideration of information user
The user may be an individual or an organization that is aware of information providers that have information that may be beneficial to the user. In fact, a user may be aware of tens or hundreds of such providers. Typically, only a small portion of the information provided by the provider is of interest to the user at any given time. The user does not want to review all of the information provided by the provider, but rather reviews some of the information associated with it.
Typically, the information provided by the provider changes over time, and the conditions experienced by the user also change over time. The user does not want to keep track of these changes and the status of the information provided by the information provider on his or her own. The user also does not want to remember what information was suddenly made useful and was sent in the past.
Whether due to a change in the environment in which the user is located, or due to a change in the information provided by the information provider, or due to time-related information becoming available, the user desires to have access to a program that automatically detects the presence of available data when the information becomes available. The user does not wish to disclose detailed information to the provider regarding their identity or their interests, preferences and belongings. Users may instead wish to receive a message format that can be carefully inspected prior to use.
It is also desirable for the user to have a method of informing the information provider of problems with the information provider itself, or of some kind of information prior to using the information. Typically, the user desires that the data be easily and substantially automatically utilized if a determination of the data to be utilized has been made. The user wishes to be away from the possibility of corruption by erroneous data.
Thus, if a communication technology could be provided that could handle all of the above considerations regarding information providers and information users, one would benefit from such a communication technology.
Summary of The Invention
The present invention discloses the use of a combination of computers and associated infrastructure to provide a novel way of handling communications. This process allows the information provider to send information to the user group. The information may be directed to users having specifically defined requirements. The targeting process (targetign) may be built on information that is not available from other communication protocols; for example, because other protocols require all potential recipients to disclose sensitive information, or because other protocols require all potential recipients to disclose information that is not available after extensive computation is performed to obtain data using a user-friendly computer, its content, and the local environment.
The targeting process also includes a time factor. When the message becomes available, it may attract the attention of the user at a precise time, which may be right after the message is received or may be a long time after the message arrives. Similarly, this feature is not available to other protocols where the time of information dissemination is very close to what the user knows.
The communication process of the present invention can be operated without interfering with the user and without the user placing a clearly specified requirement on the data, and can be performed without compromising the security and privacy of the participating users. For example, in one embodiment of the present invention, the information provider does not know the identity or attributes of the individual receiving the information.
Such a process may provide an effective solution for modern life, including providing the technical support of modern computers in an automated fashion. In technical support applications, the invention disclosed herein allows providers to specifically acquire specific computers in a wide user population that present specific combinations of hardware, software, system settings, data, and local environments and provide appropriate solutions to problems that may be caused by known such environments to users of the computers.
The presently preferred embodiments of the present invention are particularly well suited to meet the needs of users and providers of technical support applications. Many other interesting areas of application and embodiments will be described herein.
Particular embodiments of the invention are described below:
participants, referred to herein as notification providers (advisors) and author announcements (authors), are specially constructed digital files and may include:
(1) human readable content such as text and multimedia;
(2) computer-readable content, such as executable programs and data; and
(3) expressions of related languages called fixed computer languages.
The associated language describes the explicit condition that a given advertisement may be associated with a user, which is described by the environmental characteristics of the user's computer with reference to interpreting messages, such as system configuration, document system content, connected peripherals, or remotely accessible data. In the bulletin content, the content that a person can interpret may describe the conditions that lead to the relevance decision and suggest actions in response to the conditions, which actions include installing software, changing system settings, purchasing information or software, and the like. The computer-interpretable content may include performing a particular computation, or causing some change to the system environment.
The announcements are communicated through announcement/subscription processes over a wide area network, such as the internet. Announcements are placed by their authors in well-known locations, referred to herein as notification websites. An application, referred to herein as a notification reader (advisor), executes on the computer notifying the user and may periodically obtain announcements from a notification server located at the notification site.
The notification reader can process the message obtained in the above manner and automatically interpret the association clause. The notification reader can determine whether the resulting message is associated with an environment defined by the user's computer and associated devices. The user is then informed of the associated message and can read the associated notice to perform the suggested action.
Relevance evaluation is performed by parsing clauses of a relevance language. These clauses introduce a special checker that may return the identity of the computer, computer configuration, document system, or other compelling element. In practice, the list of context characteristics is available for reference by the association language and can be checked by the notification reader, and the list of context characteristics is determined during execution by the checker thesaurus (library).
The existence of the canonical checker lexicon provides notification providers with a rich vocabulary that describes the user's computer and its environment. In one embodiment case, the collection of the checker lexicon may be augmented in a dynamic manner by the notification provider.
The notification reader continuously collects a plurality of notifications from notification providers distributed in a public network (e.g., the internet) in an automatic mode and analyzes and judges the relevance of the notifications.
A notification reader following a notification (advice) collection agreement, referred to herein as the Anonymous full update agreement (Anonymous exclusive update protocol), may operate with complete consideration of the computer owner's privacy. The information generated by the relevance determination, i.e., the information obtained from the user computer, does not flow into the server. The information on the user's computer will remain on the user's computer unless the user agrees to disseminate the data. Word
Variations of this embodiment will be further described, including variations of very different applications, very different message formats, very different collection protocols, very different security and privacy attributes, very different ways of describing the users with whom the messages are associated, and very different trust relationships (i.e., master-slave relationships) between users and providers. The invention disclosed herein is capable of embodiments in all of the above environment settings.
Brief description of the drawings
FIG. 1 is a block diagram of the process of matching announcements to users in accordance with the present invention;
FIG. 2 is a block diagram of an advisory aspect of the present invention;
FIG. 3 is a block diagram of a user perspective of the present invention;
FIG. 4 is a flow chart of the technical support application of the present invention;
FIG. 5 is a block diagram of a notification website of the present invention;
FIG. 6 is a block diagram of a notification (advice) reader of the present invention;
FIG. 7 is a block diagram of a user response association notification (notification;
FIG. 8 is a data structure of a display advertisement of the present invention;
FIG. 9 is a block diagram illustrating a process for relevance evaluation in accordance with the present invention;
FIG. 10 is a flow chart of the expression tree structure of the present invention;
FIG. 11 is a block diagram of the transmission of the named attribute method of the present invention;
FIG. 12 is a flow chart of an object estimation mode of the present invention;
FIG. 13 is a flow chart of the object hierarchy (hierarchy) of the present invention;
FIG. 14 is a flow diagram of a new member (component) of the object hierarchy of the present invention;
FIG. 15 is a data structure showing the contents of the checker lexicon of the present invention;
FIG. 16 is a block diagram of a status notification of the present invention;
FIG. 17 is a block diagram of a simulation scenario of the present invention;
FIG. 18 is a block diagram of a merchandise market in accordance with the present invention;
FIG. 19 is a flow chart of an association document according to the present invention;
FIG. 20 is a flow chart of the questionnaire survey process of the present invention;
FIG. 21 is a flowchart of the agent feedback variation of the present invention;
FIG. 22 is a flowchart of the user feedback variation of the present invention;
FIG. 23 is a flow chart of the anonymous server of the present invention performing covert two-way communication;
FIG. 24 is a flow chart of another agent feedback variation of the present invention;
FIG. 25 is a block diagram of removing association requirements in accordance with the present invention.
Detailed description of the invention
The present invention implements a communication process that solves the problem of linking information providers to information users in a systematic manner. The present invention provides a system that relies on the use of computing devices connected by a communications network. In practice, these devices cover areas including traditional mainframe computers, personal computers, palm-top personal data managers, and embedded computing devices in the surrounding environment, including consumer electronics such as remote controls, smart televisions, etc., and other general computing-intensive environments such as vehicles. The communication mechanism may include a modem or other wired media, or wireless communication using the internet or other protocol, and may include a physically distributed medium. Regardless of the particular situation, for the purposes of the discussion herein, the computing device is referred to as a computer and the communication infrastructure is referred to as a network. Examples of such infrastructures include intranets (personal computer networks), as well as the internet and large public computer networks, which dominate the World Wide Web (WWW) and related services.
The structure of the present invention can be more completely understood and attention can be focused on the above-described examples of communication problems, if specific terminology is employed. A specific unit as the shared information will be referred to as notification (offer) hereinafter (see fig. 1). The special digital file that delivers the notification is called an announcement (advisory). A notification provider (adviceprovider)10 is an organization or individual that provides information in the form of announcements 12a-12 d. The provider represents a server computer in a computer communications network. Informing users 14a-14c of the organization or individual receiving the information of the type of announcements 12a-12 d. The user is represented by a computer, which is a user computer in a communication network.
It would be helpful if thought of in a concrete fashion, for example, a notification provider could actually be assumed to be a large organization executing a large server computer; notifying the user of an individual who may in fact be assumed to be represented by a separate personal computer, personal information manager, or other personal computing device; and computer networks may communicate according to protocols similar to the TCP/IP protocols currently used on the internet. In actual practice, many variations are contemplated. For example, the notification provider may be a person represented by a personal computer, the notification user may be a company represented by a mainframe computing engine, and the communication process of the present invention may be implemented using protocols operating on other physical communication devices.
With the above terminology, the primary purpose of the present invention will now be described. The present invention allows for the delivery of announcements from a notification provider to a notification user. The protocol of the present invention allows for centralized targeting by matching relevant announcements to users in an automated manner.
The association determination (see FIG. 2) is performed by an application, referred to as a notification reader 20, which may be executed on the user's computer and which may evaluate associations based on complex combinations of possible conditions in an automated manner, including:
hardware attributes. For example, these attributes include the type of computer performing the evaluation, the type of hardware structure 21, the performance and capacity of the hardware, the type of the linked peripheral device, and the attributes of the peripheral device.
Configuration attributes. These attributes include, for example, variable settings defined by the system architecture 22, the type of software application installed, the version number and other attributes of the software, as well as detailed attributes relating to the software installation 27.
Database attributes. These attributes are, for example, attributes of the databases and documents 23 of the computer performing the computation, including presence, name, size, creation and modification date, version and content, etc.
The environment attribute. For example, these attributes are the attributes of the environment in which the computer is known by querying the connected peripheral devices. These attributes include measurements of thermal, acoustic, and geographic locations, among other measurement devices.
Calculated attributes. For example, these attributes are those derived from appropriate operations using specific mathematical logical formulas or specific algorithms, based on knowledge of hardware, configuration, database, and environmental attributes.
The far-end attribute 24. These attributes include, for example, hardware, configuration, database, environmental, and computed attributes that can be accessed through communications with other computers that are closely related to the user or their computer.
Timeliness 25 (Timeliness). For example, these attributes may be based on the current time or a period of time that has elapsed since a critical event occurred, such as a relevance assessment or a collection notification.
Personal attributes. For example, these attributes may relate to computer user attributes, which may be inferred by analyzing hardware, system configuration, database attributes, environmental attributes, remote attributes, etc., or solicited directly from the user or an agent thereof.
Randomness 26. These attributes are, for example, attributes of a random or pseudo-random generator.
Notification (advice) attribute. For example, these attributes are attributes that describe the structure of the present invention, as well as the presence of certain ads or types of ads in the ad library.
In this manner, data can be used to determine relevance in principle, whether the data is actually on the user's computer or is available to the user. The data obtained in this manner may be very general data, covering a range of personal data, professional work products, and the status of specific hardware devices. Therefore, a very broad range of assertions can be made as the subject of relevance determination.
The notification reader 30 (see FIG. 3) is automatically operable to determine relevance by presenting only relevant announcements 32 from a number of notification web sites 33a-33c to the user via the display so that the user is not burdened by reading irrelevant announcements. In this manner, the bulletins can provide automated survey analysis for any problem described with relevance clauses.
The bulletin may include a digital file of an explanation section describing the reason why the bulletin is relevant in terms that the user can easily understand, and the purpose and utility of suggesting actions to the user. The digital files may also include executable computer programs, or links to executable computer programs, as other portions of the digital files. In this manner, the bulletin may provide an automated solution to any problem that has been subject to investigation analysis by the relevance message and that may be initiated by user consideration.
In summary, the present invention has assumed a situation where an active notification provider can identify conditions of interest to a user and provide notifications regarding the handling of these conditions.
Computer technology support application
To make the general principles described above more specific, the following description will be directed to particular fields of application in which the communication process of the present invention is useful (see fig. 4).
In technical support applications, the provider is notified to provide computer-related products or services, such as hardware, software, internet services, or data processing services. The notification provider has a large and widely distributed user population 40. In part, input from the user informs the provider of the problem condition 41 that may affect some of the user's computers. The notification provider may recognize the p hxf problem condition 43 including a stale version of software in use, improper system settings, conflicting combinations of software applications, improper physical resources, corrupted documents, or other similar conditions. For each problem occurrence, the notification provider is informed of the precise hardware combinations, system configurations, database structures, timeliness, and other attributes that are indicative of the occurrence. Informing providers of the explicit solutions to individual problem situations, including:
Advising the user to modify the usage pattern;
advising the user to read the document;
update upgrades to new software versions;
propose to change the system settings;
propose to execute a certain program segment (script) to execute a solution; or
Propose to download and execute special applications to correct the situation.
The notification provider makes a notice 45, which is then preferably tested 46 and stored at a notification website 47 for access by associated users. In this manner, the notification provider utilizes the present invention to contact the user population in an efficient manner. The provider assembles information regarding the particular solution to the problem situation into a formal announcement. This digital file may include:
a formal language specification which is clear when the occurrence of the condition is described;
explanatory information for a user in a situation describing the situation the user is facing and the implications of the situation, while the provider will propose actions to correct the situation; or
Digital content that provides automated solutions or responses.
The notification provider publishes the announcement 40 on the internet or intranet through a notification server executing on the provider's notification website. For example (referring to FIG. 5), the notification website may be comprised of a catalog of notification documents 51a-51b and checker documents 52a-52b (explained in detail below). These announcements may communicate with the outside world 54 through media such as a directory message server 55, an HTTP server 56, and FTP server 57, or a document server 58.
The notification user is the user of the product or service of the notification provider who is familiar with the notification website of the notification provider and who generally trusts the organization to which the provider belongs and the notifications it makes. The notification user can have a notification reader application available on his computer. The notification user instructs their notification reader to subscribe to a notification website established by the notification provider.
Notification reader 20 (see fig. 6) collects the announcements subscribed to by the user according to a predetermined schedule or under manual control of the user through use of interface 65. The subscription announcements are subscribed to by a subscription administrator 67 that is at least partially built into the various user web site definition documents 68. The announcements are collected from collectors 60 used by provider notification web sites 33a-33 b. The reader would then analyze the ads using an un-routine 61 and add the ads to any existing ad population. The announcements may be provided to the reader by a variety of sources, including alternating input data streams. The notification reader will utilize an association assessment module (relevanceevaluation module) to determine the association of any existing or new advertisements. This determination may be made continuously or over a predetermined time period, or under manual control of the user. The notification reader includes a user interface 65 that can receive the associated announcements and a display and management system 66 that can display the associated announcements for review by the user. In embodiments of the present invention, the announcement may also be subject to digital authentication using an authentication module 64 (described in more detail below).
A typical association announcement would be reported to the user as follows:
your computer has some combination of hardware, software and settings. Computers with such a combination are often presented with particular problems. The company has a solution. It will change your computer settings. If you would like to use this solution, then your problem would be eliminated. Such solutions have been rigorously tested prior to release and represent the best solution to the problem for the company.
After the user is notified to check the above bulletin 100 (see fig. 7), some step is taken on bulletin 110, such as ignoring bulletin 111. Otherwise, the user may be careful, which may include further querying the announcement or notifying the author of the announcement 112, notifying others 113 of the announcement, or taking other offline actions 114, and then agreeing or declining the offer based on the results of the consideration. If the user indicates approval, a solution will be automatically generated, which may include a variety of actions including software download 72, installation and execution 71, automatic electronic response 73, or purchase or order of digital object 70.
This particular field of application illustrates that the present invention can be used to diagnose and repair problems occurring on a computer in an automated manner. In addition, the present invention has many areas of application, including business transactions other than the repair of the computer problems described above, or the provision of new application specific communications.
Response to consideration
The present invention is fully responsive to the considerations discussed above.
Consideration of the provider
Large-scale communication: like other computer-based communication systems, such as the world wide web, the present invention is also capable of contacting a large number of users and communicating large amounts of information to the users in an inexpensive manner.
Automatic operation: the matching of the information and the user is accomplished without the need for skilled human intervention and in a case-by-case manner.
Unique target locking: the invention can accurately send data to proper users. The provider can ensure the relevance of the notification by specifying it judiciously.
Targeting with detailed data: in the present invention, the targeting of information is focused on the attributes of the user, since the process of targeting can take internal details of the user's computer state and does not require that such details be revealed to the provider. This level of targeting is not possible with other protocols that require that this information be revealed to the provider to determine if a message is relevant.
Consideration of the user
The present invention satisfies the above-mentioned primary considerations.
Automated operation without intervention: the present invention is an automated communication system that can operate successfully without frequent user intervention. The notification reader may periodically collect new notifications for subscriptions from the notification website. This process can be performed completely automatically (or manually). A database of notifications stored on the user's computer may be continuously automatically operated by the notification reader without intervention to assess relevance.
Targeted information is provided with a narrow range: in a typical mode of operation, the user need only examine information relating to the precise attributes of the user, including attributes derived from the computer's content, and associated peripheral devices and attached computers.
Timely provision of information: in a typical mode of operation, a notification may be entered into the user's computer and stored for a predetermined period of time before it becomes relevant. When information becomes available, it will be displayed but not until it becomes relevant.
Opportunities for consideration are: in typical cases, the notification reader does not automatically deploy the proposed solution operator. The notification reader instead gives the user the opportunity to study the diagnosis and recommendations and to assess the reliability of the provider before proceeding. There are three aspects of considerations that may apply to the present invention:
revealing of potential risks: by leveraging user interface methods, such as hypertext links displayed in HTML, the present invention enables notification providers to adequately inform users of the potential risks associated with following suggested actions.
Finding complaints of the user: with the devices discussed below (e.g., Better Advice Bureau), users can utilize an advertising mechanism to alert themselves about a particular advertising and/or notification provider and about known or predictable privacy and security risks before accepting a proposed solution.
Correction of known defects: the present invention allows a notification provider to revoke its own unit of notifications. The UngetaddviceNet mechanism is an example that is used to quickly distribute advertisements across an invention population.
Automated solutions: typically, notification providers make notifications in a manner that causes a notification reader to provide the notification to a user for automated deployment of suggested solution operators after the user agrees. Therefore, the invention can provide an automatic solution for the situation faced by the user under the condition of user dominance.
In summary, the present invention provides a mechanism to match very specific announcements to users in a communication structure in an efficient manner in response to user considerations.
Security and privacy techniques: unidirectional barrier
The invention disclosed herein provides complete processing for computer association communications. This is a broad concept and has many possible application areas. In some circumstances, this type of communication requires special attention to security and privacy concerns, namely the one-way barrier 35 (see fig. 3). In a practical example, consider a technical support application (as discussed above), where:
the communication must be done over a public network, such as the internet;
notification providers are large businesses or other companies; and
the notification user is composed of a broad general user group.
In such an environment, users have special consideration as to any process that operates as familiar with their computer and its contents. These considerations are justified because the internet is widely considered to be an insecure communication medium. Thus, systems that communicate with the internet, and that operate as familiar to users, will likely infringe privacy.
The present invention proposes a method of communicating between a user's computer and the internet that protects the privacy of the user and overcomes the above-mentioned problems. Such a mechanism need not be used in other environments. For example, in some private computer networks (commonly referred to as intranets), the present invention has a variety of applications. In these environments, security and privacy can be secured through physical control of the computer and communication infrastructure, or under the provision of obligation obligations made by the participants in the process.
The invention applies a special agreement of subscription and collection in an environment where security and privacy are of great importance. For purposes of discussion herein, such an environment is referred to as the anonymous full update protocol (AEUP). The intent of such a protocol is to establish a one-way barrier in which information may enter the user's computer in the form of a notice, but information related to the user does not leave the user's computer unless the user actively transmits it.
The AEUP protocol will be considered as the default protocol of the present invention. Such agreement may provide privacy to the user for reasons that will be discussed below. A variety of applications are also described herein in which security and privacy are not important to user acceptance. Therefore, even if such an agreement is not used, a certain degree of security and privacy can be secured. An alternative Protocol, such as the Anonymous Selective Update Protocol (ASUP), will be described below.
A complete description of the considerations of security and privacy will be provided below.
The invention can satisfy:
consideration of privacy of the user: the invention completely considers the consideration of the privacy of the user. In embodiments that provide AEUP, the user can benefit from a notification that the target lock is narrow, even without revealing his identity, and any attributes that are checked in determining relevance, as well as the relevance itself, need not be revealed.
User initiative: in a typical mode of operation, the notification reader will not receive notifications unless the user participates in the subscription. This ensures that the user does not receive unwanted communications.
Privacy of automation: under AEUP, collecting notifications from a website, evaluating associations, and presenting relevant notifications to a user, all without exposing the user's data to the notification provider.
Ineffectiveness of the infringement: several embodiments of the invention include measures to prevent privacy violations or even illegal eavesdropping activities.
User safety considerations: the invention completely considers the safety of users. In embodiments that provide AEUP, a user may benefit from notification that the targeting range is narrow without exposing themselves to security threats from malicious sources.
User-enabled subscription: in a typical mode of operation, the notification reader will not receive notifications unless the user participates in the subscription. This process of subscribing to notify web sites means that the user has some level of confidence in the provider. Thus, in typical operation, notifications will only come from trusted web sites.
Harmlessness of the automation: in a typical situation, the process of collecting and evaluating the bulletins does not have a significant effect on the user's computer. Any proposed solutions are informed in advance and subject to later approval by the user. Users who do not want to follow the recommended action but only want to carefully investigate the relevant notifications do not face obvious risks.
Revealing of potential risks: by leveraging user interface methods, such as hypertext links displayed in HTML, the present invention enables notification providers to adequately inform users of the potential risks associated with following suggested actions.
Finding complaints of the user: with the devices discussed below (e.g., Better Advice Bureau), users can utilize an announcement mechanism to alert themselves of the danger to a particular announcement and/or notification provider and to known or predictable privacy and security before accepting a proposed solution.
Correction of known defects: the invention allows the notification provider to withdraw the notification of its own unit and can let others comment on the error notification of the notification provider.
Automated solutions: typically, notification providers make notifications in a manner that causes a notification reader to provide the notification to a user for automated deployment of suggested solution operators after the user agrees.
Thus, the present invention provides a mechanism to match very specific announcements to users in a communication facility in an efficient manner in response to user considerations.
Hierarchy of inventions
This document describes computed association communications from a variety of perspectives, i.e., from a very generalized communication process to a specific protocol that has been implemented by the universal communication corporation of becklay, ca. It is worth classifying here for what is described in the present invention:
relevance-guided communication: the generalized communication process used by the present invention has five units (see fig. 8):
relevance clause 80: a statement as to the state, content or environment of the user's computer may be automatically evaluated by comparing the statement to the actual state of the user's computer. In a typical case, the relevance clause is preceded by a topic title 82, which gives an overview of the topic of the notification.
Relevant message 81: one or more messages relating to the clause whose suitability for the user is at least in part determined by evaluating the clause.
Collector 60 (see fig. 6): an application monitors the flow of association clauses from different locations to a user's computer, perhaps in a synchronized manner.
Viewer 63 (see fig. 6): an application program has the ability to evaluate relevance clauses, i.e., statements about the user's computer's own environment, by comparison with the true state of the environment, detecting characteristics of the user's computer and its environment, and checking whether these results are near or far from relevance.
Notifiers (notifier)65 and 66 (see fig. 6): an application has the ability to display messages to a user, at least under the direction of evaluated relevance clauses.
The main difference between the present invention and other targeted information providers is that the present invention provides a detailed tool for selecting very specific targeted targets, and other protocols for targeted information cannot match because they do not regularly acquire the status of the user's environment.
The details of the association monitoring communication are less important for the five-unit mode described above. For example, in one implementation, the five-unit mode is performed over a closed computer network, such as a corporate intranet. In another embodiment, the five-unit mode is performed over a public network, such as the Internet. Considerations that affect the public environment, such as security and privacy, may be completely independent of considerations in the private environment, which may be satisfied by the actual control of the network. In either environment, the basic five-element model of affinity monitoring communication provides a valuable contribution to the job of contacting the provider and the user.
It is important to note that in this five-cell mode embodiment, five cells are not readily apparent. The underlying implementation obviously has many seemingly different ways to achieve this basic structure, as will be explained in detail below. For example, the association clause and related message may be nested within the same document and contacted simultaneously. In various embodiments, the association monitor message may be communicated using two phases, a first phase to transmit the association clause and a second phase to be sent only when the first phase results in an associated result or when the user computer makes a request to the provider. Conceptually, useful results can be obtained using either of two communication protocols. Both methods are embodiments of the same invention.
Association monitoring with security and privacy: since public networks (e.g., the internet) are important, an embodiment of a five-cell model that can satisfy basic security and privacy concerns is also important. The mechanism to extend the basic five-element model is an important embodiment of the present invention (e.g., by AEUP, ASUP, or substantially equivalent protocol) that is extended to become both closed and private systems on public networks. It would be advantageous if the calculated association communication could be widely accepted by users.
The preferred embodiment of the present invention: the preferred embodiment of the present invention is comprised of a large collection of different interactive units and is judiciously designed to meet the objectives of implementing the system. Many more systems exemplify the potential of the invention in technical support applications. Those skilled in the art will appreciate that the present invention may be implemented in a variety of other applications.
Different examples: particular embodiments will be achievable after a series of different fields of application have been examined and carefully studied. This document describes in great detail a number of different embodiments that modify the basic operation of the central embodiment for other commercial fields or needs. For example, in certain circumstances, it may be important to use low bandwidth communications for privacy. Variations on this environment will be described in detail below.
Element of the invention
The following description will describe the major elements which are presently considered to be the best embodiments of the invention. In this embodiment, it is assumed that communication is via standard internet technology, and both the notification provider and the notification user rely on computers connected via a standard network.
Component of notification provider
The following is a list of component names, followed by a brief description of each component in the minor portion:
notification Web site
Notice
Website markup (Signature)
Description document of Web site
Thesaurus documents of the checker
Supplementary document
Although the above components can be implemented in a variety of ways, the simplest way is to describe their type and function using the best mode currently known and based on the use of internet protocol. Those skilled in the art will appreciate that this embodiment is not the only embodiment.
Notification website
This is a standard location on the internet (see fig. 5), such as a URL-addressable directory on a server computer, in conjunction with server software that responds to specific TCP/IP request messages.
The website directory may contain a plurality of documents including bulletins, summaries of announcements, and thesaurus of reviewers.
Software attached to the server can perform functions such as an HTTP server, an FTP server, or a document server, and acquire documents stored in the directory using a well-known communication protocol. Software associated with the server may also perform the functions of a particular server to implement the particular communication protocol of the present invention.
These agreements include:
the function of the directory message that the service describes the contents of the web directory, including document name, size and time;
the function of the service abstraction message, which describes the abbreviated format of the document contents in the catalog;
the function of executing the security wire exchange program;
performing the function of challenging the notification reader to verify its reliability; and
a function of measuring the network traffic passing through the website and calculating a traffic hierarchy summary.
The service software of the notification website functions to handle specific requests issued by the notification reader executing on the user's computer. The notification reader may request information about the website directory, a summary of the announcements, or request the content of individual announcements. The transaction scenario between the notification server and the notification reader will be further explained below.
Notice
The announcements on the notification website are digital documents. The announcement typically has several components:
the default condition of relevance is written in a formal relevance language, which is used to describe the properties of the computer and/or its contents and/or its environment. For further information on the relevance language, please refer to the following description.
Human intelligent components that summarize the purpose of the communication, describe the author, interpret the pre-set conditions of the human language, and interpret the solution in the human language.
Computer intelligence components that provide software tools for solving the problem, or obtain software for solving the problem via the internet. In the best practice at present, announcements are made in particular in ASCII format documents established conventionally in the MIME internet standard, and the associated documentation is established in RFC1521, below, etc. (see n. borenstein, n. free, MIME (multipurpose internet mail protocol), first part: mechanisms for specifying and describing the format of internet message bodies, internet standard conventional RFC1521 (1993)). This format is now used to deliver internet mail; it contains a header that describes the sender of the message and its subject, and a mechanism for digital signature. MIME-formatted documents are readily transmitted over the internet and are readily separated into its constituent parts using parsing algorithms well known to the internet community. The format of the bulletin document will be described in detail below (see also, "Guide to Writing bulletins for AdviceNet"), universal communications, inc., beckley, ca (1998)).
Authentication bulletin
Website signature
Some mechanism of digital signature may be attached to the website; for example, a standard digital signature using a public-key/private-key (private-key) is an example. Such a signature mechanism may be used to sign a notice in order for the notification reader to verify whether it is from an authenticated notification provider.
Web site description document
A Site Description File (SDF) is a specially structured ASCII text document that is authenticated by a notification provider. The document describes the provider's notification website and serves as the basis for the user's subscription. This document describes the location (URL) of the website, the name of the website, and security features of the website, such as whether the website only provides a digitally signed notification. This document also provides the user with parameters in the subscription process (e.g., the frequency of performing the proposed synchronization process, and the type of subscription relationship (free/fee-based), etc.). The document also includes the purpose of the web site marked with human-readable text.
The site description document (SDF) may also include a public key attached to the notification that the site is authenticated. The web-authenticated notification must use the public key to verify its signature.
The SDF may also be signed by an authenticated entity to establish authentication of the web site specification document. For example, SDFs may be signed via advisories.com or Better Advice Bureau, see description below.
The SDF may also include rating blocks provided by certified rating services to establish privacy, security, and useful notification reliability on the web site. See the examples below.
Checker lexicon
The checker lexicon is a library of executable code of special functions that is available to the reader for expanding the capabilities of the associated language. In effect, the checker lexicon provides a mechanism for notifying websites of specific extensions of the relevance language.
Supplementing documents
Thus far, the content of the notification website in question plays an important role in the general operation of the present invention. In a typical embodiment, additional documents may appear in the notification website's directory, which documents do not play any role for the invention itself, but may be added to the notification website's directory. These documents are interspersed in the same manner as other documents. This embodiment allows for the dissemination of installation programs, uninstallation programs, shell hand files, JAVA, and Visual Basic programs, etc.; that is, in general, it may be a data packet, an application, and other resources that may support the evaluation and compliance of notifications issued by a web site. For example, such additional documents may be used as a database search of the notification provider's own checker lexicon, or as an application that executes solutions suggested by the notification provider.
Components for informing a user
The following is a list of component names from the perspective of notifying the user, followed by a brief description of each component in the sub-portion:
notification reader
Subscription database
Announcement database
User profile
An inspector
Solutions guide (wizard)
Notification reader
Notification readers are applications executing on the user's computer that are responsible for notifying the contact of web sites and for managing interactions with the user. The reader is notified to save the document directory on the user's computer. The directory contains various documents for/managing the operation of the notification reader, as will be explained in detail below.
The notification reader has a number of tasks, which are listed below, but not described in detail:
manage subscriptions
Synchronization with the Notification Website
Collecting announcement documents
Unwrapping announcement messages
Manage the notification database
Management relevance assessment
Evaluating relevance of individual announcements
Invoke the checker
Displaying the relevance announcement to the user
The processing will be described in detail below.
Subscription database
The notification reader maintains a database of subscription information that can be scheduled for website synchronization processing by the collector unit. The subscription database contains information about the location of the notification website; information and suggestions of notification-descriptive documents provided by the notification website, such as suggestions of frequency of synchronization; checking the information required for the digital signature of the notification website; and information about the user's look and feel of the notification website.
Notification database
The notification reader maintains a database of notifications collected from different notification websites. These may be indexed according to the system's recipient's web site under consideration for the notification, or according to other principles that may be helpful to the user or author.
The notification reader may organize the notifications into notification groups that share the same processing. Examples of this principle include a group of users that specifically target one of many people on a computer, a group that schedules only manual relevance assessments, and a notification group that schedules an assessment at night.
User profile
The notification reader stores one or more special documents containing data taken from interview users, derived from the user's actions, or derived from a computer or its environment. Such data may describe the computer or its environment, as well as preferences, interests, needs, abilities, occupation, and user's plan, including things unrelated to computer operation.
One or more documents may be encrypted. The documents may be organized by notifying web sites to describe the interests and preferences of queries that are needed to provide only specific web sites for relevance analysis.
Inspection device
The checker lexicon contains executable program code that can be called by the reader as a part of the relevance assessment process. The inspector can inspect the characteristics of the user's computer, storage devices, peripheral devices, environment or other remotely associated computers. These characteristics will be described in detail later.
Solution guide
The solution guidelines support the process of automating solutions. Solution guidelines are applications that can perform the standard functions often used to solve computer problems. These functions will be described in detail later.
Overview of transactions
The basic mode of transaction over the internet used by the present invention will be described below.
Subscription mode
In the present invention, the initiation of the interaction is typically initiated by the user. For example, a user may be informed of the presence of a notification provider and its associated notification website due to installing a new hardware or software product on their computer, or due to advertising or sharing experience with other users. After the user knows that the website provides notification and trustworthiness, the user may subscribe. The user contacts the notification reader and invokes the subscription manager 67 (see FIG. 6), which sets the notification reader and subscribes to the notification website by presenting the corresponding website description document or an indicator of such document, or the website itself contains an instance of the document. After reviewing the interaction items suggested by the SDF, the user sets the relevant subscription parameters that control the frequency of collecting notifications from the web site.
Collecting notifications with AEUP
The notification reader may periodically or manually synchronize with the website according to the subscribed items. A component of the notification reader, called the collector, functions to synchronize the image of the user's web site with the image of the current notification web site. These states will be different if the notification website withdraws notifications or makes new notifications after the most recent synchronization. The collector determines that there is a one-to-one relationship between the announcements on the notification website and the notifications on the user's device. The collector will turn on to the directory message server on the notification website. After selective secure handshaking to verify the authentication of the notification reader and the server, the collector queries the server for directory messages. The collector checks the response to see if the web site directory has changed after the previous synchronization. If there is no change, there is no need to fetch any documents from the notification website, and the connection process is thus terminated. If the directory has changed or is synchronized for the first time, the collector will initiate FTP and/or HTTP and/or document servers to fetch new documents. The collection will also delete the announcement that no longer corresponds to the server, thus terminating the synchronization of the user's web site image with the real web site image.
The protocol described above is the AEUP protocol. The collector may collect all documents located on the notification website anonymously with the consent of the notification server, or documents that have not been previously collected at any level. This is intended to mean that the notifications stored on the user's computer contain all of the notifications provided at the notification site by the previous synchronization at any time, rather than the notifications that the user has intentionally deleted. Therefore, there is no selective collection operation here. The results of this protocol and alternative protocols will be described in detail below.
Unlocking the announcement
As described below, the announcement document may be a complex hierarchical structure that contains one or more messages. The reader is notified to unlock all the cells in the structure. The units of the structure can be signed by means of a digital signature, i.e. they are checked during the release process. After unwrapping, the ad will join the group of all ads, including the new ad and the old ad to be evaluated. In an exemplary embodiment, the present invention prevents unsigned publications that cannot be verified from entering the system.
Relevance evaluation
Since all notifications to be evaluated can be separated from the collection process, they can be processed continuously, either on a user-specific schedule or on the user's immediate request, or on some specific triggering event (see FIG. 9). The notification reader analyzes the individual messages and recognizes clauses that determine relevance. These clauses are expressions of the formal relevance language, which will be described in detail below. The notification reader analyzes the clause into a tree structure of basic sub-expressions by using the expression tree structure generator 91 (refer to fig. 10), and then evaluates each sub-expression of the tree structure by using the expression tree structure calculator. If the evaluation operation process is successful and generates a True value (True), the message is considered to be associated 93. A quick delivery method 94 is then used to consume the announcement, which may include a document system checker that identifies the appropriate directory and document name references 96 in the various user volumes 97, 98; a log document checker 99 for checking the log document 120 of the operating system; an operating system checker 121 that checks various system components 122; or a hardware device checker 123 for checking various system-mounted devices 124.
Inspection device
The evaluation of the sub-expressions is performed by a method called checker (see FIG. 11), which performs mathematical logic operations, performs computational algorithms, returns the results of system calls, accesses the contents of a storage device, and queries the device or a remote computer. These methods are called checkers because their frequent purpose is to check the identity of the user's computer and its configuration, or the contents of the storage device. The checker may be built into the reader or may be accessed through a DLL or similar mechanism. Therefore, the object 123, property name 131 and/or string selector 132 can utilize the method delivery module 134 to quickly deliver the delivery message to the reader according to the delivery message contained in the method delivery table 133. Various reviewers 135, 136 may be provided at the user location, each comprising a reviewer thesaurus 137, 139, and associated methods 138, 140. The checker will be further described below.
User interface
After notifying one of the groups that an item has been determined to be associated, the associated item is added to the displayed list of items. This list is displayed according to a typical user interface model. The user interface may inform the user about the author of the announcement, the data from which the announcement was obtained, the date the announcement became associated, the subject of the announcement, and other attributes of the announcement message. The user interface may display the explanatory content of each announcement to the user. The explanatory content may comprise a plain text explanation or a more elaborate multimedia explanation and depends on the announcement. The interpretation may identify conditions that cause the publication to be associated, implications implied by the association, suggested or currently taken actions, consequences of taking these actions or not taking them, or experience with the action suggestions by other users or parties, etc., and may be ad-hoc. The user will peruse the interpretation and perhaps make additional research (e.g., reliability of the research provider, or other user opinion, etc.).
Suggested responses
As part of the display of the associated announcement, the user is typically provided with an opportunity to respond to the situation. Possible reactions include:
user override information/suggestions: the user decides not to purchase and ignore the notice after checking the notice, and deletes the notice.
The user is informed of: the user reviews the announcement or other designated document and learns from it certain important or interesting items.
User considered acceptance: the user examines the announcement or other designated file, or some of the multimedia content it contains, or the multimedia content it designates, and is in the content of stimulus acceptance.
The user forwards this information to others: including friends, family, colleagues or associates. The forwarding process may be a delivery of an offline status or an electronic delivery, such as an email.
User and provider or other contact: this includes contact by letter, telephone, fax or email. This may also include participation in information exchange, including technical support, training or market research, as well as in sales or other commercial transactions.
The user starts participating on-line in the timely event.
The user purchases the item using e-commerce: this may include making a purchase by clicking on the notification reader window, which is a shopping mode.
The user fills in data: this includes forms sent by web browsers, or text document forms returned by email, or forms returned by filling in and faxing or mailing.
The user takes action in the offline real world: this includes any offline action, ranging from actions related to modifying the state of a computer device, gathering information about the environment surrounding the computer, or manually reading certain instructions before the on-line process begins. The action may also include a simple personal item.
User modification of system settings or data fields on the computer: this may include a user performing a series of manual operations on the computer to change the settings or software applications of certain system components or to modify data in a database.
User start install/uninstall/execute solution: this may include the user clicking a button on the device reader, automatically performing a series of download/install/uninstall/execute steps in an automated fashion, or requiring the user to access physical media, such as software or a CD-ROM, in order to perform the installation under direct supervision. Which may include automatic execution or execution under user control, followed by notification of the indicated instructions.
User-invoked solution's manuscript file: the notification may utilize a high-level system-engineering language (high-level system-editing language) to provide a series of instructions, such as appleScript, doshell, Visual Basic, which the user may store as a document and pass to a standard interpreter (e.g., appleScript editor, DOS Shell command-column interpreter (1ine interpreter), UNIX Shell command-column interpreter, or Visual Basic command-column interpreter). This action may include, among other ways, a user performing a series of manual operations on the computer that involve typing instructions word by word in a window of a particular application.
Many substantial responses may be summarized in this list of responses.
Notification document format
The format of the notification document provides a mechanism for the encoding of a single notification or multiple notifications for transfer between computer networks and other digital transmission media, and provides many of the same basic narrative content changes. The following discussion will describe the components of the notification in general terms and describes what is presently believed to be the best way to implement the notification using MIME format.
Component of a basic notification
The most basic notification may include the following logical components (see FIG. 8):
wire-wrapped (wrapper): are designed to wrap around components of the transmitted and subsequently decoded information.
Sources are listed: for identifying the components notifying the author.
Topic column: for identifying briefly the components considered for notification.
Relevance clause: a component in the formal association language that explicitly indicates that a notification may be an association condition.
The message body: components for providing explanation content that explains to the user what conditions may be found to be relevant, why it is relevant to the user, and what actions are suggested to be taken.
Action button: means for enabling a user to invoke automated execution of the suggested action.
Clause changes
Elaboration on basic planning may be valuable:
the notification may contain a clause of when to expire. This is an expression of a formal relevance language that will cause the message to be stale if its evaluation is true.
The notification may contain a clause of when to evaluate. This is an expression of a formal relevance language, and if the result of its evaluation is true, the message will be evaluated for relevance.
The notification may contain a clause that requires the checker thesaurus. It may give the name of the checker lexicon and the URL it can be found. This means that a checker lexicon must be installed in order for the correlation to be evaluated correctly.
The notification may contain a reference clause given the system key designation referenced by the condition associated with the notification.
The notification may contain a clause of the solution utility. Which gives a keyword indication of the possible utility of the suggested response.
Other variants are also possible in the future. Such variations are not to be excluded from the scope of the present invention.
Variation of display
The message body can appear in at least three formats:
and (3) writing: the explanatory content may be an unlimited ASCII text document. This format does not have inline changes in the style of display (e.g., fonts cannot be changed and/or hypertext links that do not reference external documents).
HTML (hypertext markup language): such explanatory content that makes up the body of the message may be an HTML file. The web browser may identify such files. The HTML file can be varied in the text display to include tables and visual formatting features, and can reference external files as well as external graphics documents.
text/HTML: such explanatory content that makes up the body of the message may be in text/HTML format. The notification reader can select which format is more suitable for the user's needs.
Further variations in the notification content, including sounds and images, are also within the scope of the present invention.
Digital integrity and authentication
The message body may have a digital authentication feature attached to the message to ensure its integrity and authentication.
A digital digest may be appended to the message to ensure the integrity of the message. When the author composes the message, the specific functions of the message body can be calculated and appended to the message. The receiver of the message can check the integrity of the additional message by computing the same function and checking that it produces the same result. Examples of digital digests include CRC, MD5, and SHA.
Digital digests are well known in the art of computer programming, so-called hashing. The concept is that mathematical operations based on modular arithmetic can be applied to the numeric representation of a body of text, which can produce numeric outputs ranging from small numbers to numbers requiring tens of numbers to represent, and depending on the details of the summarization mechanism. These numerical operations typically produce an output that depends on the original body of the discontinuity and is not easily inverted. In other words, a message with little vulnerability may evolve into a very different digest. Furthermore, it can be very difficult to find any two messages with the same digest, and if one of the two messages is explicitly specified, it is very difficult to find the other message with the same digest.
The implication is that a notification document is modified in some way from the author's original semantic meaning due to a transmission or recording error, and typically does not result in the modified document generating an appropriate digital digest. In this manner, the modified document may be identified and may not be considered.
Digital signatures may be appended to messages to ensure authentication of the message (see c. pfleeger, secure in Computing, Second Edition, Prenitce Hall (1996); and PGP 4.0 Users Manual, PGP preference Good Privacy, Inc. (1997)). This is an improvement of the digital digest concept, which can avoid the security of the digest from being compromised by eavesdropping.
The digital signature generally operates as follows: when an author composes a message, a digital digest of the message is computed and then the digest is encrypted using well-known and widely used encryption techniques for notification web sites. The encrypted digest is considered to inform the website of the signature on the message and is appended to the message itself and labeled as a signature.
In looking for a signature to check a website, the notification reader attempts to decrypt the signature using a known decryption algorithm attached to the notification website. Successful decryption results in a digital digest that matches the value computed directly from the message by the reader. The result of an unsuccessful decryption may not match the digital digest of the received message.
It is widely accepted that such processing will result in a secure digital file when used with some known encryption system (see c. pfleeger, Security in Computing, Second Edition, Prenitce Hall (1996); and PGP 4.0 Users Manual, PGP preference Good Privacy, Inc. (1997)). In other words, a malicious entity cannot easily modify a valid notification to produce a successful decryption and masquerading notification.
Indeed, in order to successfully fool the system, the spoofed notification must generate a digital digest of the document that has been properly modified and employ an encryption algorithm accompanying the notification website. Although the imposter may know how the digital digest mechanism operates, it cannot encrypt the file as if it were a notification website.
The basic assumption of modern cryptographic systems applied in public communications is that some encryption/decryption algorithms may have well-known decryption algorithms and keep these encryption algorithms secret. Until this basic assumption is overruled, the digital signature mechanism is still widely regarded as a valid authentication mechanism.
MIME
In the best method for structured notifications for internet transmission at present, the notification files are grouped into separate ASCII text documents, which are a valid instance of a MIME document (see n. borenstein, n. free, MIME (multipurpose internet mail protocol), first part: the mechanism to specify and describe the format of the internet message body, internet standard convention RFC 1521 (1993)). Only a particular subset of the full MIME format is actually used. Special extensions to MIME are suitable for use with the present invention. MIME is a convention of internet standards that extends the typical e-mail internet standard, commonly referred to as RFC 822. MIME format is widely used for internet transmission of e-mail. There are four features of special usability related to notifications:
Header column: MIME specifies that the message body is preceded by an extended message header consisting of various header columns, wherein the respective columns begin with well-known clauses and include addressing, date, and associated comments. Some columns may be readily adapted for use with the present invention. For example, the source and subject column components of a notification may be implemented as From: and Subject: a header column, which is part of the MIME standard.
Expandability: MIME provides a method for creating new message columns in a message. This includes a method of embedding a new message column into a message, and a method of signing a MIME authentication into a new column. The main invention constructs when relevant and when expired, etc., so that MIME language can be easily added in this way.
Alternatively: MIME provides a way to provide two different versions of the same message, i.e., multiple alternatives, with the goal of choosing the appropriate display. Thus, the present invention can be readily implemented using the MIME standard and its multiple alternative features to transmit one or more facilities displaying the same structured information.
The abstract mechanism is as follows: MIME provides a well-known mechanism, i.e., multiple/hybrid, for grouping multiple complete MIME messages into a single document to provide internet transmission. MIME places a recursive digest structure in which a message can have multiple relevant parts, and the parts themselves can be a verbatim interpretation that is inserted into the MIME document. The MIME document using this feature can be used to extract the components of many consumers and is organized in tree-like structures of the branching structure of modern personal computer filing systems.
Thus, MIME becomes a tool for grouping e-mails, not for grouping new files, i.e. notifications. To avoid confusion, it should be understood that: notifications are not like emails because the notification does not have a specific recipient or list of recipients. The notification is instead a broadcast message. A notification typically has associations and related clauses and typically has active content. Emails do not have associations and related clauses and generally have no proactive content. Notifications are part of a new communication format that can be implemented in the MIME standard. MIME notification applications can address different issues beyond email by ignoring MIME clauses used by certain emails and adding specific new clauses for relevance evaluation and notification management. In some cases, the relationship with the email is notified, i.e. as between USENET and email. Both the notification and USENET news systems use MIME as a grouping mechanism. However, both provide a different means of communication than email.
Although MIME is a convenient way to implement a form of notification, it is not necessary to associate MIME with the present invention. There are many other commonly used formats in the internet world, such as XML, which can be used to represent notifications. In the disclosure of the present invention, only the best way currently considered to implement a notification document is discussed herein.
Examples of the invention
An example of a notification document is as follows:
    Date:Sat Mar 21 1998 17:06:12+0800    From:Jeremiah Adviser jeremiah@advisories.com    MIME-Version 1.0    Organization:Universe Communication,Inc.    Subject:A better version of the advice reader is now available    Relevant-When:version of application″advice.exe″<version″5.0″    Content-Type:text/html;charset=us-ascii    <HTML><BODY>    A better version of the advice reader is now available.    Click to<A HREF=″http://www.advisories.com/win98/advice50.exe″>    Download</A>the latest version of advice reader.    </BODY></HTML>
here, the reader can see different components of a message, embedded as MIME parts:
a winding connector:
MIME-version and content-type header columns.
Sources are listed: from: jermehiah Advider …
Topic column: subject: a beta version of …
The message body: HTML fragments, starting with < HTML > and ending at </HTML >.
Action button: there is no action button in this notification. The active part of the message (download) is processed by the HTMLHREF link. The user will typically see the character download and will typically know that clicking on the character with the mouse pointer will result in the indicated action.
Hierarchical blocks
In another variation, the notification may include rating blocks that contain information that is rated according to decision rules such as privacy, security, and usefulness. For hierarchical blocks, standard formats already exist (see Khare, Rohit, Digital Signal Label laboratory, The World Wide Web Journal, Vol.2 Number 3, pp.49-64 Oreilly (Summer 1997), http:// www. w. 3.org/DSIG), which can be easily attached to messages in MIME structures. Refer also to the description below.
Relevance language
The format of the notification is similar to that of an email message, with many of the same sections in the message/digest header. The main extension provided by the notification is the regular, i.e. associative, clause of the new clause in the message. The association clause is preceded by the keyword phrase relevant-When: . Immediately following the keyword is an expression of the relevance language. The following discussion is directed to the best methods presently used to describe the state of a user's computer.
Descriptive language
The purpose of the relevance clause is to check the status of individual computers and to check whether they meet the relevance condition of a certain announcement.
With respect to what is presently considered to be the best way to practice the present invention, the language itself, i.e., the allowable phrases of the language and the semantic meanings behind the phrases, may provide the user with an intelligent model of the computer component, its peripherals, storage devices, documents, and related concepts. This is different from the common model used in common computer languages, where the language itself provides a very narrow picture to solve the problem.
Like conventional languages, the associative languages include basic data types such as Boolean algebra, integers, and strings. In addition, as with conventional languages, the association language can also be written as a mathematical logic expression as follows:
(2346+(-1234)/(1+2))>0
The meaning of a typical expression (e.g., 1+2) is to apply the method "+" to a set of objects in order to compute two sub-expressions, l and 2. The set of objects in the problem is an integer pattern with values of 1 and 2, respectively. In the presently preferred method, the associative language has a wide range of available operations, including arithmetic, string and logic operations, which are established by operating on a built-in physical data pattern (see FIG. 12).
Unlike conventional languages, the association language includes an abstract data type "World" that can be considered the overall environment of a personal computer on which the association clause can be computed. Such objects have certain characteristics. These properties may make the objects various types, and the objects may have further properties (see fig. 13).
"World" is a type of system that has a variety of characteristics depending on the particular implementation and the particular system architecture.
In the technical support application described above, these features may include system folder features, CPU features, monitor features, and the like. The properties of an object may be obtained by performing a parser method. The parser method for the system folder of data type "World" returns the object of type system folder. The parser method for the CPU property of data type "World" returns an object of type CPU. These derived objects instead have their own characteristics. For example, an object of the type CPU may have the following characteristics: speed, manufacturer, model, MMX (multi-storage converter), and cache, etc. When the method is applied to an object of the type CPU, the corresponding characteristics all return a result. For the sake of illustration, it is assumed that the rate result is an integer, the manufacturer result is a string representing the name of the manufacturer, the model result is a string representing the name of the model, and the MMX and cache return more specific object types MMX and cache.
The associative language has assumed that the user's computer-inspectable properties are equivalent to the "World" data type, and that properties derivable from "World" are obtained by iteratively requesting properties of objects derived from "World" (see FIG. 14). The object world (objectworld) may provide a rich concept in applications that can derive the world of objects in technical support.
Examples of Association clauses
The following are examples of relevance clauses for use in technical support applications:
presence of certain applications on a user's computer
relevant-When:exists application“Photoshop”
The intent of this fragment is to apply a property of the "World" type, which takes additional string parameters and returns an object of the type application. exists is a property of all objects that returns a Boolean value True (Boolean True) if the object exists. If an application named "Photoshop" cannot be found by the method implementing the application property, the result is a non-existent object, and exists returns a Boolean value of false.
Comparison of version numbers
relevant-When:version of Control Panel″MacTCP″is version″2.02″
The intent of this fragment is that the Control Panel is a "World" type property, which takes the extra string parameters and returns an object of the type Control Panel. If the control panel named "MacTCP" cannot be found by the method implementing the control panel property, the result is a non-existent object, at which time version is not an allowed property, and the calculation fails. If a Control Panel named "MacTCP" can be found, the version is a property recognized by Control Panel, and then the version will call a method that returns an object of type version and contains the number of the Control Panel, and is recorded in a special format. This result will be compared to the sub-expression "2.02" version. This temporal version refers to the property of "World", which takes the extra string parameters and returns the object type version. If the calculation is successful, the comparison result is a Boolean value: it is true or false.
Comparison of modification dates
relvant-when:modification time of Photoshop PlugIn“Picture
Enhancer”is greater than time“0 January 1997 12:34:56
+0800”
The intent of this fragment is that Photoshop Plugin is a "World" property, which takes additional string parameters and returns an object of the type Photoshop Plugin. If Photoshop plug in (plug and play program) named "Picture Enhancer" cannot be found by the method implementing the Photoshop plug in property, the result is a non-existent object, and the modification time is not an allowed property, and the calculation fails. If a Photoshop plug-and-play program named "Picture Enhancer" can be found, the modification time is a property recognized by the Photoshop plug-and-play program, and then the modification time calls a method, which returns an object of the type time. This result will be compared to the sub-expression time result "January 1997 (1/10 1997)". Here, time references the property of "World", which takes additional string parameters and returns the object of type time. If the calculation is successful, the result of the whole expression is a Boolean value: it is true or false.
Automatic syntax analysis and calculation
The primary purpose of the association language is to enable notification providers to issue announcements that can be analyzed on a computer by a notification user and read in an automated fashion without user intervention and to determine whether the announcements are associated with the user.
In the best known method, the associative language is implemented as a context-free grammar that can be automatically parsed into a tree structure of sub-expressions. A tree structure of sub-expressions can be understood as an abstract structure, whose nodes are methods and branches are sub-expressions.
Such a tree structure is represented using standard symbols in computer science:
(node(expr-1)(expr-2)…(expr-n))
where a node (node) gives the name of the method used, (expr-k) represents the kth sub-expression provided to the method. For example, the following expressions:
(2346+(-1234)/(1+2))>0
can be analyzed as:
(> (+(Integer 2346)
(/ (Integer-1234)
(+ (Integer 1)(Integer 2))
)
)
(Integer 0)
)
expression:
exists application“Photoshop”
can be analyzed as:
(exists (application “Photoshop”))
the expression for the version "2.02" of the control panel "MacTCP" is analyzed as:
(is (version (Control-Panel″MacTCP″))
(version (string″2.02″))
)
finally, the expression:
modification time of Photoshop PlugIn″Picture Enhancer″is greaterthan time″10 January 1997″
will be analyzed as:
(is-greater-than (modification-time(Photoshop-PlugIn″PictureEnhancer″))
(time(string″10 January 1997″))
)
in general, the purpose of the parsing is to identify a series of method calls to be used. Procedures for analyzing non-contextual grammar into tree structures of expressions are well known (see A.Aho, J.Ullman, Principles of compiler Design, Addision-Wesley (1997)). The lexical analyzer will divide the input into a series of tokens (tokens). In the best method known at present, these tokens are of the form:
String is enclosed within a primed (") symbol and may be listed as printed ASCII characters.
[ Integer ] decimal digit string.
[ Minus ] "-" symbol
[ SumOp ] "+" symbol
[ PrdOp ] "+" symbol and string "mod".
[ RelOp ] > > <! The relational phrases "and", "or", "yes", and "no".
[ Phrase ] is a series of one or more words without quotation marks, which may be a sequence of letters and numbers arranged alphabetically and without embedded spaces. The phrases are broken down into retained phrases.
The syntax analysis is performed in a normalized manner according to the schedule for generating the grammar. In the best method known at present, the grammar is generated as follows:
    <Goal>           :=<Expr>    <Expr>           :=<Expr>or<AndClause>|<AndClause>    <AndClause> :=<AndClause>and<Relation>|<Relation>    <Relation>      :=<SumClause>[RelOp]<SumClause>|<SumClause>    <SumClause> :=<SumClause>[SumOp]<Product>                   |<SumClause>[Minus]<Product>                   |<Product>    <Product>   :=<Product>[PrdOp]<Unary>                   |<Unary>    <Unary>     :=[Minus]<Unary>                   |  [UnyOp]<Unary>                   |<Cast>    <Cast>      :=<Cast>as[Phrase]                |<Reference>    <Reference> :=[Phrase]of<Reference>                   |  [Phrase][string]<Restrict>of<Reference>                   |  [Phrase][integer]<Restrict>of<Reference>                   |  [Phrase][string]of<Reference>                   |  [Phrase][integer]of<Reference>                   |  [Phrase]<Restrict>of<Reference><dp n="d33"/>                |  [Phrase][string]                |  [Phrase][integer]                |  [Phrase]<Restrict>                   |  [Phrase]                |  exists<Reference>                   |  number of<Reference>                   |  [string]                |  [integer]                |  it                |  (<Expr>)    <Restric>  :=whose(<Expr>)
in the display, word represents the reserved word in the language and [ Phrase ] represents the Phrase and is defined by the above-mentioned lexical analysis.
Grammars can be used to generate parsers using a variety of methods (see a. aho, j.u1lman, Principles of compeer Design, adision-Wesley (1997)). These include automatic parser generators, such as YACC, which can generate automatic means that list-driven finite states and can recognize grammars. The table is built directly from the above listed generation formats, or it can be built recursively by manually and generating it from a grammar in a simulation module whose naming and internal structure simulates the structure of the generation grammar.
All such processes have the same basic results. New tokens are entered one after the other and compared to the current state; if present, the comparison is also made with the allowed patterns and the received command action list. The instructional actions may be interpreted as specifying the various steps of systematically building a tree structure of expressions. Typical actions are related to addition and multiplication (production) operations:
<Relation> :=<SumClause>[RelOp]<SumClause>
it can be rewritten with standard notation as:
$$=($2$1$2)
it can be read as follows: $ represents the result of the operation, $1, $2, and $3 represent the components of the sub-expression tree, and the brackets are the symbols delimiting the expression tree. This action will invoke a tree structure of sub-expressions that recognize < RelOp >. The result is derived by associating and comparing the left sub-expression with the right sub-expression in a radical manner. Here, consider the expression: the version of the control panel "MacTCP" version "2.02" and considers the state when the parser is trying to act on < relationship > with [ RelOp ]. The expression tree has been associated with the left sub-expression $1 representing Control-Panel "MacTCP" and $3 representing version (string "2.02"). The tree structure of the expression associated with the overall < relationship > is obtained according to the combination of the "is $1$ 3" model. Thus, the resulting expression tree structure can be expressed as "is (Control-Panel" MacTCP ") (version (string" 2.02 ")).
The way in which the multiplication and addition operations are linked is an appropriate form of describing how the tree structure is built. In some implementations, the tree structures can only be built in a hidden manner.
If the next symbol is of the allowed type, the analysis process will continue; if unexpected binding occurs, the parsing fails. Once the parsing fails, the notification will declare no relevance.
As with the best presently known methods for carrying out the present invention, various efficient methods are known at the time of parsing by the parser. Unlike other languages, if a clause is syntactically correct but uses a phrase that names a currently unknown method, the parsing process will fail.
With the best method presently known for carrying out the invention, each sub-expression takes on values of a strong pattern, which is previously known. Examples of data types include integers, strings, and Boolean values. Various methods are known for analyzing the input data pattern combinations. Any attempt to apply the forbidden data pattern will be detected as an error. If an error is detected, the notification declares no association.
After the analysis is successfully completed, an expression tree is built that includes a set of method calls and associated arguments, as well as associated data types for the arguments. The calculation of the expression is performed using a suitable method that is sent in a suitable order.
The calculation process may or may not succeed. The failure may be caused by, for example, over-utilization of system resources, failure to acquire a resource, an excessive amount of time to acquire a resource, or other reasons. Successful calculations will yield a boolean value or other value that is true or false. The notification is interpreted as having an association as if indicating that the computation was successful, with the result that the boolean value is true.
In particular, if a sub-expression cannot be interpreted as a valid linguistic expression, or the sub-expression attempts to apply methods to prohibited data types, or the sub-expression is currently unable to compute, the entire expression will fail and the notification will automatically declare no association.
Extensible language
The purpose of the relational language is to accurately describe the state, content, additional devices, and environment of the computer. This state will change as the user purchases new software and/or hardware, or new software/hardware is invented, and may also change due to a change in the domain of the problem the user desires to solve; such as personal finance, management of home computing devices, or other fields, etc.
Thus, the components of the computer state provided by the present invention cannot be predefined. It is desirable that the association language be able to augment future authors with the ability to express status about systems that are not presently contemplated.
In one embodiment of the present invention, the vocabulary of the association language may be augmented by an administrator and an author of a separate notification website.
In this embodiment, the associative languages may be augmented by developing libraries that are dynamically loaded and new vocabularies and semantics added to the language and/or by modifying existing vocabularies and methods. These extensions, referred to herein as checker lexicon, may be downloaded from the notification website and installed in the user's computer, thereby changing the meaning of the relevance language in the computer and allowing new notification groups to be interpreted on the computer.
These dynamically loaded libraries include declarations of new data types that must be added to the language, declarations of new properties associated with the data types, declarations of data types of particular nature obtained by objects of a particular type, and declarations of methods, etc.; i.e., executable code executed to obtain the characteristics.
Non-programming language
Unlike many languages used in connection with computer operation and/or maintenance, the association language is not necessarily procedural. In other words, the association language need not specify the manner in which various portions of memory operate. This is the descriptive opposite. The association language does not require the execution of conventional procedural processing such as looping, specifying, and conditional control.
On the contrary, handling these services in an expanded manner poses various security and privacy threats, which makes them more vulnerable to overlooking or wrongly written announcements that consume too much resources in computing.
Procedural processing services in the context of a relational language would not be available with the best methods known to practice the present invention. As evidenced by the examination described in the above grammar, the language has the following properties:
an unnamed variable
Description of unspecified
No function calls, or at least no explicit function calls with variable arguments (calls)
Loop-free or conditional execution
These surface differences between relevance languages and other general languages are based on the following points:
languages should ideally not have side effects on the computer or the environment, since non-participating computations are considered.
In order for a user to be confident, the user must be able to view the language by himself without adverse effects on the computer or the environment.
Descriptive language is not as generic as procedural language, it has no side effect phenomenon.
In general, the structure of the language and the observable restrictions must be able to deliver secure messages to the user.
The following discussion will address two major differences in relevance language from procedural language:
and (6) calling a function. The association language has method dispatches that correspond to function calls in some languages, but it has a more limited form.
First, there are unit methods and binary methods in arithmetic and logical operations: and the like, and the like. These operations can be viewed as unit or binary function calls, but have a very limited form and present little risk and resource burden to the well-known methods.
Second, there are unnamed properties, such as modification time.
Third, there are properties that have been named, such as the application "Photoshop".
The unnamed property may be considered a function call that is performed on an object, but is a pure call because no parameters are involved. In a typical scenario, a property is computed by taking a value from a particular data structure, which is generally not risky or burdened with resources. The named property can be considered as a function call of two variables; the first variable is an object, and the second object is an identifier for naming a string. However, these are also not very general operations, since in one implementation the string naming identifier itself is not a result of the calculation; therefore, it must be a string constant. The type of computation specified in the above manner is very limited. Similarly, in a typical scenario, named properties are computed by taking a value from a particular data structure, and are therefore not generally risky or burdened with resources.
Loop and conditional execution
The associative language does not have a "for", "while", or "if" statement, but does have limited repetitive operation. Which performs repetitive operations using a structure called complex nature. In relational language, the singular and plural referents are to be construed as a single referent and the plural referents, the first requiring the result of a single referent and the second requiring the result of the plural referents. In a typical case, the complex number is further defined as a secondary set using a whose () clause.
Some of the fine-grained meaning of the division may be retained using the plural-singular dichotomy. For example:
exists application“Photoshop”
meaning that such an application does exist; while
exists applications“Photoshop”whose(version of it is version″4.0″)
Meaning that there is one or more applications called "Photoshop" and the version number of one is 4.0.
In a second example, repetitive operations are performed on the system under consideration in a hidden manner on a collection of all applications called "Photoshop"; thus, the effect of the loop can be obtained without using conventional programming.
From the viewpoint of ensuring security and privacy, restrictions on language expression contribute to the security of language (see the following description). However, the purpose of designing a language is to make it highly expressive and highly functional. To obtain the same result, a traditional programming language must write hundreds of lines of code and refer to a specific function in the system lexicon, otherwise the result cannot be obtained.
If the services traditionally handled by programming languages are obviously available, this need can be met by extending the association language using the checker lexicon mechanism described above, as will be described in more detail below. This has two advantages:
efficiency includes a new checker added by augmentation rather than providing procedural services in an association language, which would yield more efficient results. The checker can typically get an efficient way of performing compilation that can relieve the burden of system resources when performing relevance evaluations, but the interpretation of relevance languages is typically slow.
Security includes a new checker provided by this expansion mechanism that allows the user to correct problematic situations. If a complex expression is used in many places and has undesirable side effects, it will be very difficult to correct. If the same codes are added together to form the checker lexicon, the user can identify the program code with a problem by using the relevance language to identify whether the checker is installed on the user's computer. In this way it is possible to write a different kind of announcement than one relying on the checker lexicon.
User accessibility
The association language may control the execution of the system on a large number of computers. Although not necessary, it may be highly desirable for a user to be able to read and construct an appropriate understanding for the relevance language in principle, but in most cases, few users choose to do so.
In the best way currently known for carrying out the invention, the grammar of associative languages is similar to the simple english grammar, wherein the main characters in the language are played by clauses formed by verbs such as "of", "as", "whose", etc.
The highly restricted nature of the language promotes user comprehension. Such a language avoids the need to default concepts of computer programming contexts such as arrays, loops, and conditional operations.
Checker lexicon
Constituent unit of checker lexicon
Conceptually, clause analysis of the relevance language results in a set of method dispatches (see FIG. 11), where some methods are invoked in some order according to a list of arguments. This operation is a process of performing a series of methods in a systematic manner. The method transmission is an important technical feature in the relevance processing.
The checker lexicon is a set of methods and associated interface combinations that allow methods to be installed in the notification reader. Due to the structure and computational process of the analyzer, the checker lexicon may comprise the following elements:
declaration of [ Phrase ] for relevance language
The association of the [ Phrase ] with a particular method
Declaration of new data types for the association language
Declaration of the calling prototype of the method. This includes the number of arguments provided to the method and the desired data type.
The method generates an announcement of the data type of the result.
Implementation of the method in executable form.
Declaration of a special hook (hook) called in an event and associated with the program code, for example: checker sender initiation, checker sender termination, start of loop that the checker sender primarily computes, and end of loop that the checker sender primarily computes.
The establishment and maintenance of a special cache associated with that particular method, and the declaration of a special hook associated therewith.
Implementation of the special event method and the cache method in executable form.
Conceptually, the checker thesaurus can link all computed announcements to the notification reader, which can cause changes to the notification reader's internal data structure to get new method calls.
These announcements will affect both basic data structures of the system. The first is a grammar list of all allowed phrases and related data types that it can act on given, and the resulting related data types. This is when performing semantic analysis. The second basic data structure is a method distribution list that provides a systematic way to determine the associated executable methods for a given phrase and data type. This is when the calculation is performed.
Object-oriented architecture
A convenient way to implement the above-described checker lexicon structure is to take advantage of the properties of modern object-oriented programming languages, such as C + +. In effect, the built-in nature of this programming language, i.e., object declaration, versatility, operator overload, etc., is the way in which certain phrases are declared, wherein the phrases have some degree of meaning when applied to certain data types, and the way in which the information is systematically managed. Other features, such as constructors, complex constructors and destructors, are ways to define some start time and end time program code bodies.
In the best way known to date for implementing the present invention, features of the modern object-oriented languages are used to provide features of the checker lexicon.
Expandability of
As noted above, in one implementation case, it is possible to install several checker thesaurus in the notification reader. The checker lexicon installed in this way defines a set of approved [ Phrase ], a set of data types that are permissible in the computation, and a set of methods associated with these data types in the association language.
In general, the association language can be constructed in a dynamic manner. In one implementation, the checker lexicon may be created by the notification provider and downloaded to the user's computer as part of the website synchronization. These thesauruses may be managed by the notification reader, for example, stored in a familiar location, e.g., in a sub-directory of the entire directory managed by the notification reader. The checker thesaurus in this directory may be linked to the notification reader when the notification reader is started.
When a link occurs, the announced program is called and new [ Phrase ] is installed into the semantic analysis list of the association language and associated with some method calls. The association language introduces the possibility of new descriptions in this way.
Hierarchical language definitions
Thus, the association language can be open ended and expanded in a layer-by-layer manner. Thus, to understand a fully installed system, the layers that have been installed are understood, as are the methods provided by the various layers. In a typical installation, the levels include the following:
the base layer: it contains the basic mechanism of clause estimation: some basic built-in phrases and related methods. It is desirable that the base layer of notification readers be the same on all user computers.
System specific layer: which is comprised of an operating system of some kind and provides features relating to a computer cluster and its attached devices and environments. For example, in one implementation, such a hierarchy may provide a method of obtaining the date and time, various document sizes, the contents of the PRAM, or the name of the attached peripheral device, etc.
Seller-specific layer: this potentially large set of layers is typically created by third parties that provide access to specific hardware device internals and software products. One can consider it as a potential author, ranging from products of hardware manufacturers (such as manufacturers of cable modems) to products of software manufacturers (such as Photoshop and Plugin), to service providers (America On-Line), etc.
Example (c): version checker
Described below is a checker for application data type version properties under a Macintosh operating system. The declaration of such a checker is as follows:
new [ Phrase ] added to the relevance language: a version;
new data type version, many of the examples described above have been described;
the various characteristics of this type of data that can be used under the Macintosh operating system:
the main revisions are as follows: the first digit field of the revision number.
Secondary revision: the minor field of the revision number.
Stage (2): a string of words, such as "Alpha", "Beta", etc.
The state is as follows: a string, e.g., us or france.
String 1: a string.
String 2: a string.
Method: in the form of executable code, the required information is obtained by opening a resource branch (fork) of the application and converted into the required data type in order to perform the above-mentioned features.
"World" new named property version, which selects an identification of a string property, such as "1.1" in version 1.1, and adds the version data type.
After installation, the checker allows the system to use a range of data types and characteristics, as shown in FIG. 14. For example, to check whether the beta version of the application version number 0.99 is used, one may write the following association clause:
Stage of application″Netscape Navigator″is″Beta″
and Minor Revision of application″Netscape Navigator″is 99
and Major Revision of application″Netscape Navigator″is 0
Special inspectors
As mentioned above, the augmentation mechanism of the relevance language has a powerful effect, namely as follows:
operating system checker
A special checker of the system may take advantage of operating system characteristics and allow notifications to be written to check for the presence and configuration of add-ons and other subsystems.
The following is a valid snippet written for the checker lexicon of the Macintosh operating system:
exists serial device″Modem Port″
the purpose of this fragment is to check if it is a Macintosh computer with a dedicated modem port, which is used to distinguish modem/printer ports. Basically, the serial device associated with the property of "World" is compatible with a variety of different devices. The identifier selects a device named "modem port" from a number of devices. If such a device is present, the calculation of the phrase is true. If not, the phrase is calculated to be false.
input name of serial device″Modem Port″is″.Aln″
This segment is to check whether the modem port uses a standard serial driver. The World property refers to the "Modem Port" as an object of the property input name. This fragment checks if it is equal to ". Aln", i.e. as is the normal setting of the Mac operating system.
Examples of other features and data types are available in the checker lexicon of the Macintosh operating system, including:
actual RAM: characteristic, integer value of World: the number of subsections of the installed RAM memory is stored.
Logical RAM: characteristic, integer value of World: the number of subsections of RAM memory and virtual memory are installed.
Virtual RAM: characteristic, Boolean value of "World": true if virtual memory is enabled.
PowerPC: characteristic, Boolean value of "World": true if the CPU is PowerPC.
System version: the property of "World" is that the data type is version: the version of the system currently installed.
Version of ROM: the property of "World" is that the data type is version: a version of the currently installed ROM.
These examples clearly show that one can write an association clause for a device, e.g. that has a small amount of memory, an expired ROM or an old system version.
Login checker
Modern personal computer operating systems, such as Windows 95 and Macintosh OS 8, all have special databases called registry (registry) that record a large amount of information about the system configuration and installation of specific software. The entry checker is a checker lexicon installed in the notification reader that makes the association language involved and calculates the characteristics of the entry database.
The following is an example on a Macintosh platform:
22=integer value of entry″APPL.interrupt″of entry″bandit″of
entry″Device Tree″of entry″devices″of Registry
the intent of this fragment is to enter the Macintosh name entry, find the "Device" entry, find the "Device Tree" entry in that entry, and pass to the next entry "bandit" and then the next entry "APPL. The resulting entry is converted to an integer value and compared to the code 22.
The login data may contain a large amount of information about its operation on the computer. The login checker makes all of this information available to the association language.
Preference setting checker
Typical applications used on modern computers, such as Netscape and Microsoft Word, have special databases called preference profiles that record a large amount of information about the configuration of a program. The preference setting checker is a checker lexicon installed in the notification reader, which makes the association language refer to and calculate the characteristics of the preference setting document for a particular application.
The following is an example:
assume that the web browser application "Netscape Navigator" has a preference setting document, which is associated with various content types. The secondary application knows how to handle the content type. For example, the auxiliary application accompanying the JPEG type of image document may be JPEGVIew, and the auxiliary application accompanying the x-pn-RealAudio type may be a RealAudio player.
Suppose a notification provider named RealAudio wants to make a notice to a user of a web browser setting error and provides it with an automatic correction of the configuration.
It is assumed that a checker can be set using the preference of Netscape Navigator, and the preference setting of Netscape Navigator becomes a World property after the checker is installed in the notification reader.
Then, the provider can target users who have RealAudio but have inappropriate website browser settings, and make announcements with the relevance clauses as follows:
exists application″Realaudio Player 4.0″
and exists application″Netscape Navigator″
and((helper name of entry″x-pn-realaudio″of entry″Helper Table″
of Netscape Navigator Preferences)is not″RealAudio Player 4.0″
the intent of this fragment is to access the Netscape Navigator preference setting document, find the "Helper Table" item, find the "x-pn-realaudio" item in the item, and obtain the associated auxiliary program name. The resulting item is a string and is compared to "RealAudio Player 4.0".
The preference profile of a modern software application contains a large amount of information about the behavior of the application, and the preference setting checker makes all of this information available to the associative language.
Database checker
Whether in an intrinsic or extrinsic manner, many users have a business database that stores information about the user. Examples include:
The database attached to the personal finance application: users who use "Check Free" and "Quicken" and similar programs in an intrinsic manner have a database on their device equipment.
Database attached to small office suite: the user who operates the small-sized enterprise has a customer database, a supplier database, an accounting database, etc. on his computer.
The database checker is an extension of the basic association language, whose purpose is to allow the association language to access fields in the database. An example of a grammar is as follows:
numeric field″CURRENT BALANCE″of FoxBase Database
″Personal.DBF″<0
the purpose of this fragment is as follows: the notification provider attempts to contact the user using the CheckFree program. Users of the CheckFree program have a database built by FoxBase on their computers, which is identified by personal. This segment attempts to contact the database to refer to users whose current account balance is negative. The semantic meaning of this calculation depends on the execution of the FoxBase database checker.
Assume the way of operation is as follows: dbf is placed in the main storage of the user's computer, which is interpreted in, for example, FoxBase format, and the field named "CURRENT BALANCE" is obtained. This segment then compares the obtained value with 0.
It should be noted that if the user does not have a database of the type indicated, the clause will fail the analysis or be miscalculated. In either case, it will not be declared relevant. This eliminates the need to worry about checking whether a certain type of software is available for use in order to define such a type of clause, using a lengthy preamble. Failure to analyze may occur because the user's computer does not have the FoxBase database checker installed. A failure to compute may occur because the personal.
One application of the present technology is in the field of technical support. Suppose that the notification provider issues software that is able to build and manage a database like CheckFree, and wants to help the user maintain the updated state of the database. The notification provider may make announcements regarding general problems with the user's database, such as the user forgetting to start the database with the correct balance. These announcements alert the user to the problem and provide a solution to the problem.
User profile checker
The present invention may maintain one or more user profile documents, including identifying phrases and associated settings.
The user profile checker is a checker lexicon installed in the notification reader that allows the association language to reference the data stored in the user profile document. With a high degree of abstraction, the types of functions used by the database checker or entry checker are the same, differing only in the database being checked.
To illustrate the manner in which such a checker is used, assume that one wishes to acquire the user with a Zip code in the form of 947 XX. Assuming also that the user profile has a variable called Zip code, the following relevance clause:
947=(value of variable″Zip Code″of User Profile as integer)/100
the required functionality will be provided. The meaning of the above clauses is as follows: the profile of the user is checked, a variable named Zip Code is obtained, and the resulting integer is divided by 100. The last decimal is removed during processing and the remaining three-bit integer is compared to 947.
In one implementation, the user profile is a dynamically augmented database, and new variables are added according to the needs of the notification provider. One mechanism is to provide notification providers with a template document that describes a set of variables that the notification providers plan to take into account and want to specify by the user. The template document is deposited at a notification website and automatically collected when the synchronization operation is performed. The template document is used to drive an editing module located on the user's computer, and provides the user with a set of template variable names and a set of their current settings, which are blank if not previously defined. The user can then fill in blank fields and edit other fields. In this way, the variables that the provider wants to define can attract the user's attention and be edited.
Associating a partial profile of a user with a particular notification website in the manner described above is referred to as a website profile. Announcement of association clauses:
not exists Data file of site Profile
it is checked whether a website profile has been enabled on this website. If not enabled, the notice should indicate with human-interpretable message content that the notification provider desires the user to fill in user profile variables needed to modify the notification functionality associated with the website. Furthermore, as with computer-interpretable content, it should invoke the editing module and provide the user with the opportunity to edit new user profiles using new templates.
Announcements with the following relevance clauses:
Modification Time of Data File of site Profile<
Modification Time of Template file of site Profile
it will be checked whether the website profile has been updated since the last new template document. If not, the notice should indicate with human-readable message content that the notification provider desires the user to add new user profile variables to modify the notification functionality associated with the website. In addition, as with computer-interpretable content, it should invoke the editing module and provide the user with the opportunity to edit using the new template and old profile.
Remote checker
In principle, the checker lexicon may also let the association language check the characteristics of other communication devices. These characteristics include:
remote physical measurements: other devices are required for measurable information, which may include location, temperature, voltage or process status, etc.
Remote device query: asking other devices for information about itself and its status.
Remote calculation: the result of the calculation, for example, a calculation set by a formula and a program, or a character set (script) provided by a checker, is required to other devices.
Remote database query: other computers with databases are required to answer queries about the contents of the databases.
Remote relevance invocation: the relevance clause is passed to another computer and the results computed by that computer in its environment are retrieved.
The following is an example of remote physical measurements. If a checker lexicon is provided that defines a property of World, called the Internet atomic clock, the atomic clock can query the authoritative timer via Internet protocol and return the results to the time data type in the association language. Given that it also defines a World property called the system greenwich time, which can be given a greenwich mean time equivalent to the system clock. The following relevance language sets incorrect users for system time:
abs((Greenwich Time of Internet Atomic Clock)-System Greenwich Time)>time″10 Seconds″
The following is an example of remote device querying. If a checker lexicon is provided that defines a property of World, called a network Postscript printer, then the network Postscript printer can query the currently selected printer to determine if it is properly set. A valid association clause is as follows:
Model of Network Postscript Printer is″Laser Jet 5″and
ROM Version of Network Postscript Printer<version″2.0″
the clauses are directed to users of Laser Jet 5 printers that own legacy ROM.
The following is an example of a remote database checker. Suppose the notification provider is a large organization, the users served by the large organization are employees, and the employees have small handheld computing devices and store important data on remote computers, and the remote computers and the small devices have a trust relationship established by a security data exchange program. Meanwhile, it is assumed that organization data used by employees can Access data through a Lightweight Directory Access Protocol (LDAP) database on the Internet (see w.yeong, t.howes, s.killer, LDAP (Lightweight Directory Access Protocol 1), Internet Standards Track RFC 1777 (1995)). The notification provider wishes to provide a notification that specifies a plan situation for which employees are assigned, which notification, although not available from the palm-top device, is available by querying the LDAP server via LDAP. In addition, the notification may refer to a status about the employee, and the message may only be available from the palm-type device.
The provider develops a checker lexicon that can access data located on the LDAP server, and a checker lexicon that can access data on the palm-type device. It is assumed that the installation step of these checkers includes setting up an LDAP query with the appropriate password and user name. One valid association clause is as follows:
sponsor of assigned project of Employee LDAP record is″U.S.
Government″and(per diem charges of current daily expense of
Employee Handheld record>35)
the intent of this segment is to retrieve a certain data item from the LDAP database associated with this employee, and the sponsor name is compared to "u.s.government". If the above condition is satisfied, the current travel record is inquired by daily account.
This process provides an anonymous and proactive targeting of employees listed in an organized database, wherein the daily rates of the employees are lower than their expenses. Thus, the present invention provides a method that can check a travel bill prior to submitting the bill.
The interface specification of the remote system will raise an important issue. One of the technical features is that a trusted relationship must exist between the user's computer requesting the remote service and other devices or computers that meet their requirements in order to make an automatic assessment of the association. In some cases, the communication process must be encrypted. The extent to which the resources are used must be monitored. Furthermore, digital authentication must be available in some situations. These issues can be addressed by well-known mechanisms.
The notification process provided by the notification provider can not only refer to the characteristics of the user's computer and its environment, but also access the characteristics by querying the user's computer, and establish a novel communication protocol, i.e., a personal information access protocol, as described below.
Checking program work record document
Many computer software applications and processes maintain one or more documents that contain a history of the execution of the process or processes. Standard examples of such work record documents include: the execution work record saved by the mail server and the log-in background execution program, the backup work record saved by the backup software, and the error work record saved by the user program.
The program work record checker is a checker lexicon that can be installed in the notification reader and allows the associated language to reference data stored in one or more work record documents. With a high degree of abstraction, the types of functions used by the database checker, log checker, or user profile checker differ only in the database being checked.
This checker thesaurus defines the access method for letting people get the main data items from the work-record document.
As an example of how such a checker may be used, assume that a user executing a GraphMaker application is expected to be contacted, wherein a work record document generated by the GraphMaker contains error data items including error code 93456.
Further, assume that the error code indicates that a PostScript printer cannot process documents output by GraphMaker. It is desirable to be able to contact the user in the above situation and inform about the solution to the problem. Assume that GraphMaker can use a checker lexicon on its notification website that can perform a set of methods related to a central data type, called GraphMaker fault log. Assume that the GraphMaker fault log is a property of World when the checker thesaurus is installed in the notification reader. Also assume that the GraphMaker fault record has a property called a data item, and that the result of this property is the object of the GraphMaker fault record data item type, and that the data item has a property error code and an error message, which can generate integer and string data types, respectively. Then, the following clauses:
exists entries″Error″of GraphMaker error log whose(Error Code of
it=93456)
may provide the desired functionality. The meaning of this clause is as follows: the document associated with the GraphMaker fault log is found and opened, and the document is searched for incorrectly typed data items rather than warnings. The data items are checked to determine whether any of the data items are associated with the type of error code indicated.
This allows technical support agencies to develop processes for maintaining complex products in the field, where:
the manner in which the product is developed is such that exceptional conditions can be identified and recorded;
the job record is developed and published on the notification website; and
the manufactured bulletin may examine the work record to identify and correct problematic conditions.
In this way, the technical support means can target the user in case of some program errors.
Inspection notification system
Informing the reader to keep subscription information and announcement groups; in one implementation, it may maintain a working record indicating a history of relevance assessments as well as automated solutions.
The notification system checker is a checker lexicon installed in the notification reader that allows the association language to reference data stored in and managed by the notification reader itself. With a high degree of abstraction, the types of functions used by the database checker, log checker, or user profile checker differ only in the database being checked.
This checker thesaurus defines the access method for letting people get the main data items from the important elements of the system:
Subscription database: the presence or absence of certain subscriptions, the addresses of notification websites associated with certain subscriptions, the synchronization schedule associated with certain subscriptions, the digital authentication associated with certain subscriptions, and other attributes of interest to a person.
Notification database: the database is notified of the presence or absence of certain announcements. Informing the database whether a certain advertisement has an association. And informing the database of the existence or nonexistence of a certain author. Informing the database of the presence or absence of a certain topic.
Notify reader work record document: a web site has been subscribed to at some time in the past. Whether certain checking conditions exist; for example, an advertisement may be discarded for evaluation because the time to evaluate the advertisement is too long. Relevance of a certain announcement at a certain time in the past. At some past time, the user accepts an automated solution operator associated with a notice.
Notify reader configuration: some inspectors are installed. Informing the reader of the operating parameters. User preference setting.
As an example of how such a checker could be used, assume that in month 1 of 1998 a special insert was published which modifies the GraphMaker application. It is assumed that most users who install the insert are known through the announcement process described herein. It is desirable to contact the user executing the GraphMaker application, which installs the plug-in code to the GraphMaker application at a time in the past through the notification. This is believed to be due to the improved insertion codes already available.
A complete strategy for the above situation can be to make a variety of announcements. The policy may be to make announcements to users who are currently subscribed to the notification website. This is a common implementation and is accomplished using the mechanisms described above. However, the complete strategy also includes making three other types of announcements, ultimately to other users:
first, a policy is made for a user who no longer subscribes to the notification website, and the user has done an action of no longer subscribing in the past. Such announcements may be sent by various means other than the formal subscription mechanism proposed by the present invention, such as through the services of the UngetAdviceNet. This announcement would check if the GraphMaker has been installed and if there is no active subscription to the GraphMaker notification web site, and then check on the working record generated by the notification reader if the GraphMaker notification "98/1/08-1" has a previous association and if the user has accepted the proposed solution. All users informed that they have an association will likely re-subscribe to the notification website; after the re-subscription, the user receives instructions to update the insertion code.
Second, the policy makes an announcement to users who never subscribe to the announcement site and never receive earlier announcements. This announcement checks whether the affected GraphMaker version has been installed and then checks whether the current subscription database shows no active subscriptions and whether the working records show no previous active subscriptions. All users who are informed that they have relevance will likely subscribe to the notification website; after subscription, the user receives instructions to update the insertion code.
Third, the policy specifies an announcement for users who have otherwise subscribed to obtain a copy of a previous announcement, and who still subscribe to the notification database. Such announcements are not automatically deleted by the website synchronization because the announcements are not accompanied by the notification website of origin. The announcement may identify the existence of a notification database of the old announcement. For all users who are informed of the association, firstly the active announcement will not be publicly announced by the author, secondly the user may subscribe to the website, and finally the user will receive instructions on updating the insert.
It is desirable to inform readers of the installation of inspector thesaurus that implement a set of methods for three central data types, and are referred to as an adviceNet subscription inspector, an adviceNet notification inspector, and an adviceNet history inspector.
With these checkers, one can target users who have used the solutions proposed by the bulletins, but currently the user is not subscribed to:
exists application″GraphMaker″whose(version of it is version″1.01″)and not exists entry″GraphMaker″of adviceNet Subscription inspector andexists entry″relevant″of adviceNet History inspector
whose(author of it is″GraphMaker″and
identifier of it is″98/01/08-1″and
adoption status of it is″Accept″)
with the above-described checker, one can also target users who have not subscribed:
exists application″GraphMaker″whose(version of it is version″1.01″)and not exists entry″Subscription″of adviceNet History inspector
whose(name of it is″GraphMaker″)
using the above-described checker, one can also target users who receive notifications using other methods:
exists application″GraphMaker″whose(version of it is version″1.01″)and exists entry″Advisory″of adviceNet advice Database
whose(author of it is″GraphMaker″and identifier of it is″98/01/08-1″)
these inspectors enable technical support agencies to develop procedures for maintaining bulletin populations and apply to results of prior bulletins with/without employment.
A second type of instance is about notifying the provider RealAudio that it wants to make an announcement, e.g. it can check whether a particular checker has been installed and whether it is the correct version, since the notification is dependent on the result of this check. Assume a checker lexicon is provided that, when such a checker is installed, it can add an adviceNet configuration as a World property. RealAudio can advertise on its website using the following relevance clauses:
not exists inspector library″Netscape Preferences″of adviceNetConfiguration
The clauses can enable people to check that the checker lexicon is not installed. The human-interpretable message content is an interpretation that aims to enable the real audio notification to operate properly, and the user should obtain the appropriate examiner from the Netscape website. Further, it may be served by the following clauses:
version of inspector library″Netscape Preferences″of adviceNetConfiguration is not version″1.0″
for targeting users whose checker lexicon is version-wrong.
Such a checker allows the technical support agency to determine that the notification reader is set up in the correct manner and to use the notification provided by the technical support agency.
Change
Other transmission mechanisms
Thus far, the discussion herein has focused on a single mechanism for transmitting advertisements. In fact, in many cases, one may employ or wish to use other methods for transmission. Some modes of transmission include:
notification with actual transmission: notifications to the user's computer may be copied from floppy disks, compact disk read-only memories (CD-ROMs), or similar physical transmission media.
Notification by email: the announcement may be part of an email message from another user or a notification provider.
Notification with USENet: the announcement may be part of a news message disseminated via the USENet protocol, which is posted by another user or notification provider.
Notification with private proprietary agreement: the announcement may be part of a message that is disseminated through a private proprietary protocol.
Notification with document transfer: the announcement may be obtained from another device by document transmission using an application other than the notification reader, e.g., the user may click on a hypertext link through a web browser to download the announcement document. Alternatively, an application may be directed to downloading a notice, and without user control, using FTP or some document sharing protocol.
There are three different procedures for handling notifications through one of the following paths.
Join notification database: notifications are added to a notification database that exists and continues to be tested for relevance.
Condition assessment: when a notification is turned on, the notification will be evaluated for relevance, but will not join any permanently reserved group. When the notification is closed, the announcement does not interact with the system. This type of notification is part of a manual check, for example, where it occurs only once.
Reserve: the notification is stored on the storage device of the user's computer for future use. This means that at some future time the notification will be added to the notification database, i.e. the notification will be evaluated once in the future.
The possibility of condition evaluation, i.e. condition evaluation, is performed with special notification (see fig. 16). This approach can be used to build very complex summaries of announcements that are only activated when a user has a particular need or a particular situation occurs.
Other types of transport mechanisms that are used in the technical support field are as follows:
notification before purchase: the notification digest is made available to the user's computer as part of a new software or hardware process for purchasing the user's computer. This collection process may be by actual transmission through media or by email; for example, the user may retrieve the summary from a shopping website. When the reader is notified to process the summary, it will calculate the hardware condition of the user's computer and inform the user of the suitability of the various possible purchases. This process is typically performed only once.
Notification of installation: notification summary 160 may arrive at the user's computer as part of the process of installing new software or new hardware on the user's computer. This new software may be either actually transmitted over medium 161 or electronically transmitted 162. The new announcements may be used as part of an auto-launch process whereby subscriptions may be launched in an automated fashion, with announcements being placed in the notification community as a way to launch the near-end sitemap. Selective synchronization of the user's end with the notification website may also be initiated 163. The user reader starts a notification summary 164 and evaluates the relevance 165 of the notification. The bulletin shows an optional solution 166 and the user will respond to the bulletin 167. The system executes a standard installer 168 and enters a subscription post-installation notification website to collect post-installation announcements 170.
Problem debugging: the notification summary may arrive at the user's computer as part of the process of installing new software or new hardware on the user's computer. However, this summary is not used during the installation process. Instead, the digest is copied to the computer's storage device. Later, when a problem occurs, the user is informed to turn on the summary in a variety of ways. After the boot is complete, the user will notice various announcements that apply to this particular situation and hardware/software/environment configuration. After the entire event is over, the notification will be turned off and perhaps reused at some future time.
Other notification mechanisms
The announcement may be presented to the user in other ways through an interface other than a generic notification reader. For example:
through notification mailboxes in other applications: when using another application, the user may be informed of the existence of the relevancy bulletin. Such notification utilizes mechanisms appropriate to the application. For example, when the user is engaged in another action, such as watching a movie, it may be informed to the user in a non-obtrusive manner, such as picture-in-picture (pip-in-picture) or the like.
By desktop/screen saver: when the user does not use the application, it may be informed of the existence of the relevancy bulletin. The notification is presented in a predetermined manner. For example, the desktop has an animated image that describes the existence of the association bulletin. In another example, the screen saver may present animated content whose status indicates the status of the device, such as subsystems affected by the bulletin.
By email: the user may be informed of the existence of the association bulletin through electronic message transmission of an email. This includes a text summary indicating the number and type of association bulletins, as well as the number and type of system elements affected.
By messaging: the user may be informed of the existence of the association bulletin by electronic message transmission and driving another form of information transmission. This may include standard communication devices such as pagers, telephone and facsimile communications. For example, when a user's device is connected to the computer environment in the home, the present invention will check the characteristics of the device and page the user with an emergency message. If a bulletin is written to query the temperature at home, the bulletin becomes relevant when the temperature is too high or too low. Assuming the association bulletin is set to a numeric and alphabetic paging scheme, the user is paged and indicates that the temperature in the home is above the normal range.
Frequency of relevance assessment
As discussed so far, the relevance evaluation is a procedure executed by the notification reader. Typical embodiments will continue to evaluate all notifications in the notification data to evaluate their relevance, measure total CPU resource usage, and continue to measure resource consumption at intervals (e.g., 1 second) that remain below a certain fraction of available CPU time.
The exemplary embodiment allows the user to be involved in three ways:
first, let the user set the parameters for controlling the CPU resources in the continuous computation.
Second, allowing the user to focus the announcements to a particular group that is evaluated according to a different schedule. For example, the group that is manually operated is evaluated only in the manual case, and the group that is at night is evaluated only at the evening hours designated by the user.
Third, the user is allowed to manually set the time of evaluation for individual notifications, while prioritizing the parameters of all group members.
The above-described processing method has a number of important changes:
jump evaluation: in some circumstances, it may not be necessary to evaluate all notifications in a group, but rather to pass all notifications through the group. For example, notifications that require very long evaluation times may be skipped periodically, or based on CPU usage of other applications executing on the user's computer. An unevaluated notification will maintain its original state as evaluated.
Time scheduling according to the author's recommendations: in one implementation, the author of the ad can specify a time schedule for relevance assessment. The author may include in the bulletin document an Evaluate-When entry specifying a time schedule for evaluation. The options may include periodic time schedules for relevance evaluation, conditions for relevance evaluation, or known notification populations with standard evaluation time schedules.
Scheduling according to analysis of the notification reader: the process of evaluating the association is similar to executing various programs on the computer operating system. Using the conventional operating system scheduling concept, one can assign priorities to the advertisements and lower priorities to certain programs. The above-described procedure of skipping evaluation is a special case of such processing.
Change in relevance evaluation
Simulation of the situation: in some situations (see FIG. 17), it would be useful if the user could simulate the evaluation of notifications in an environment that is different from the actual occurrence.
In the implementation of a notification reader, a method is provided for simulating a condition that has not been achieved. This informs the reader of the change on the sender of the method call. In this variation, the name of the method and the type of data called are compared to the simulation table 172 in the proxy layer 173 before the method is sent. The user may edit 171 the contents of the simulation table. If there is no match, it is sent in the normal way, i.e. the announcement received by the expression tree calculator 174 is sent by the method sender 175. If a match occurs, the transmission will be idle and the value of the method will be obtained by looking up the relevant cells of the simulation table. In either case, the results are passed to the system through the proxy layer, such as to the system checker 176 or the log checker 177.
The above implementation allows the user to simulate the situation. The user may take precedence over the general association evaluation by editing the simulation table and the names of the installation methods and the types of the reference arguments and the return correlation values.
In the above manner, there is a tool available for:
the existence of devices that are usually connected but cannot be used at present;
if the user's computer has undergone some change, and has not actually made a change, then a determination is made as to whether a notice or a group of notices has failed (i.e., is unrelated).
Determine if installation of a product causes certain announcements to be made with relevance.
This approach has a number of other applications:
user screening: this is an implicit assumption that users will typically want to check relevance announcements from all web sites. In practical situations, users may be interested in the screening of announcements and focus on items from a particular website; from a particular population, it focuses on presenting announcements of key markers in refls-to or Solution-effects. Trust enhancements the present invention provides a powerful tool for linking notification users with notifications provided by notification authors.
In certain circumstances, the present invention must be aware of security and privacy rights. For further discussion of security and privacy concerns, please refer to the following:
connecting to the notification provider and notification user over a public network (e.g., the internet);
typical notification of the user to the general public; and
notification providers are large corporations or other businesses that need protection and enhanced image.
In such environments, it is important to consider that public networks are widely viewed as unsafe and to provide tools that allow both users and providers to act in an intelligent manner.
The communication process disclosed herein is designed to support notification to both users and notification providers to enable both to perform intelligent actions. The basis for this process is that the user should only interact with trusted providers; in this regard, the present invention provides techniques that support users in assessing reliability and support providers in maintaining reliability status.
Importance of trust
In general, a reliable notification website has many features:
quality: the motivation, conception and execution of the user perception notification are all good.
Safety: the user perceives the notification as safe, non-injurious, and attempts to assist and carefully test and liability maintenance.
Privacy: the user perceives that the notification has privacy, where there is no intent to snoop or eavesdrop, and attempts to maintain privacy and carefully designed and accountably maintained.
Relevance: the user perceives the notification as a tightly targeted lock in its association and does not attempt to target a wide range of users in a message broadcast fashion (this is known as "canned pork" (spamming) in other forms of communication, i.e., the same message is delivered to a large number of users who do not require the delivery of the message), and attempts to focus on understanding the needs of a smaller group of users while being carefully designed and accountably maintained.
The present invention provides a number of technical tools that facilitate open communication between users and providers to direct appropriate trust attributes. In one implementation, the present invention provides mechanisms that allow interested providers to increase their confidence level and allow users to know how to distinguish between reliable and unreliable providers:
Disclosure content: the notification provider may reveal the potential effects of the notification and describe the experience during testing or at the factory.
It was found that: the notification user may be informed about the potential effects of the notification, as well as about the experience of others utilizing certain providers or notification websites.
Feedback: the notification user can make comments for the particular notification that he or she has used.
Correction: the notification provider can revoke the notification of the error.
Authentication: the notification provider can seek authentication of its own website in a secure and efficient manner through an external rating service. In addition, the notification reader can isolate notifications that do not meet the user-specified specifications.
The above mechanism will be described in detail below.
Disclosure mechanism
The invention allows the user to describe the potential effect of the notification in human-interpretable message units, as well as the experience of the provider in the middle of the test or from the user's feedback.
With the various disclosed methods, the notification provider is able to gain trust and visibility for the user.
In one implementation, the provider provides a more formal description of the document and monitoring of the effects of the notification, so that the notification provider can reveal the disclosure of keywords from the names of the potential effects to the prototype.
A central authority (e.g., Better service Bureau) publishes a list of registered keywords that describe the user's computer's subsystems or its environment that may be affected by solution suggestions, or solution suggestions that may affect personal privacy. In making the notification, the notification provider utilizes the above-described mechanism to reveal the potential impact of the proposed Solution, which is accomplished by the prototype key in the Solution-effects header column.
In one implementation of the notification reader, these keywords are available for querying and indexing, and relevance is evaluated as its ancillary function.
In one implementation, user-friendly features may be supported that utilize various filtering functions of the client based on these keywords. For example, when a user is annoyed by a large number of announcements by temporarily removing a CD-ROM, the present technical features can be utilized to simplify his life. The user can declare in the keyword field that all announcements referring to the CD-ROM are not relevant and then remove the CD-ROM. In this manner, the user will not see the announcements even if they exist, which would normally be caused by not installing a CD-ROM. For other mechanisms, please refer to the above description of simulation situation.
User confidence may also be supported by client filtering based on these keywords. For example, assume that the keywords that can be used reveal the identity of the user to the provider. In this case, the provider reveals the effect of the message when using the technical features. Due to policy, a user who does not participate in a market survey or similar information gathering announcement would specify that the announcement containing this keyword is deemed to be unassociated. In this way, the provider exposes the announcement to its obligations, and the user who trusts the provider only checks for important messages in return.
Discovery mechanism
In typical embodiments, the notification user may first inform itself of the potential impact of the notification before applying the suggested solution operator. Some functions have been achieved using current internet technology. The user may query other websites and search engines to see if there is news about a notification.
The present invention extends this mechanism by a special internet server, called Better advicebuseau. The Better service Bureau serves as a central check of information about the effects and side effects of notifications. The user can query the Better Advice Bureau at any time and request recorded comments for a particular bulletin or website.
Feedback mechanism
In an exemplary embodiment, the notification user may provide feedback to the notification provider and other users describing the experience of using the notification. Some functions have been achieved using current internet technology. The user may use email and USENet newsgroups to inform other users about the experience of using a certain announcement.
In one implementation, the present invention extends this mechanism by a special internet server, called Better services Bureau. The Better service Bureau serves as a central check of information about the effects and side effects of notifications. The user may submit a particular announcement or recorded review of the website to the Better Advice Bureau website (described below) at any time. The Better service Bureau may transmit these comments to a notification provider that can respond to them. In one implementation, BetterAdvice Bureau eliminates the user's identity data prior to being sent or posted, thereby protecting the user's identity. The Better service Bureau compiles all the information submitted by the user and stores the provider's responses together in a database that can be queried over the network.
In one implementation, the notification reader may provide for direct access to this technical feature by incorporating an easy way of automatically creating a standard bulletin display of the bulletin, and submitting the bulletin to the authority at BetterAdvice Bureau. For example, a button is provided as part of the notification browser window. By clicking the button, a sender window will open the addresses of the sender and recipient, with the announcement number and the provided subject matter. The user can then record comments about a notification at any time by a one-click selection.
Correction mechanism
In typical embodiments, the notification provider is able to recall notifications of publishing errors. This is accomplished by removing the notice on the provider's notification website. The announcements will automatically disappear from the user's computer when the subscribed notification reader synchronizes with the provider's website over time.
In some circumstances, the above-described process is not an active solution. For example, certain announcements may be disseminated by devices other than the notification reader/notification website mode. Since some users may have such announcements in their notification group, but do not have related subscriptions, they need contradictory announcements to handle. Such announcement is made as a notice against another notice. Using the checker thesaurus as described above, when a user computer has a particular notification on its primary notification group, it can be written with an associated announcement. A typical version of this announcement is as follows:
The advisory 40139 which we released on 5/31/98 has been recalled,andwe recommend that you delete it from your advice system immediately.
If you agree to this,click the<DoIt>button below.
(signed)<Authors Name>
Such contradictory notifications are submitted to UnrgentAdviceNet for dissemination, a special notification website to which all notification readers subscribe. The notification will be quickly disseminated to the user.
In summary, the present invention provides a program for processing an error notification as follows:
remove the wrong announcement from the notification website.
Write an opposite post and submit it to UrrgentAdviceNet.
Write a better announcement.
Put the better announcements on the provider's notification website.
Authentication mechanism
A technique for further acceptance of usage announcements and related solutions by users eliminates the burden of individual users in determining the reliability of messages. One method for implementing the above technique is provided by a central website located rating service that services the notification provider according to known privacy and security criteria and authenticates the notification. According to The currently existing website agreements (see Khare, Rohit, digital Signal Label Architecture, The World Wide Web Journal, Vol.2, Number3, pp.49-64, Oreilly (Summer 1997) http:// www.w.3. org/DSIG), there is a method for setting up URL ranking services by a trusted authentication message community to authenticate The properties contained in an information source claimed by a ranking authority. The alleged reliability, i.e., that the notification is indeed authenticated by the service and not provided by imposters, is established on standard authentication and encryption devices. The use of the above techniques to establish a rating service on a central website (such as the following Better service Bureau) to demonstrate that a notification operates as a generally acceptable advertisement can be used to protect the identity of an individual and generally has good results. The author of the notification would submit the publications seeking reliability certification to a certification authority which would then study the messages and decide to agree to certify some of the messages. Authentication, as used herein, means that a particular hierarchical entity, according to known standards, attaches an indication to a message that the message is indeed declared to have certain attributes by the relevant entity.
In one embodiment of the invention, the user can choose to use one or more of the hierarchical services in an integrated manner. This function is as follows:
the rating service uses a known format, such as PICS (see Khare, Rohit, digital signature Label Architecture, The World Wide Web Journal, Vo1.2, Number3, pp.49-64, Oreilly (Summer 1997) http:// www.w3.org/DSIG), for specifying The rating of The source, such as The notification website and individual announcements.
The rating service may publish a list of descriptive keywords for use in a rating system, such as BAB-Privacy-Standards-combiant, or not affect the document system.
The rating service marks individual announcements using its self-defined marking system and inserts these marks into the announcements as rating blocks according to a standard marking format, such as PICS.
The hierarchical service attaches tags to the description documents of the web sites using its self-defined markup system and inserts these tags into the description documents of the web sites as hierarchical blocks according to a standard markup format, such as PICS.
The class block is interpreted and authenticated by a cryptographic signature mechanism associated with the service and with a portion of the hierarchical marking standard.
Notify the reader that the user interface has been expanded to include a new element, i.e., an authentication administrator. The component allows the user to make an assessment of the relevance of the announcement only under the certification of a trustworthy privacy tier and with user-acceptable properties. For example, a user may quarantine postings that are not certified by Better adviceburgaue-BAB-Privacy-Standards-compent, trusting postings used on their system and not revealing information to the outside without violating their Privacy.
The authentication administrator has two defined roles (or called roles):
the induced demand of the user: the authentication administrator plays an important role in performing authentication, providing a selectable list of potential hierarchical services to the user. When a service is selected, the certification administrator retrieves a defined list of ranked keywords from the URL of the ranking service and allows the user to design a filter by specifying that certain keywords or combinations of keywords must be included (or excluded) in reliable messages.
Enforcement policies: the authentication administrator is also responsible for analyzing and verifying the hierarchy associated with individual messages and isolating messages that fail authentication or do not contain attributes desired by the user.
Privileged web sites
In one implementation, the notification reader presets three privileged notification websites via a hardware wire subscription. These built-in subscriptions play an important role in ensuring the security of the present invention: which together with the present invention constitute the immune system.
advisories.com
Com is an information web site and FTP (document transfer protocol) web site, which are operated by notifying the producer of reader software. Such a website allows users worldwide to obtain messages and updates about the system, notification readers, and any software, or updates to the communication software of the present invention.
Com is also a reliable web site that disseminates subscription messages. Digitally authenticated web site subscription documents are found on many of the major notification web sites on the internet. These web site subscription documents are issued through a digital signature mechanism that automatically lets each notification reader know about the copy. This may provide an important security function. That is, as explained below with respect to security, it is important that a well-known and reliable website be available as a source of correct information when a subscription is first initiated. Com, the user has some degree of confidence to ensure that he can get the correct subscription information and is not easily harmed by various security problems.
Com is also a website that distributes and makes information, especially planning and making routines. Two particular conventions have been proposed:
keyword reconciliation: this relates to the way in which notification authors can use announcements to reveal the potential effects of notifications on a user's computer, device or environment. Com web site can get the list of the keywords currently used.
Planning of user profile variables: this relates to a mechanism by which new variables can be added to a user's profile through different notification providers. Com web site can get the list of the format and propagator of the variables used at present.
BetterAdviceBureau.org
Betteraddvicebureau.org is a web site on the internet that has both web page information and notifications. The web site is dedicated to the maintenance of the communication protocol for civil communications.
The betteradvicebureau.org website describes the principles of system operation, why the system is useful, and why security and privacy are to be protected. In addition, the website describes known risks and suggests procedures to interact with the system. The website serves as a clearinghouse for the user to complain about the operation of the bulletin and as a place for the user to study the experience with respect to attempting to apply a certain bulletin.
Betteradvicebureau.org notification website is a website to which all notification readers subscribe. The web site issues a notification called override or objection against the bad notice or bad web site. With this device, the user can be informed of the dangerous situation in the notification program from the viewpoint of security and privacy, and take corrective measures.
Betteradvicebureau.org is also a web site that disseminates rating information, particularly certain rating conventional announcements as described above. There are methods of ranking resources that are typically hosted on a Web site according to The judgment criteria provided by The ranking service (see Khare, Rohit, Digital Signal Label architecture, The World Wide Web Journal, Vo1.2 Number 3, pp.49-64 Oreilly (Summer 1997), http:// www.w.3. org/DSIG). In one implementation, the functionality of the Better Advice Bureau serves as an authentication tool for privacy, security, and usefulness of individual announcements. In this role, BetterAdvice Bureau incorporates certain specific rating blocks into individual advertisements according to a known rating format (e.g., PICS) and rates the advertisements. The Better service Bureau also publishes the information needed to interpret the blocks on its web site, including:
A list of descriptive keywords used in a hierarchical System, such as BAB-Privacy-Standard-compent or do Not Affect the document System (Does Not affinity file System).
Public key information related to the authentication process.
UrgentAdvice.net
The urrgentadvicenet can quickly deliver announcements to all announcing users, which cautiously addresses emergency situations that severely impact most users. In one implementation, the UngetAdviceNet performs the synchronization process preferentially, and performs the synchronization process whenever any synchronization process is performed.
Other fields of application
Thus far, the present invention has been directed to its application in connection with technical support. The following is a partial list of other applications in which the invention may be applied:
Consolidator.com
a airline affiliate purchases fifty seats that fly from new york to london in august and twenty days. The affiliate wants to sell the seats to passengers. In addition, the affiliate has a travel with a plurality of travel agencies.
The affiliate can use the invention to make the marketing of their products more efficient. The affiliate acts as a notification provider and makes announcements whose association announces that a user is present in the customer database of the travel agency and that the user has kept a ticket to travel from new york to london at or near that date. The notification provider may place the announcement on its notification website.
In the above example, different travel agencies operate with the airline ticket affiliate, notifying users that each has its own computer set to subscribe to the affiliate notification website. The users also have special inspectors installed in their own computers that search the customer database of the travel agency to search for users who have a particular travel plan. The announcements are entered into the user's computer and the relevance is automatically checked. Here, relevance refers to potential travelers who own a travel plan. The travel agency provides the reduced-price ticket provided by the affiliated agent to the traveler. The affiliate then sells the ticket and the travel agency gets a commission. All participants are now benefited.
CheapFlights.com
Large airlines often offer the opportunity to offer inexpensive airline fares in the last minute. Airlines want tickets that can fit customers who still want to travel to certain cities in the last minute. The airline can employ the present invention to make marketing of its products more efficient. The airline serves as a notification provider and makes announcements whose association column announces that there is a desire in a user profile to travel to a city. The notification provider may place the announcement on its notification website.
Among the potential travelers, the notification users are configured to subscribe to the airline's notification website on their respective computers. The user additionally indicates in his user profile that he wishes to travel to the city he wants to reach with a brief announcement. The announcements are entered into the user's computer and the relevance is automatically checked. Here, relevance refers to the opportunity to shortly inform the flight.
Commodity.com
The system described above may operate in many other commercial areas; for example, one could build, for example, cheapocenters. com and cheapoholdsuites. com and operate on similar principles.
Extended in this regard, it is possible to utilize the present invention to run a new type of commercial market. Com, in one mode (see fig. 18), there is a central web site called commodity. This setup is attractive in the environment currently handled by classified advertising, where much of the labor is devoted to searching the main market. The process is as follows:
com 180. the provider submits a notice to commodity.com that offers to sell the item.
Com notifies the staff of the website to edit and publish the announcements 181, 182.
Com 184 is subscribed to by the user.
The subscriber enters information about preferences into the user profile 189, 190.
The relevance bulletin considers items that match the user's preferences. The process proceeds in the manner described above, wherein the reader is notified to collect the announcement 183 from Commodity. com. The relevance evaluation is performed 185 according to the user profile, which is checked 186 using a user profile checker. The user then inspects the associated item 187 and takes action 188 with respect to the information contained therein.
BalanceTransfer.com
In the field of financial services, there are many companies that attempt to market specific services directly to customers. These services include the possession of credit cards with low-interest loan services, the transfer of credit balances from financial instruments that cannot be operated simultaneously, and the provision of mortgage loans.
The task of contacting the customer is expensive and often suffers from difficulties. Some users, while interested in the benefits of financial services, are reluctant to contact by telephone or letter. Other users are reluctant to disclose sensitive information in the phone, which is often necessary for participation.
The following is an example of the financial services provided by the present invention. The embodiment of the present invention is exemplified by a centralized system, but it is easily a non-centralized system.
Com, which provides balance transfers to accounts with sufficient balance and revenue.
Com announces to notify the staff at the website to edit and publish the announcements.
Com. user subscribes to balancetransfer.
The user fills in information about credit card balance, interest rate of the current balance and income in the user profile.
Notify the reader to utilize a remote connection and check the balance while maintaining privacy.
Provide the user with a relevance service that is beneficial to the user. If the postings are well-written, the postings can use the revenue data to test whether the applicant has approved. Thus, the association bulletin has a degree of reliability checked in advance.
There are many variations of this announcement. Home loans operate in much the same way. The written description of the publication will refer to variables relating to principal, current interest rate, and current loan terms. An advertisement has relevance if it provides a better set of terms than the current term.
Such services need not be fully centralized. In a typical variation, individual mortgage brokers may provide their own notification website.
BadPills.com
The present invention is applicable to alert revocation and security bulletins for various user products. The following is an example.
Com is a website where information about drugs and their interactions can be obtained. How this website operates to inform the user population about the risk of drug interactions that may occur will be described below.
The U.S. Food and Drug Administration (FDA) and other agencies, such as drug manufacturers and user organizations, will provide information about drug interactions and side effects. Each announcement has the following format:
the association clause declares that there is a prescription in the user's drug database that currently causes an interaction known to be potentially harmful.
The human readable content informs about such interaction, informs the pharmacist that there is such interaction in his customer population, and prompts the pharmacist to correct the condition.
Notify the website to collect opinions, edit and publish them.
Pharmacist subscribes to the website: the pharmacist must install a standard drug user database checker on his own computer as part of initiating the subscription. The checker may check whether a patient in the database has a certain medication order.
The pharmacist's computer collects the announcements on a regular basis.
The relevance evaluation queries the drug user database checker.
The database checker processes the drug database.
The relevance message is provided to dangerous drugs and used.
The embodiments of the invention described above have many variations. A similar service can be provided to physicians through a physician and patient database checker, where the physician can track logged-in patients on their office's computer. Similar services can be provided to patients through individual health record database reviewers, where the patients can log themselves into the user profile. One way to simplify the above procedure is to have an information exchange procedure that allows the user to remotely query the drug database associated with the user.
Group anonymous communication
Assume that group G wishes to communicate anonymously with provider P. Individuals within population G are widely distributed and not known to each other. At this point, the present invention may establish a website for providing two-way anonymous communications.
Such communications are widely available and available to many people. It is important for the anonymity of the participants that the system provides different individuals from different groups for use.
This website is an anonymous posting notification website in which any email sent to a particular address is stripped of its identity and posted on the notification website. The notification web sites are operated in a fully automated manner. This website may be referred to as secretfriends.
The web site may be used in conjunction with a private and public key encryption system. Secure offline refers to a system in which an agent group G arranges communication with a group P. The proxy group will communicate the public key established for group G to group P for purposes of discussion herein. This public key is not really public, but only known to group G and group P, so it is called a public key because it is a public key made by standard applications of the general public and private key system. This public key is only transmitted to the group P. Likewise, the proxy group will transfer the specially established public key from group P to group G.
The group G and the group P exchange messages in the following way:
subscription to secretfriends.
Create messages for users only in relation to the users holding the issued public keys.
The encrypted message is posted to secrte friends.
The above processing provides anonymous communication as follows: the notification reader of the participant is synchronized with secretpriends. Where possible, a large number of announcements of the truly encrypted messages will be available. The notification reader only displays the message that is actually encrypted with the assigned key, and the rest of the messages are discarded. The association announcement is then encrypted and read.
The above process may provide anonymity in compliance with the AEUP agreement, since, given the use of secretfriends. Due to the structure of AEUP, a person observing the process on the notification website cannot tell the messages that are relevant to the user.
Dissemination of sensitive product information
In certain environments, changes in group anonymous communications are provided as information services for users in which users of products do not wish to disclose the products they use; for example, users of antipsychotics or patients undergoing cancer therapy.
The use of sensitive products is given the numeric code accompanying the purchased product as a (secret) public key. The user then subscribes to a pre-programmed specific notification website, such as secretpriends. The users specify (secret) public keys in their subscriptions. The notification reader will periodically synchronize with the web site and bring some associated products into the announcement, others are not associated with the product. Only the announcements relating to a particular drug will be relevant by testing for digital signatures.
Issue of security
While the invention disclosed herein is embodied in the manner described above and is applied to the field of technical support, it can also operate in critical environments. The implemented system typically interacts automatically with the internet and acquires and uses resources from remote computers without human supervision. These resources are retained on the user's computer for a period of time and their relevance is periodically evaluated. When an association advertisement is identified, the notification reader presents the explanatory content of the association advertisement to the user. The explanatory content may suggest some effect to the user in terms of taking action with respect to the computer, connected device, or other object. If the user agrees to take actions, these actions are typically performed automatically.
In any case, the notification reader will refer the automatically processed document to the user and, after processing, suggest to the user a potentially permanent change to the computer or its environment. Network experts agree that unsupervised interactions on the Network are extremely dangerous (see Anonymous (1997) Maximum Security, Sams. net Publishing, Indianapolis; Oaks, S. (1998), Java Security, Oreilly, Sebastopol, CA; and Baker, R.H. (1995) Network Security, McGraw-Hill, New York). In fact, the present invention does not expose the notification user or notification provider to an environment with a risk greater than the baseline risk typically involved with the use of email, web browsers, and related internet tools in a standard mode of operation. The risk involved in the interactive modes of the internet is currently considered to be within the acceptable limits. The present invention is less risky in the typical mode of operation.
Preliminary comments
Two basic points are of interest:
reliable websites: the concept of reliability has been discussed above. Users should only subscribe to their familiar notification web sites to provide reliable notifications. In fact, users typically set their notification readers to subscribe to notifications from large enterprises that produce items and services of interest to the user, such as: a computer manufacturer, a software distributor, or a provider of internet services. This type of subscription infrastructure is a very secure act. Such organizations are interested in providing reliable notifications to maintain an affinity with their customers. It is expected that users subscribing to such notifications made by large enterprises will be exposed to very low risk.
Better addition Bureau: the betteradvicebureau.org described above is a basic tool for ensuring the security and privacy of the user of the present invention. All users of the present invention subscribe to the website. The website compiles objectionable notifications and informs the user about dangerous websites and about bad notifications in circulation. The Better services Bureau in some aspects of the invention serves as the immune system of the invention, which corrects for dangerous situations. UrgentAdviceNet is another web site available for all users to subscribe to, which provides a special mechanism for delivering very urgent notifications to a group of users.
Risk without high profile
The following discussion of security considers risks well known in the context of internet interaction, and then explains that these risks do not actually occur in typical implementations of the present invention.
Detailed documentation of high profile risk
Internet operations have been exposed in the past to active threats that may be represented by three images in a popular impression.
Illegal invasion: kevin Mitnick cases. In the past few years, Mitnick has used the internet to invade computers around the world in a systematic way, with the intention of crashing some computers or permanently losing data. Although Mitnick can be viewed as a malicious talent, in fact, websites on the internet have given clues on how to intrude into the pentagon computer. The experiment conducted in 1997 by the pentagon showed that with publicly available information, one could actually enter a confidential DOD computer and cause permanent damage to the documentation.
Attack events: current internet offers free software that allows users to attack other people's computers on the internet and cause them to crash. The basic strategy is to connect different TCP/IP port servers of the victim to be attacked and flood the server with requests for service (see Anonymous, maximumsource, sams. net 1997).
Destruction program (work): robert Morris, Jr event. In the well-known event of 1988, Morris released a destructive program that was rapidly distributed over the Internet and self-installed in many computers, and when executed in those computers, the destructive program distributed it to other computers. In fact, Morris is only about tricky, he is surprised by the rapid dissemination of this destructive process, and it takes a lot of time to eliminate this destructive process and restore the affected computers. The great destructiveness of the destruction procedure results from its ability to be automatically distributed and automatically executed on any reachable computer. The above events vividly represent the risks that may be posed by the automatic distribution of executable code over the internet (see Pfleeger, Securityin Computing, prentage Hall, 1996).
The user is not exposed to high profile risk
Informing the reader does not cause the user to expose a high profile source beyond the baseline risk currently being experienced.
The notification reader is less vulnerable to hacking because it does not provide any user interface login with the system required for hacking.
The notification reader does not pose an additional risk of attack on the user's computer beyond the risks faced by current internet connections.
Notifying the reader does not increase the risk because it does not permanently open TCP/IP ports that may flood with large demand. The outside world cannot attempt to communicate or interact with the notification reader.
The reader is notified that the network is not exposed to any threat of disrupting the procedure. In a typical configuration, the system does not provide any mechanism for distributing any objects from one notification reader to another.
Server exposure
The victimity of the server of the present invention to active threats is considered below. The server of the present invention is similar to all servers built on the internet, and aims to provide services to the outside. These services are visible on the internet and are released at full time as commercial transactions.
The present invention is not subject to hacking because it does not provide any user-to-system interface login required for hacking. However, servers may still flood as many demands as all servers on the internet. There are well known techniques to overcome this surge of heavy demand and are known to professional website operators. The server-side users of the present invention are experts with sufficient technology to evaluate and respond to this standard type of threat.
The server of the present invention does not expose the server to any threat of disrupting the process. In a typical configuration, the present system does not provide any mechanism so that any object can be disseminated from one notification reader to another, nor so that any object outside of a very narrow range of functions is executed on the server.
Is influenced by protection
To some extent, the present invention does help to avoid damage from destructive procedures, intrusions, and attacks. The notification delivery mechanism allows network security personnel to create warning announcements to alert users of such conditions when the user's operating mode may cause the channel to open and be maliciously corrupted. The notification delivery mechanism also allows network security personnel to make a notice for error detection that can check whether the user's computer is being corrupted or has been corrupted recently. In this manner, the present invention functions as an immune system that can quickly disseminate revised notifications.
Risk of being deceived
In fact, the interaction of the present invention is not completely unsupervised. The notification reader only communicates with the notification website to which the user has subscribed. Thus, the user has exercised a high degree of permanent supervision when selecting subscriptions. If the user only subscribes to the web site provided by the organization that actively provides reliable notifications, the user is protected. Individuals making harmful notifications do not legally force the notification to be directed to any particular notification reader.
Among the current threats, a very important category is not well known, namely the destruction of fraud. In this category, a fraud that falls within the internet site assumes that the user is communicating with a reliable website, but actually communicates with the fraud's website. Another fraud is the use of a latent program that is ostensibly a standard application, but in fact it is not, and thus in some way destroys privacy and Security (see Anonymous, Maximum Security, sams. net, 1997).
DNS fraud behavior
In this case, fraudsters create a copy of a web site that resembles a popular and reliable one, such as the MicroComp web site. However, the fraudster's website additionally contains harmful notifications.
DNS fraud provides a way for a fraudster's website to appear to some users on the network as a true MicroComp. This only happens under current network agreements, where fraudsters interfere with some users' DNS query processes and mislead the notification requirements of a particular user for the MicroComp.
The DNS fraud operates as follows: fraudsters must be able to access devices on the internet at the system level that are physically located to intercept certain domain name resolution requirements provided by a particular Domain Name Server (DNS). The fraudster programmatically causes the IP routing logic to check for MicroComp but intercepted requests and return the wrong TCP/IP address, and the returned address is directed to the fraudster's masquerading notification website. When a notification reader attempts to go to MicroComp's notification website, all notification readers located downstream of the fraudster will be misdirected to the disguised notification website. Disguised websites look the same as real websites, but disseminate harmful notifications under disguised reliable providers. In summary, through DNS fraud, an attacker can introduce harmful notifications directly to more than one computer.
Such activity has constituted fraudulent criminal acts under current federal regulations. Such fraudulent activity has been reported to be very rare (see Anonymous (1997) Maximum Security, sams. net Publishing, Indianapolis). In addition, criminals who are able to conduct this type of fraud will find the system of the present invention to be less attractive than other targets. For example, DNS fraud at large and medium-sized e-commerce websites such as internet bookstores and software wholesalers is attractive to fraudsters because more benefits are obtained if the fraud is successful. Indeed, a fraudster can masquerade as a website for a certain retailer and have the appearance of a webpage like a real website. The fake web site contains the user filling out the form for conducting the transaction. In reality, the tables are used to obtain data about credit card numbers or other sensitive properties. The above appears to be a more direct way to gain benefit to a fraudster's DNS fraud program.
Such activity affects only a portion of the users of a large public network, such as the internet. For example, if a user is willing to securely connect to a DNS server, assuming that the information on the server is securely maintained, DNS fraud is not a substantial threat to that particular user. In most large and medium-sized enterprises, DNS services are provided by the intranet of the enterprise. Assuming that the fraudster is outside the enterprise, the threat of such fraud can be blocked by security devices (i.e., firewalls) inside the enterprise to the notifying users inside the enterprise. Some non-enterprise notification users enjoy internet connectivity through an internet service provider on the internet that is physically located near the modem. If the fraud is not located in the physical area of the Internet service provider's office, the user using the DNS service will not be harmed by DNS fraud.
Indeed, the threat of fraud only occurs with notification readers that rely on insecure DNS wiring. In future network agreements, DNS connections may be digitally authenticated and in such an environment, the threat of fraud may be thwarted. Before the arrival of such a network agreement, the present invention has a way to employ digital authentication for the notification itself in the current area to block the threat of fraud. Digital authentication of notifications is also of interest to users using secure DNS connections because in some embodiments notifications may be disseminated by unsecured devices, such as email or thief networks. Digital authentication of notifications may allow the user additional confidence in the notification that he or she has received.
In an exemplary embodiment of the invention, digital authentication terminology refers to the utilization of current digital signature mechanisms, which are based on what are referred to as public/private key pairs (see PGP 4.0 Users Manual, PGP Pretty GoodPrivacy, Inc. (1997)). This mechanism has evolved into a well-understood, mature and reliable standard. Other types of digital authentication may be used with equal effectiveness.
How the public and private key pair mechanism is used for authentication of notifications will be described below. A notification provider (e.g., MicroComp) may obtain a public and private key pair, where the provider only knows the private key privately. As described below, the notification provider takes steps to disclose the correct public key. A provider of a public and private key pair will append a signature block to each advertisement that the reader has been informed of the correct public key to successfully interpret. Informing the reader to interpret the block proves that the author knows both keys, which also proves that the author is indeed MicroComp. In typical embodiments, the user interface element informs the user that a given notification has been MicroComp signed. The precise meaning of the above process is that the signature block has been successfully interpreted using a known public key.
The mechanism of the present invention for avoiding the threat of DNS fraud involves actions by both the user and the provider. The provider makes a description document of the web site that contains a list of subscription information including the location of the web site and the public key of the web site's digital signature. The provider publishes a description of the web site, such as the actual medium, e.g., disk or CD-ROM, as part of the MicroComp release software product. In this manner, many users can obtain a copy of the website description document through a secure device. A user subscribing to the MicroComp would submit the MicroComp's web site description document to the subscription administrator of the notification reader. Whenever a bulletin is made, the provider attaches a digital signature block. Whenever a notification is received, the notification reader checks whether the digital signature has been successfully interpreted with the public key of the corresponding MicroComp known to the reader. Unless the notification passes this trial, the notification reader will refuse to evaluate the relevance of the notification. The reader also informs the user that there is an unsigned notification from a web site, and the specification document for the web site indicates that the web site provides only signed notifications. The reader also notifies the Better service Bureau of the above.
In order to observe why such a process can avoid being harmed by DNS fraud, it is important to know the basic characteristics of the public and private key system. Com, fraudsters are generally admitted to be faced with a very difficult situation when trying to mimic the digital signature of microcomp. The above conclusions are based on the following assumptions: fraudsters must utilize a counterfeit signature that can only be successfully made from public information related to cryptographic techniques; i.e. the fraudster cannot directly access the private key of the MicroComp. Correctly emulating signatures from published information is a computationally very difficult task for fraudsters (see c.pfleeger, Security in Computing, Second Edition, Prentice-Hall (1996); and PGP 4.0 Users Manual, PGP Prettygood Privacy, Inc. (1997)). An equally difficult computational effort is that of factoring into prime factors for integers of hundreds or thousands of numbers. With thousands of networked computer workstations for months, factorization is only possible for numbers of 150 to 200 digits. The above calculation can be achieved only by the scientific cooperation enterprise. Fraudsters are simply not able to successfully factor the integer length of the algorithms typically used for signatures using the required resources. Furthermore, there is a simple remedy to double the number of keys to make the factoring effort beyond the capabilities of currently available computing resources.
In summary, it is almost impossible for a fraudster to make a notification with a digital signature that is known to the true MicroComp public key. Unless a fraudster is able to do so, the notification reader will refuse to assess the relevance of the notification, so the fraudster's notification is not a substantial threat.
Key fraud
Key fraud is an obvious vulnerability in digital authentication systems. In this case, the user's notification reader accepts to some extent the incorrect MicroComp public key, i.e. not the correct key for MicroComp, but the public key of the fraudster's public/private key pair. If this occurs, the notification reader may be fooled because the notification reader may mistake the notification of the fraudster as valid. However, the design of the present invention avoids this.
Key fraud occurs by initiating a subscription by the user using an insecure channel to obtain the website description document, such as installing the original software from an actual medium. Fraudsters tend to make counterfeit website description documents and distribute these documents over the internet.
Exemplary embodiments of the present invention are not fooled by key fraud. There are three mechanisms for avoiding being masked, any combination of which has an effect:
Authentication of the web site description document: in one implementation, the website description document contains a digital signature of the central authority Better Advice Bureau to prove that the website description document is indeed MicroComp certified. The digital signature of the Better service Bureau is hardwired to the notification reader, thereby avoiding the possibility of fraud in the certification of the Better service Bureau.
Fraud-proof key verification: in a typical implementation of the subscription administrator, the key is verified before the subscription is recorded. The subscription administrator contains hardwired information to establish a direct TCP/IP connection with the hardwired IP of the key authentication server. Such a server will verify the given public key of the organization in the manner it is claimed. Because the contact address of the server is hardwired to the program, DNS fraud does not occur in the process of accessing the key server.
Objection notification: if a website has been defrauded, a notice must be submitted to bettradvice bureau.org and distributed to all notification readers, since bettradvice bureau.org is a built-in subscription. The advertisement will claim the value of the correct public key attached to the web site. Users with incorrect public keys will be informed of the association bulletin explaining the risks involved. If the event is particularly urgent, then UngetAdviceNet will be used.
In summary, if the notification reader and its subscription are properly set, the notification provider can avoid fraud when issuing a notice digitally.
Wind removing device for reducing fraud threat
DNS fraud is a serious threat to the security of the internet, which can not only threaten the system of the present invention, but also threaten other parts of the internet, particularly e-commerce. Betteradvicebureau.org and UrgentAdviceNet are both important means to help block announced fraud.
Betteradvicebureau.org and UrgentAdviceNet are important means to help block fraud on internet activities. By using such a combination, the possibility of fraud on the Internet can be reduced, and the possibility of fraud other than the present invention can also be reduced.
Latent procedure for notifying reader
Another potential deficiency in the security system of the present invention is the legitimate notification of an executable binary copy of the reader, which may be obtained by an attacker, and then altered in a systematic manner to incorporate new behaviors. The resulting illegal readers will be distributed over the internet again and appear in a pose that masquerades as a legitimate notification of the reader's backup and are downloaded for use by an unknowing user. There is no way to prevent such illegal readers from being generated, nor is there a way to prevent the backup of illegal software tools from exhibiting very disruptive behavior. All users of the world's Internet community are aware of this situation. Anyone who downloads software from non-legitimate provider sites on the internet exposes himself to danger, whether the software downloaded is a text editor, a spreadsheet, a web browser or a notification reader.
However, there is concern over illegal latent readers that compromise user security and privacy, rather than being vandals. Such latent readers contain subtle features that can escape the unscheduled detection and cause subtle changes in the user's environment or collect and forward important information about the user. Likewise, the present invention is not more vulnerable to such changes than other software. In any event, in the exemplary embodiment of the present invention, it includes two mechanisms for recognizing the presence of latent software and helps to correct this condition.
Server challenge: this implementation is part of the server-reader interaction protocol of the present invention. A typical implementation of a server initiates communication with a notification reader by exchanging a default control signal (handshaking) procedure, wherein the server queries the notification reader for a notification reader that proves itself legitimate. In typical implementations, the reader is notified that certain data blocks with known characteristics are created by writing in the memory in a dynamic manner at a known starting position from the program. The method of creating such data and its purpose are kept secret. The server selects any block in the data and queries the correct digital digest associated with that block to inform the reader. If the program has been altered, the executable code may not be able to correctly reply to the challenge. If the server does not receive a satisfactory response, the server will send a notification to the automated associated reader and notify the user that the reader is not correct. The notification reader may also refuse to interact with servers that do not pass the digital authentication test.
Notification challenge: at the betteradvicebureau.org website, the present invention provides a notification whose contents can be used to verify that a valid configuration of the present invention has been installed. The notification may change every day to declare a particular block of data in the CPU memory while the reader is executing and has some digital digest. The blocks may be randomly selected by the setter service bureau.
In summary, the present invention can determine the analysis latency and inform the user of the analysis latency.
Reducing the threat of latent procedures
The latent process is a serious threat to the security of the internet, which not only threatens the system of the present invention, but also threatens other parts of the internet, especially electronic commerce. Betteradvicebureau.org and urgetadvicenet are both important means to help block announced fraud, as well as for latent programs. Betteradvicebureau.org and urgantadvicenet are also important means to help lock out latent applications. By using these means, the possibility of being damaged by the latent program activity on the Internet can be reduced, and the possibility of the latent activity other than the present invention can also be reduced.
Irreducible core risk
The flawed notification provided by a reliable author for goodwill poses a threat. The author of the notification would like to provide a good notification for good reputation. Notification providers are part of a complex mechanism in a core application domain (e.g., technical support) that handles things in a trained manner. The notification providers understand that notifications should be tested for safety and effectiveness and issued in a discreet and staged manner. Therefore, only a very few notifications in the technical support field have drawbacks. However, a reliable notification provider may occasionally make problematic notifications.
The risks that a notification may pose are two of the following:
first, there is a risk in the collection and evaluation of notifications.
Secondly, there is a risk in the processing of the solution, i.e. the user responds to the solution provided by the relevance bulletin for the problem situation. The second risk is greater at present. When the user agrees to a solution, it causes the powerful actions to produce permanent results. The reader is notified that it cannot provide any protection against erroneous or deliberately corrupted solutions. The responsibility for security falls back on the user, who should always restrict subscription to well-known and reliable websites, and who must first go through the description and reliability of the source of the bulletin before accepting a proposed solution for the bulletin. In a typical configuration, the present invention does not automatically implement a solution operator because the user has to be supervised.
For the first risk, and in collecting and evaluating notifications, the present invention is specifically designed to limit this risk.
In a typical situation, the present invention does work in an automated mode that does not require human involvement. In this mode, announcements are collected from external notification websites without user intervention and automatically evaluated for relevance without user intervention. As mentioned above, internet experts agree that automation without human intervention is a serious risk.
However, the present invention does not download any resources nor evaluate any executable code. The design of the present invention places limits on the automatic flow of information to the user's computer and limits on the effects of automatic evaluation. These limits are specifically designed to avoid the known risks of automation.
In a typical configuration, the present invention does not automatically perform a solution operator nor does it perform an operation without human intervention. In this typical configuration, automation on the system does not have a direct effect, i.e., the reader is notified that access to a particular portion of the system environment is not modified. The effect is instead produced in an indirect way, i.e. as a side effect of consuming too much resources in the downloading and notification evaluation process. The following three types of side effects are associated:
(a) The process of collecting notifications monopolizes all network bandwidth.
(b) The process of collecting notifications may flood the storage device at the near end.
(c) The process of relevance evaluation may consume all CPU clock cycles.
Problems (a) and (b) can be solved by using a quantitative allocation of resources. Information that can flow into a user's computer includes ASCII text documents. By limiting the quota of download time, the system can avoid the possibility of overuse of network resources and avoid the consumption of the capacity of a processor and a storage device caused by downloading a document with large data volume to a computer. The problem (c) can also be partially solved by the quantitative allocation of resources. The present invention solves this problem by metering and supervising the amount of CPU usage and limiting the quota of resources.
The safety support of the present invention
The present invention is designed in various aspects to support the peculiarities of security.
Language structure
The association language is an example of a mobile code. Such code is written by authors on one computer for interpretation on another computer. Recently, The development of Security languages for mobile code has attracted widespread attention (see S.Oaks, Java Security, Oreilly (1998); and N.Borenstein, Email with a mind of its own: The Sage-TCL Language for Enablel, http:// minsky.med. virginia.edi: 80/sdm7g/Projects/Python/safe-TCL /). Both Java and Safe-TCL programming languages are so-called security languages, i.e., both provide a level of security not provided by conventional C and C + + languages.
The association language is a language for mobile coding. The degree of protection afforded by the language exceeds current standards for security levels in the Internet business community. Basically, the interpretation of the association language for the mobile code is more secure than security languages (e.g., Java and TCL). Java, TCL and associative languages are programming languages. These languages include control features such as loop, recursive and branch descriptions, which consume significant system CPU resources. These languages also provide the author with the ability to perform storage configurations, and abuse of this functionality would potentially consume a significant amount of system memory resources. Although it is labeled as safe code, the retrieval of code in these languages from the network performs automatic operations, which are actually dangerous operations. In fact, the mobile codes are typically operated only under human operation. For example, mobile Java code is often used in web browsers, and when the code is executed, one can view the screen, which means one can supervise the process being executed.
The association language is a descriptive language, rather than a procedural language, that describes the state of the computer and its environment. The relevance evaluation is a process of determining whether the status is true. The state is described in a language that does not present conventional control structures (e.g., loops) nor does it present conventional storage location allocation functionality.
In fact, the relevance language is so tightly bound that it is not a complete turing (Tuning). Associative languages do not suffer from the well-known turing termination problem that typically occurs in procedural languages. The turing termination problem is to determine whether a given computer program will terminate. Most procedural languages are not deterministic, include perhaps simple programs, and have no way of knowing in advance whether the program will end up in the end. The Java and TCL languages may not be determinative. In obvious contrast, a statement in relational language is conclusive that the program terminates. This feature is a security that cannot be guaranteed by another Java and TCL languages.
Human understandability
Another security feature of the present invention is the human understandability of the associative language. The appearance of the associative language may be reminiscent of the common english language. A user who can read English can roughly understand the effect of a given notice by checking the plain text of the notice. In this way, the user can understand the announcement given to them. While an unreliable notification provider may disguise its intent by writing an unintelligible relevance clause, it is more important that a reliable notification provider be able to have its intent explicitly presented to the user to gain and foster trust.
Disclosure and labeling
In one implementation, the present invention provides a mechanism that encourages the notification provider to clearly target the desired effect in the announcement, thereby providing the public with the correct knowledge of the risks attendant to the operator of a given solution.
In this embodiment, the Better Advice Bureau defines and maintains a list of special indicators that indicate the effect of a particular solution operator; for example, there will be an affected subsystem, the extent to which the effect can be recovered, and further explain how the proposed altered document is obtained. The notification provider utilizes this tagging system to describe the effect of the announcements published by the provider. The notification reader utilizes the tagging mechanism as part of the user interface in the solution suggestion process. When a user attempts to exercise a solution operator, part of the user interface indicates to the user the type of adverse event that may be caused based on the indicia provided by the provider.
Both the user and the provider are under the guidance of a central taxonomy, which has a common way to understand and explore the side effects of system changes. The Better service Bureau sends out an objection to the bulletin that does not actually signal the effect of the bulletin. The notification reader will use a clearly visible identifier to alert notifications of severe effects and to alert notifications of unnoticed effects. The user may refuse to accept untagged proposed solution operators or refuse to subscribe to a website that produces untagged operators.
Safety conclusions
There are many illegal activities that compromise the security of the user. However, the system of the present invention has been designed with effective means of defense. The present invention does not entail a higher risk to the user than currently afforded by using e-mail and web browsing, and in fact, the risk involved in the present invention is far lower than that afforded by performing standard activities.
In addition, a reliable notification provider may issue harmful notifications. A system designed according to this invention is able to control and correct this situation. The extent of damage caused by inadvertent errors is controlled because notifications are only accessed by a limited portion of the system resources, such as disk storage space and CPU time, and in typical embodiments, the usage of these resources is monitored and quantified. The structure of the notification document and its accompanying association language are clearly understandable to the user, which helps the user to play a role in promoting his security. Finally, the invention includes a mechanism for automatically correcting the security problem through the processing process of the announcement, the processing of the Better Advice Bureau and the UngetAdviceNet.
Issue of privacy
The notification reader may obtain a wealth of information about the user's computer, about the content of documents on the user's computer, and about the interaction between the computer and devices in the current environment. In typical embodiments, the notification reader has access to financial, personal, or medical items about the user on the user's computer, and depends on the extent to which the user stores such information, such as bank deposit balances and medical prescriptions. Part of the environment in which the user's computer is at home or at work constitutes the area in which its computer is connected to network devices, informing the reader that it is able to access information about the environment, such as whether certain devices are present in the environment, whether the devices are functioning, and what the operating conditions are, etc. This feature of the present invention is beneficial to the user, helping to write useful notifications that indicate problem conditions in order to alert the user.
Most of the information accessed by the invention has potential sensitivity, and most users can disclose the information to strangers without knowing. Any system that is capable of accessing such information must also be capable of protecting the information. As described below, the notification reader can protect the privacy of the user.
Existing internet privacy standards
The design of the invention can ensure the privacy of the user, and the protection degree provided by the invention is far higher than the standard adopted by the current Internet business community.
Internet-mediated activities such as web browsing and online shopping may result in the user revealing the user's identity, computer configuration, and some information about the user's shopping and browsing preferences to the web server. Currently there is no individually acceptable privacy standard and industry groups have been formed that specifically gather information about users from interacting with their websites and share information about users. Parties who look at the interests of users, such as Electronic Privacy Information Centers (EPICs), have been composed to respond; in addition, there is currently political debate over the electronic privacy of users.
The present invention provides a method that meets or exceeds the expectations of the user community for information privacy and provides a method for the industry community to provide messages that fine-screen targeting to recipients of the desired targeting.
The criteria of the present invention can be understood by considering the classification of actions that place importance on/ignore privacy. The specification standards for notification providers fall into four categories, defined as follows:
(Ea) fully compliant with specifications
(Eb) is somewhat regular
(Ec) is legitimate only
(Ed) criminal
The fully compliant behavior of the information provider is defined as fully respecting the privacy of the user and the purpose of the communication protocol of the present invention. Providers with fully compliant specifications have:
it does not illegally steal the identity or supervision of the user community; in particular, it will not:
attempting to infer the identity or attributes of any user from the server's activities;
attempting to infer the identity or attributes of any user from the activities of the network; and
the internet is not used as a medium for the mere broadcast of advertisements and the user does not passively receive messages without any requirement to establish contact with all or most users.
It fully informs the user of the existence and purpose of the data collection action.
It does not use the collected information in a manner that is not relevant to the purpose of the disclosed information collection.
It does not correlate the information derived from the questionnaire to future activities of the server or network.
Fully compliant behavior is a much higher standard than most authors currently in the internet business community. Currently, in the internet business community, there are a wide range of attitudes and behaviors towards the privacy of users. Many examples can only be classified as somewhat normative or only legitimate behavior.
Slightly normative behavior refers to the ability to infer the identity and attributes of a user from internet activity, to notice the possibility of privacy breaches, to respect the relationship between the provider and the user without utilizing information to make unwanted contacts with the user, and not to provide information to other business operators, etc. In fact, the somewhat regulated behavior limits the information collected to in-house research and planning uses similar to the way companies currently have regulated use of information collected from product registration cards.
Legitimate behavior only means that the user's identity and attributes are inferred from internet activity, but the possibility of privacy leakage is less noticeable, and the collected information is used as much as possible under current regulations, including systematically providing information to other operators and making contact that the user does not need. Many standards for information gathering using networks are just about legal. Companies that collect information about users use web browsers to inform the users that unsafe processes are taking place. The companies do not individually tell and explain what information is being collected, how the collected information will be used, etc.
Protection of privacy
The invention does not allow unsolicited communication with the outside world. In routine operation, the present invention will only communicate with the notification servers to which the user has subscribed. Given that security issues, such as fraud and latency, do not constitute a problem, the risk of privacy leakage is concentrated on the interaction between the user and the provider of the reliable notification. As described below, the protocol of the present invention divides the advertised communication process into the following stages:
(ACP-a) subscribe: the user starts the subscription in an anonymous way.
(ACP-b) Collection: the user's notification reader collects notifications from the web site in an anonymous fashion.
(ACP-c) evaluation: the user's notification reader evaluates the relevance of the notification.
(ACP-d) explanation: the user's notification reader displays the document produced by the notification provider and explains why the announcement has relevance, while suggesting a solution/response.
(ACP-e) solution/response: the user reviews the document and may accept suggested solutions/responses or contact the outside world.
The present invention utilizes the AEUP protocol to make the steps (ACP-a) to (ACP-d) completely secret and to limit the information provided in step (ACP-e).
Operationally, a fully compliant notification provider never violates the privacy protection of the communication agreement at steps (ACP-a) through (ACP-d). In particular, a fully compliant notification provider never utilizes the present invention to steal a user's identity or supervision, does not infer any user's identity or attributes from the server's activities, nor does it develop tools for inferring any user's identity or attributes from the network's activities. Notification providers that are fully compliant with the specifications do not utilize the present invention as a purely advertising medium and do not establish announcements to contact all or most users without request. The present invention is used to collect user information during the questionnaire of solution time (ACP-e), and to fully explain the type of the collected information and the purpose of collecting the information in light understandable terms for the user in advance. There is no intention to use the collected information beyond its disclosed purpose, nor to correlate the collected information with future activities of the server.
In typical embodiments, the present invention may incentivize providers to act in a manner that is fully compliant with the specification. The present invention may provide a mechanism for motivating users to learn the criteria that fully comply with the regulatory behavior, as well as to learn the criteria that individual providers have. The present invention includes mechanisms for countering and preventing criminal attacks against privacy and can counter and prevent out-of-specification behavior.
In typical embodiments, the present invention has a variety of mechanisms that can be used to facilitate and enhance full canonical behavior.
First, by encouraging reliable subscriptions to notify web sites, the present invention can encourage users to learn about the quality of the web site. One important quality factor is the normalized quality.
Second, Better Advice Bureau provides a mechanism for issuing announcements that warn against web sites that are not compliant with the specification. The Better Advice Bureau maintains a list of objective factors that may publicly make objectionable announcements. This list allows the user and provider to clearly understand the type of activity that generated the objection to the announcement. In this manner, the provider may receive criteria as to what behavior will constitute an out-of-specification behavior. For a provider who wants to maintain a trust, it will act in a manner that is in compliance with the specification.
Third, the present invention thwarts attempts to violate the privacy of the agreement. As described below, the present invention effectively addresses all legitimate threats against the present agreement, and the provider must violate the present communication agreement in the event of a breach of law.
Privacy and AEUP
The invention utilizes the protocol (AEUP) to exchange information over an open public network, which enforces the addition of information ethical standards that are much higher than current industry standards. In addition, the agreement may be resistant to certain public criminal acts.
The goal of AEUP is:
the information located on the device equipment remains on the device equipment.
In other words, the information of the user's computer or its environment obtained by the present invention will not be distributed to external third parties without clear consent. In practical terms, AEUP provides a layer of security between the user's computer and the outside world. In the absence of human manipulation:
information will flow into the user's computer but information will not flow out of the user's computer.
This restrictive design is represented by the following four principles:
the (PRIV-a) subscription does not compromise the identity and attributes of the user.
(PRIV-b) the act of collecting notifications does not compromise the identity and attributes of the user.
(PRIV-c) the act of evaluating the association does not compromise the identity and attributes of the user.
(PRIV-d) the act of passively checking the association advertisement does not compromise the identity and attributes of the user.
All automated and non-human intervention operations will protect the privacy of the user's identity and attributes when operating under the AEUP protocol. The overall process of AEUP and the present invention execution of (PRIV-a) through (PRIV-d) will be described below.
Privacy in (PRIV-a) subscription actions
Under the AEUP supervision, the information provided by a user when subscribing to a notification website is known only to the user and its notification reader. Clarification is required at this point. In general, the term subscription implies the process of a user registering as a subscriber. Under the supervised management of AEUP, there is no registration procedure above, as such registration procedure is not required. The notification is provided in a manner that, like the web page provided by the web site, it can be freely accessed in an anonymous manner. The process of subscription is the interaction between the user and its notification reader, not the interaction between the user and some notification provider outside. A notification reader operating on the user's computer takes notifications on a web site selected by the user and stores the notifications in a database in the user's computer, and only on the near end is part of the database managed by the subscription administrator of the notification reader. The database controls the evaluation of notifications and allows notification collectors to periodically collect notifications from certain websites rather than other websites. Thus, the subscription process is a private event.
(PRTV-b) privacy in Collection actions
Under the management of AEUP, the act of collecting notifications does not expose to the outside the things of interest to a particular user or the configuration of a particular computer.
It may be objectionable to notify a website that the identity of the subscriber is known because the subscriber's notification reader would collect information from the website on a regular basis. However, in typical embodiments, the only thing that can be learned from the notification collection action is the IP address linked to the notification website. Under current internet protocols, most users utilize dynamic IP addresses, and therefore the association between IP addresses and user identities is low, lasting on the order of minutes. Thus, the information in the IP address is generally not of use.
Furthermore, for users who have fixed IP addresses and do not want the real IP addresses to leak outside, they can use proxy servers. Proxy servers are well known tools that use proxy servers to replace some IP user-server interactions with third party IP user-server interactions, where the proxy requests data from the server and directs the data to the client in an anonymous fashion. For a server, a proxy server is just like a client. For the client, the proxy server is like a real server. There is no direct contact between the server and the client. The server never gets the identity of the client, i.e. its IP address.
In one embodiment, the present invention is configured to provide a global proxy service to all users, and to notify the reader of the selective connection to allow the user to utilize the server. In this embodiment, BetterAdvice Bureau or other central authority provides a server that collects notifications anonymously, receives requests from users to collect notifications, and removes their reply addresses, which are sent to notification websites and forward the reply to users.
The act of collecting notifications may be considered to leak information because the collector only selects certain files from those available on the notification website. This objection arises from the unknown AEUP protocol. In a typical embodiment, the notification collector always obtains files from the notification website that are not present in the user's mechanism. No selection is made during the data collection process. All notifications are only relevant to the relevance assessment after they have been collected and stored on the user's computer. In the act of notifying the collector, the only correct inference will occur when the user is subscribing to the web site.
The above processing method is very different from the current method for acquiring the relevance information by using the internet. In the currently widely used processing method, the user fills in information such as preferences, characteristics, and system configuration in a form. This table is transmitted to the server. The server will then respond to the user in a centralized manner based on the information in the table. This standard approach reveals information about the user.
In the processing of the present invention, user preferences and configurations are kept secret on the user's computer. All notifications provided by the web site are sent to the user's mechanism and then the relevance is evaluated in a confidential manner.
(PRIV-c) assessing privacy of relevance actions
The relevance or lack of relevance of a given notification may reflect a large amount of information about the computer and its environment that notifies the user. A large amount of information about the user can be delivered under very concentrated conditions, in the content of user profiles specified in detail, in the content of specific documents, and the like.
If the reader is notified of the fact that the association or non-association of the notice is leaked from the reader to the outside, the reader is notified of the loss of privacy of the user. If this happens without human intervention, the consequences would be very serious, since there are thousands of announcements to assess relevance. If a mechanism exists to discover the relevance of any combination of notifications in a systematic way, the complete profile about the user will be leaked to the outside world.
In typical embodiments, the association assessment process of the notification reader has only its own extrinsic observations and produces a change in the state of the user interface. When a notification becomes relevant, the user will be notified and no other action will be taken. In a typical embodiment, a notification, when determined to be associated, does not cause any action outside of the user's computer that is externally observable. This is an exception when a remote checker is employed. Please refer to the following description.
(PRIV-d) Passive checking of associated announcements without revealing the identity or attributes of the user
There is no privacy issue for users reading text documents on their own computers. In the outside world, people do not need to know that someone has read the document; however, reading a web page is another thing. The vulnerability of the one-way privacy protection mechanism maintained by the present invention is opened by inadvertently providing HTML or other hyperlink media such as the effective type of the posting content of the explanatory portion of the posting. The following discussion will illustrate this vulnerability and its consequences, and in one implementation, why the present invention does not leave such a vulnerability open to the outside.
Limitation of operation of a solution
The last step in the series of steps to process the notification is to implement the proposed solution. Since this operation is basically an arbitrary operation, the present invention cannot control the effect of this operation. In particular, the operation of the proposed solution involves electronic communication with the author, so that identity and attributes are compromised. For the above reasons, there are the following limitations in design:
(PRIV-e) in a typical implementation, notifying the reader that the proposed solution operator will not be automatically deployed; only after the user's consent will the solution operator be exercised.
Since the solution operator is of an open nature, the user plays an important role in protecting his own privacy. Regardless of the user's knowledge, the actions of applying the proposed solution may reveal the user's identity or attributes. An out-of-spec notification author may establish a latent solution operator and at the same time claim to perform an action that, without informing the user, performs electronic communication in an illicit manner. The user should only agree to use a trusted author from what he trusts and acts in a canonical way.
A remote inspector: make-up leak
In one implementation, there is a potential privacy violation in the relevance evaluation process based on the following: the notification reader allows conditional evaluation of the "and" clause, and the association clause may be referenced to the verified condition by querying other computers and/or devices remote from the user computer executing the notification reader. Careless operation of the remote checker will result in externally observable internet activity from which the values of certain relevance clauses can be inferred. The detectors that trigger network activity are by no means the focus of the present invention, and thus this particular privacy threat only affects certain implementations of the present invention (see the description of Security in Computing's change Channels by Pfleeger).
When the relevance evaluation is performed on a device that notifies the user, an eavesdropper who wants to know the value of the relevance clause R is considered. Assuming that the eavesdropper operates a notification website and is trusted by the user and subscribes to the notification reader; in this manner, the eavesdropper can introduce notifications to the user's device. It is assumed that the eavesdropper knows that the notification reader contains a checker, and that the checker, when invoked by clause I, generates network activity over a segment of the internet under the control of the eavesdropper. For example, assume that the eavesdropper has system-level access rights that can take a node on the internet on the direct path between the user's device and the target device to query for a particular checker call. The eavesdropper then programs IP traffic between the user and the target at a location.
Under the assumptions above, the eavesdropper makes a notification at a location and declares clauses R and I and publishes the notification to its notification website. When the notification is collected on the user's device, the notification will automatically evaluate its relevance.
In the implementation of the notification reader, when clause A is judged false, the evaluation of clauses A and B will terminate immediately, since the evaluation of phrases can be terminated without knowing the value of clause B. When the clause a is judged to be false, it is known that the values of the clauses a and B are false. This scheme is called conditional estimation. In the implementation of the notification reader, there are cases where the conditional evaluation is not performed. These schemes always evaluate all sub-expressions of an expression before deriving its value. Whether conditional evaluation is performed or not depends on performance considerations. Notification readers that utilize conditional evaluation typically perform faster.
If the reader is informed of the conditional evaluation in the above manner, the network activity will be prompted by clause I only if the evaluation result of clause R is true. The eavesdropper is in a position to observe this network activity and thus evaluates clause R as true. Information about the user is leaked from the user's computer due to the above-described relevance assessment.
In the discussion of the hypothetical situation above, it should be noted that the eavesdropping behavior described above has constituted an electronically tracked behavior and may have been illegal. This may occur by notifying the author himself, i.e. an eavesdropper, who is engaged in the conspiracy of the eavesdropping, or by the author not trying to avoid unauthorized notification being issued in his name, for example by issuing a notification of the author. Informing the user that the threat is avoided can only be done by subscribing to a reliable web site, i.e., subscribing to a web site that meets the criteria for fully compliant behavior.
The notified user can also avoid eavesdropping by configuring the notification reader to limit the domains that allow association checks against the domains to which it is actually connected. In the extreme case, the above-mentioned limitation means that only the evaluation of the association is allowed on the computer that executes the notification reader.
There are four mechanisms currently available to notify a reader to allow network activity while avoiding the threat of eavesdropping.
Conditional evaluation of clauses is not allowed: the notification reader is set to prevent the conditional evaluation. In this event, information about the relevance estimates is not leaked through observable network activity that exists between the user and the target.
Random recording for conditional evaluation: in the process of estimating clauses a and B, the analyzer reduces the probability of the clause equivalent to (& AB) to 1/2, and executes (& BA) with probability 1/2. When this is done, the probability that the network activity that occurred in evaluating clause R and clause I actually implies that clause A is true is 1/2. This means that it is not possible for a user in such a situation to determine whether the clause R is indeed true in a particular situation.
Always make a mandatory evaluation for the sub-expressions that invoke network activity: the notification reader is set so that each checker has the attribute of remote activity that is set when the checker causes activity outside of the device that executes the checker. When analyzing an association clause, the notification reader identifies sub-expressions with remote activity attributes and enforces an association evaluation of the sub-expressions.
Network activity in the outage relevance assessment: checkers with remote activity attributes are restricted from operating on buffered data by using requests in the queue to a predetermined location or set of locations. This means that the checker can check the near-end buffer when a request for an attribute is received that must be determined from the far-end. If the solution of the question exists in the buffer, the solution is responded. If the solution cannot be found in the buffer, the request is placed in a queue for future evaluation. A handler will operate independently according to a fixed schedule, for example once a day, which communicates with a fixed list of remote devices and handles all requests staged during the last day at that time. In this way, the correlation estimate itself will not cause network activity other than normal scheduled activity.
An appropriate combination of these mechanisms will generously protect the privacy of the association estimate, even in the context of illicit eavesdropping.
HTML: make-up leak
The final version of a typical modern HTML document is the product of multiple documents, rather than consisting of a single document. The HTML document itself provides a displayed logical structure and a detailed list of text elements, as well as a collection of links to various images and multimedia documents, which in combination provide visual elements. In a conventional web browsing process, a web browser constructs processed images in a series of stages. First, HTML documents are collected and frames of files are processed. If the HTML document refers to a remotely located multimedia document, the web browser begins to collect the documents. When the documents arrive, they are used to format and render the final display.
It is assumed that the notification provider has made an announcement containing an HTML document and that the document references an explanatory document located on a server of the notification provider. Also assume that the notification reader is used as a conventional web browser to describe the HTML language. Potential image documents are collected from the server while the user is researching the bulletin. In other words, the act of perusing the announcements will cause the notification server to have a noticeable action. If the announcement is not relevant, the HTML language will not be described, and the server can be inferred from activities in which the announcement is assessed as relevant since non-described HTML will not result in collection of multimedia documents. In this manner, information will leak from the user to the provider through the one-way protective layer.
A fully compliant notification provider never manages such activity. In principle, however, a somewhat more regular notification provider may take advantage of this activity to learn some information about the user population. Indeed, such notification providers are able to make announcements referring to specific multimedia documents, and the announcements are directed only to the multimedia documents. By counting the number of references to multimedia documents and dividing by the number of collectors announcing themselves, one can obtain an estimated proportion of the user population that presents a certain environment.
In any event, in a typical implementation, the invention takes steps to attenuate such activity. The leakage of information caused by such activity is considered less completely normative because, in combination with other non-normative behaviors, it would sacrifice privacy for the individual. It is true that such information leakage has a harmless and useful application. So long as the information leakage is not related to the identity of the user, one can argue that the leakage of information can be used to inform the provider of a profile about the user population. However, such information leakage situations may entice the association leading to serious misuse of privacy.
There is another mechanism by which the present invention provides similar responses to the notification provider while protecting privacy of the individual, i.e., random responses. To attenuate HTML attempts to over-utilize leaked information, a typical implementation of the present invention may employ one or all of the following three mechanisms:
HTML-A proxy Server: operating solely through the proxy server, the notification reader can break the association between the collector's identity and the collection fact that may be seen on the notification website. In effect, the notification reader is collecting the multimedia document through a proxy server, rather than through the original web site. In one implementation, the proxy server caches the multimedia document at the near end, thereby serving the request for the multimedia document while requesting the document only once from the notification website. The notification website will find the benefit of this arrangement because it can reduce the load on its own servers. On the other hand, however, the servers lose the ability to study the attributes that are prevalent or to establish an association between an identity and an attribute.
HTML-B collects all multimedia immediately: in one implementation of the invention, the process of collecting includes automatically downloading the multimedia documents referenced by the advertised HTML. The operation process is as follows: analysis of the announcement is performed in advance so that a list of all multimedia documents referenced by the HTML source of the explanatory part of the announcement can be guided. The collector is notified to immediately collect the documents to ensure that they are available at the near end when the publication becomes relevant. For the practice of the present invention, there is no correlation between the fact that a document is collected and whether an advertisement has relevance.
The mechanism (HTML-A) and the mechanism (HTML-B) can be applied simultaneously; that is, the proxy server can collect the notification instead of the client, and can collect all multimedia documents referenced by any HTML source of the notification. At the beginning, the user's notification reader only gets the announced document, not all multimedia documents. At the appropriate time, the multimedia document is collected from the proxy server. In this way, likewise, there is no correlation between the fact that a document is collected and whether a certain announcement has relevance.
HTML-C random download multimedia: in one implementation of the invention, the process of collecting includes randomly downloading certain multimedia documents referenced by the HTML of certain announcements. The operation process is as follows: analysis of the announcement is performed in advance so that a list of all multimedia documents referenced by the HTML source of the explanatory part of the announcement can be guided. The collector is notified that randomly selected documents will be collected from the list on a regular basis. This ensures that a large portion of the multimedia document is available for any announcements published by the notification author. This is not for the sake of relevance, but for outputting a simple chance experiment. In part, this ensures that those users who have relevance can access the documents at the near end. In the implementation of the present invention, there is no logical association between the fact that a document is collected and whether an advertisement has relevance. The probability is related to whatever association exists and can be reduced by appropriately selecting the frequency of random downloads.
Support of privacy regulations
The present invention has three overriding principles that facilitate the enforcement of information specifications.
Canonical website: the user should only subscribe to notification sites that meet the specifications. Many users set their notification readers to subscribe primarily to notifications from large businesses that produce items and services of interest to the user, such as: a computer manufacturer, a software distributor, or a provider of internet services. This type of subscription infrastructure is a very secure act. Such organizations are interested in providing reliable notifications to maintain an affinity with their customers. Users subscribing to such notifications made by large enterprises are at very low risk.
Explicit specification of the specification: the Better service Bureau is a basic tool for stimulating the author's compliance with the specification. All users subscribe to the website. The website compiles objectionable notifications and informs the user about dangerous websites and about bad notifications in circulation. BetterAdvice Bureau defines such behavior as out of specification if the solution operator does not previously inform the user that the information will be disclosed to the notification author, or does not explicitly inform the nature of the information about the disclosure. If there are latent notifications that flow in an irregular manner, it will draw the attention of the Better Advice Bureau, which will issue announcements against the latent notifications. Thus, for some aspects of the present invention, the Better Advice Bureau is used as the privacy protection system of the present invention, which can correct out-of-specification conditions.
Unequivocally labeled side effects: to make the definition of the behavior that meets and deviates from specification more clear, the Better Advice Bureau describes a set of labels attached to the bulletins that indicate potential side effects for the solution operator; the designations indicate:
important subsystems that may be affected by the proposed solution are announced.
Using the proposed solution announces whether the information will be leaked.
The type of information that may be leaked.
If the information may be leaked, whether it can be used for marketing/mailing.
If the information may be leaked, it can be shared with other peers.
Fully compliant behavior requires that authors flag the notifications they make based on the impact on potential users. If the notification is not labeled, the Better Advice Bureau will treat it as an objection notification. BetterAdvice Bureau treats a persistent and consistently misdirected website as a website against subscribing to an advertisement.
Alternative to user-server interaction
The main components of the present invention are the synchronization between the user and provider site images. This synchronization is achieved according to the AEUP protocol. However, there are other embodiments of the underlying principles of the invention in which synchronization may be effected by different means, as described below.
Anonymous selective update protocol
Under the management of this protocol, subscription and synchronization are performed anonymously, as under the management of AEUP. However, the process of updating is selective, rather than exhaustive.
ASUP definition
Under ASUP, each advertisement message is digested into a short style that includes at least a message identifier referring to the original advertisement, an association clause of the original advertisement, and other information that may exist, such as a subject list. Under this protocol, in addition to the directory messages and the entire advertisement document, the notification server also serves to provide the notification reader with a summary of one or more advertisements.
Under the management of ASUP, the process of collection changes. The notification reader does not guarantee that it has the complete body of each announcement of the notification website, but at least a digest of each message. The notification reader accomplishes this by asking for a digest of all new announcements after the previous synchronization.
Under ASUP, the notification database may change. The notification database contains two data items: the complete announcement and a summary of the announcement.
Under ASUP, the reader is informed of the time schedule for relevance evaluation for all relevance clauses it takes, including clauses present in the full bulletin and clauses contained in the abstract.
Under ASUP, the associated announcement may trigger a new round of communication between the notification reader and the notification website. Depending on the configuration settings, the notification reader will establish communication with the notification website and request the ontology of certain announcements, whether the intended user requires the full announcement or based on a direct request from the user.
The effect of this protocol is that although the user's notification reader will obtain and evaluate all published association clauses, it will not download all published announcements.
Analysis of ASUP
This agreement would be advantageous if the storage space occupied by the published announcements was much larger than the summarized announcements. This protocol can save the time for the user to obtain the body of a large number of announcements and save the time for the provider to request services. The drawback of this protocol is that it may compromise the privacy of the user. Under the ASUP agreement, it is envisioned that the notification provider may attempt to infer the user by observing the announcement documents that are required and not required by the notification reader. If the protocol is implemented exactly as described above, the user will never request the entire announcement when the clauses are not relevant, and will always request the entire announcement when the clauses are relevant. In principle, a notification provider intended to learn information about a particular user will associate a server request to get a complete announcement with the IP address from which the user came, thereby inferring a request that indicates the relevance of the announcement to the corresponding computer. If the IP address is permanently assigned to a user computer, the provider will, in principle, associate the requests with the user's identity. In this way, information about the user is leaked to the server.
Privacy protection under ASUP
Random collection: the likelihood of information leakage is reduced by having the notification reader request the full advertisement body of an advertisement for which some association clauses are not associated. This can be achieved by using a random mechanism. Each complete bulletin ontology proposes the acquired requirement with a probability value p, wherein p is a preset numerical value.
Proxy server: the likelihood of information leakage is reduced by having the notification reader request the complete notification ontology through the proxy server, which passes the request to obtain the notification ontology to the notification website in an anonymous manner, thereby avoiding the notification website knowing the identity of the requestor. To this end, a centralized management proxy server located, for example, in Better advicebuseau or advssories.
Private server: the likelihood of information leakage is reduced by limiting the provisioning of server software. If the server software operating only with the present invention does not allow the user to associate with their requested announcements and does not record the requested working records, and if the user of the server software does not have the intention to undermine the privacy agreement by eavesdropping on the communication between the server and the reader, personal information will not be revealed to the server by the ASUP.
The provisioning of server software can be limited by modifying the reader/server interaction to enforce some security preset control handshake. By using digital encryption as part of the security default control handshake and restricting access to the appropriate security default control handshake key, one can restrict the establishment of server software.
The inhibition of eavesdropping of the user-server interaction may be enforced in a contractual manner. Valid server software can only be accessed without the recipient being eavesdropped.
Therefore, there are many approaches for protecting privacy under ASUP.
Non-anonymous full update protocol
In some environments, the concept of anonymous subscription does not work; for example, since the bulletins are only provided to users who have paid for, and the reader/server interaction includes a predetermined control handshake segment, the reader must identify itself as a user who has paid for. Under this change, notifications are not only provided to paid members, but the members must prove themselves eligible to use the notifications.
The non-anonymity full update protocol (NEUP) is applied in a non-anonymity environment where subscribers will download all new announcements for full update at each synchronization. Under NEUP, the privacy of the user is protected as follows: although the provider is aware of the user's subscription, the process of collecting notifications and evaluating associations does not reveal the user's relevant information to the provider.
Non-anonymous selective update protocol
In some circumstances, the concept of anonymous subscription cannot be operated, and the operation of complete update cannot be performed, because a large number of publications that may have relevance must be considered, or because the number of individual publications is too large, so that users and providers are reluctant to use vast resources to perform complete update.
The non-anonymous selective update protocol (NSUP) provides such a non-anonymous environment in which the notification reader can selectively update, retrieve initially digested advertisements, evaluate associations, and later download association advertisements.
NSUP by itself cannot guarantee privacy for the user. Informing the provider of the user's subscription, as well as routine collection and relevancy assessment, results in the disclosure of a true relevancy to the provider. Under NSUP, there are various mechanisms for protecting the privacy of the user; such as randomization, proxy servers, and private servers, among others.
Alternative to notification dissemination
Centrally managed notification server
In one embodiment, a single centrally managed web site is used to store notifications provided by multiple different notification providers; in effect, different notification websites serve as different sub-directories of a single document system. All notification readers operating on the user's computer synchronize with their web site images by contacting the central web site and request resources such as announcements. In practice, a single web site is actually made up of a set of computers that map their respective functions and content to each other.
The above configuration has two facing effects:
privacy: the above arrangement prevents the provider from knowing the identity of the user, or attributes associated with any user, by isolating the user from the provider. In particular, the ASUP protocol is secure in such an environment if the central notification website does not conduct work records or analyze reader-server communications.
Safety: the above arrangement limits the notification web site to those that meet criteria set by the central server to limit the content provided by the notification web site, thereby ensuring that the notification web site is operated by a typically responsible organization.
The centrally managed web site allows providers to update their content at the central site using standard methods, such as using FTP or related document transfer methods.
Centrally managed proxy server
In one embodiment, all notification readers can utilize a central management website that acts as a proxy server. The distribution of notification websites is extremely wide. However, many users do not go to the websites individually. The user will set his reader to get all announcements through the central proxy server. Users concerned about privacy take advantage of the above in particular.
The central proxy server may temporarily store notifications provided by many different notification providers. The notification reader on the user's computer makes resource usage requests to the proxy server, such as collecting announcements from certain notification websites. If the resources are available on the proxy server, the resources are immediately provided to the user. If the requested resource cannot be used in the proxy server, the requested resource is inquired from the original website and is forwarded to the user in an anonymous manner, and the acquired resource is temporarily stored in the proxy server. When the origin site changes, the Notification site includes a method to notify the central proxy server site that the cached resources should be purged (see Hallam-Baker, Phillip M. (1996) Notification for ProxyCaches, World-Wide-Web Consortium Technical Report, http:// www.w.3. org/TR/WD-proxy).
The above arrangement can meet the privacy requirements of the user. By isolating the user from the provider, this arrangement prevents the provider from knowing the identity of the user, or attributes associated with any user. In particular, if the central notification website does not perform work log or analytic reader-server communication, even under the ASUP protocol, it is secure in this environment.
Centrally managed anonymous notification forwarder
In one embodiment, dissemination of the notification is done using Internet email, which is forwarded through a centrally managed forwarder using an anonymous mailing list.
The structure of the notification website discussed above is still retained. Many readers do not directly communicate with the web sites. The reader would instead use anonymous mail to get the notification. In such an implementation, the notification web site would send new announcements to the central forwarding web site in the form of e-mail, which would then send the new announcements to a privately maintained mailing list that includes individuals who have contacted the central web site and established a subscription relationship. In this implementation, a new announcement format specifically designed for revocation is included. The notification web site sends a revocation notice to the central forwarding web site, which then forwards the notice to the users in the mailing list, thereby handling the revocation of the notice.
In the above configuration, the notification reader cooperates with an email reader on the user's computer and with an email reader that automatically filters incoming mailboxes designed for notification reader access. The notification reader does not contact the original site directly for synchronization by interpreting the content in the last synchronization arrival mailbox.
This approach is particularly suited for operation with a P0P3 internet mail server. This arrangement basically utilizes the AEUP protocol of e-mail. In general, the notification provider has no way of knowing the information the user subscribes to and whether certain announcements have relevance.
In this configuration, the AEUP must provide one-way protection for the user. The user knows that the notification website does not necessarily know that he subscribes to the website and that there is no direct IP flow between the user's device and the notification website. The user can observe that the announcements are not coming directly from the notification web site by checking the plain text content in the mail, but are transmitted from the central notification forwarder in an anonymous manner.
A disadvantage of this arrangement is that the security of the secret mailing list is compromised. To increase user confidence, the central forwarder preferably operates for a reliable authority that takes into account the user's interests.
By isolating the user from the provider, this arrangement prevents the provider from knowing the identity or any associated attributes of any user who participates in and is unwilling to reveal anything to the provider.
USENET notifies the scatterer
In one embodiment, dissemination of the notification is transmitted through the USENET newsgroup.
The structure of the notification website discussed above is still retained. The distribution of notification websites is very wide. However, many readers do not directly communicate with the web sites. The reader will instead use USENET to get the notification. In such an implementation, the entire USENET news group would be established, e.g., each notification website has one news group. The notification website occasionally posts new announcements to USENET, which then disseminates these new announcements to all devices around the world that serve as newsgroup servers.
In this configuration, the notification reader then synchronizes, rather than contacting the original notification website directly for synchronization, to contact the newsgroup server using the USENET protocol and obtain new announcements in some newsgroups.
This arrangement basically utilizes the AEUP protocol of USENET. In general, the notification provider has no way of knowing the information the user subscribes to and whether certain announcements have relevance.
In this configuration, the AEUP must provide one-way protection for the user. The user knows that the notification website does not necessarily know that he subscribes to the website and that there is no direct IP flow between the user's device and the notification website. In fact, since the act of receiving news via USENET is performed anonymously, there is no mailing list and there is no centrally managed information organization to associate the user with the notification website.
Software channel
In one possible embodiment, dissemination of notifications is operated through channels called by the providers of the pushers, such as BackWeb, Marimba, and Pointcast (see Ellerman, Castedo (1997) Channel Definition Format, World-Wide-Web Consortium Technical Report, http:// www.w.3. org/TR/NOTE-CDFsubmit. html.). In another embodiment, dissemination of notifications is operated using mailing lists for emails. In any case, the distribution method is called a channel, and the logical relationship is the same. If every time a word channel is changed in the mailing list, there is no significant change in the following.
The structure of the notification website discussed above is still retained. The distribution of notification websites is very wide. However, many readers do not directly communicate with the web sites. The reader will instead get the notification through the channel. In this implementation, a whole set of channels is created, perhaps one channel for each notification site. The notification website occasionally populates new announcements on its corresponding channel, and then the channel distributes these new announcements to all devices subscribing to the channel throughout the world.
In this configuration, the notification reader synchronizes by listening to the data sent in the channel and processes the announcements as they arrive.
This arrangement is basically implemented by the NEUP protocol. In some implementations of the channel, the notification provider may know that the user has subscribed. In general, the notification provider has no way of knowing whether certain announcements have relevance.
In this configuration, if the channel provider provides a truly unidirectional channel and interprets it for the user, then the AEUP must be able to provide unidirectional protection for the user. For example, users are familiar with mailing lists that provide typical one-way communications. In addition, the user also knows that two-way communication is possible only if he wishes to initiate contact in the other direction.
Alternative to mechanisms for facilitating user trust
Up to now, the main privacy concerns of users have been assumed to have to be solved by technical means. This is because, in order to be able to guarantee the privacy of the user, it is necessary to develop a system that correctly makes it impossible for the notification provider to deduce the relevance of certain announcements for a particular user. It is an important advance to be able to isolate users in this manner. In addition, some users may not be able to accept a purely technical solution to the privacy problem, and they may suspect that none of the solutions is free of defects, i.e., sometimes information leakage, that occurs. The users are concerned about the information leakage, and the information is not persuaded not to leak under the technical guarantee. The provider is informed to specifically ensure that leaked information is not utilized, or to possibly eliminate the doubt of such users.
One consideration for meeting the user's intent with respect to the notification providers is to limit the number of notification providers to those who have signed and observed a contract that provides the user with assurance. This includes three components:
normalized criteria: one can obtain a base document that provides a definition of known compliant behavior. Some notification providers have signed this document and have the document hosted in a central authority, such as the Better adviceburgeau, that publishes the identity of the signer.
User interface: the user may choose to communicate only with providers meeting the specification criteria.
Restrictions on server privileges: the interaction between the reader/servers is secured by a dedicated handshake mechanism and by only authorizing the provider of the signed specification agreement with the password to access the appropriate reader/server. There are two natural ways of doing this:
with a centralized server policy, where the functionality of the notification reader is limited by the handshake mechanism, such that it can only contact the centralized notification server, and the central server only provides notifications from websites that comply with the regulatory standards.
The strategy of a dedicated server is followed, where the notification reader can only communicate with the notification server with the correct switching signals, and the switching signals are only known to the notification website that complies with the specifications.
In summary, some notification providers that have signed consent can provide contractual assurance to the user's privacy. Some users are willing to contact the providers only, and there is a mechanism for restricting access to the providers by the notification reader.
Alternative selection of relevance evaluation mode
Overview: state comparison
In practice, the association clause is an announcement as to the state or context of the computer, the environment of the computer, or the computing devices available to the computer. The association language provides a way for authors to describe components of a computer's state. However, there are many other ways that the composition of a state can be described.
The notification reader and its accompanying checker lexicon provide a way to compare the description of the state with the true state. However, there are many other ways in which the composition and description of states may be compared.
Observer community
Another approach described by the statement may rely on a community of watchers, i.e., specialized applications, each watcher having its own special considerations and structure that can analyze a particular declaration about the computer or its environment. Such an application is called a viewer.
Consider a document viewer application that observes whether certain documents have the correct attributes. This application maintains a database of announcements. Each data item names a document or directory, a list of specific attributes of the object, a specific observation frequency, and the actions that accompany the indicator and failure declaration to the message. Examples of specific attributes include presence, name, version, size, and computed value of the envelope (checksum). The document system viewer continues to execute on a scheduled basis or by user control through the declared database and to see if each data item has a declared status, e.g., each document has a particular attribute. If the watcher finds that the data item does not have the requested status, it sends the declaration failure-related information to the user interface module along with the message and action accompanying the declaration. The user interface module is a part of the application program of the observer and is an application program shared by the whole system; the user interface module presents failure information of the declared condition to the user and transmits an accompanying message and a suggested response.
The document viewer application will simultaneously interpret new announcements made about the status or undo old announcements. Receipt of such a message will cause the document viewer to update its database of announcements to include data items making new announcements or delete data items making revocation announcements. The document viewer itself receives these messages from a message module, and the notification module is part of the viewer application or an application common to the entire system.
An author at a remote location who wants to announce information about a user's computer will make a message for a document viewer application based on the announced document viewer announcement identifier. The data items of the database are of the same type as the data items of the database maintained by the document viewer, or textual descriptions of the data items are constructed using a keyword language or other human interpretable descriptive means. Such identifiers are grouped and transmitted over a network or other digital transmission mechanism. Such packets are distributed to user computers by the methods currently enumerated, i.e., AEUP, ASUP, NEUP, NSUP, email or channel.
Potential advantages of the above process include:
specialized production efficiency: since the viewer has been specialized, it has been written to optimize the rate at which special tasks are performed. For example, if a document system viewer must view multiple documents in the same directory, it will only access one document structure rather than multiple document structures in order to save disk operations. It is possible to omit certain operations if the output is known to be based on certain previous operations. If multiple different announcements must be tested for the same document, it is possible to obtain information about all announcements simultaneously with a single document access. In addition, the viewer can evaluate the declaration at a faster rate if it receives the instruction in a predetermined format without analysis.
Specialized productive-rich presentation: since the viewer has been specialized, it has been written to describe special tasks in a very convenient fashion. For example, if a document system observes expressions in a received language, the language is designed to incorporate idioms that have proven useful from other systems. Thus, in the UNIX system, the wildcard symbols, [ a-z ],? And related structures, etc., that can be effectively used to describe the characteristics of a document system; for example, documents of a large group are referenced with similar but non-identical names. Document system viewers can utilize such specialized idioms without affecting the design of other viewer interfaces in the viewer community.
Specialized time scheduling algorithm: since the viewer has been specialized, it has been written to specify the execution time of a particular job that has been correctly proposed. For example, the document system observer operates in a continuous mode following a specialized time scheduling algorithm, and the time scheduling algorithm is different from the algorithm used by the system environment observer. For example, under some operating systems, the document system itself may maintain information about whether a document or directory has changed, which is used to delay the evaluation of the announcement because it has been known that the state of the announcement has not changed since the last evaluation.
Specialized production security and privacy: since observers have been specialized, they have been written to isolate certain danger or leak announcements. For example, document system viewers have multiple security and privacy settings that can be set by the user, which allow the user to control access to certain documents or components of documents.
The collection of viewers is large. In addition to document system viewers and system environment viewers, documents such as sequencer viewers, printer viewers, and network viewers may be provided.
Observer communities are also the present invention
The processing of the observer community is a variation of the present invention. There are two ways to understand this.
As implementation layer: it should be noted that in the present invention, the checker thesaurus has its own implementations actually made by the particular watchers. For example, a document system viewer is built to view various characteristics in various documents. And then used as follows for informing the reader: when querying the document system viewer, the document sent in relation to the method in the notification reader will be executed. At this point, the document system viewer will answer the query and record the query in its announcement database. When the same delivery occurs the next time, the document system viewer will, if possible, use its specialized caching, scheduling and optimization to get answers in a lower cost way. In this manner, the observer community is the inspector's enforcement layer, and the user interface/communication software of the observer community is the notification reader software.
Implementation as a change: another approach to inspecting communities of watchers as a relevant invention of the present invention is to note the characteristics of most compelling watcher processes, such as both processes providing specialized idioms for a particular job. The common language of UNIX schema structure is implemented by building a named World property, called a locate document, which receives the UNIX schema as a string of name identifiers. The following fragments:
not exists Located files″*.mat″whose(creator of it is creator″MATLAB″)
the above fragments are UNIX's notation requiring documents, which are provided in the language of the present invention and locate the UNIX pattern of the document by checker multivariate features.
Consideration of optimization strategy
Using a viewer community process to express descriptions may explicitly express the concept of considering a forest. Each interested author programs considerations regarding the state of the user's computer, which are passed to the computer, and the state of the computer is continually examined and compared against the considerations.
The process of organizing the presentation description around the concept of a forest of basic considerations is superior to the concept of surrounding the relevance clauses in terms of efficiency and time scheduling. Many of the sub-sentences of the notification may have identical phrases and it would be inefficient to evaluate the sub-sentences individually. Consider, for example, five notifications announcing the relevance clause of adobe photoshop. The first clause is:
exists Folder″Brushes and Patterns″of
Folder containing Application″Adobe Photoshop 2.5″
The second clause is:
exists Folder″Calibration″of
Folder containing Application″Adobe Photoshop 2.5″
the third clause is:
exists Folder″Color Palettes″of
Folder containing Application″Adobe Photoshop 2.5″
the fourth clause is:
exists Folder″Plug-Ins″of
Folder containing Application″Adobe Photoshop 2.5″
the fifth clause is:
exists Folder″Third-Party Filters″of
Folder containing Application″Adobe Photoshop 2.5″
in either case, evaluation of the relevance clause requires evaluation of the phrase folder containing the application "Adobe Photoshop 2.5". In summary, the above five clauses perform the same work five times.
It is possible to organize things in different ways, with the expressions of the outer appearance being parsed into a minimal set of sub-expressions. The set of these sub-sentences is then observed in a compact manner. More specifically, a population of relevance clauses that are scheduled for common evaluation will be parsed into related trees of the expression tree structure. This collection of trees is analyzed into its largest sub-tree. If the two sub-tree structures are substantially identical, the two sub-tree structures are equal, i.e. the same method routing is applied to the same arguments, or rearranged under the same efficient application of commutative and combinatory properties. If the sub-tree structure of an expression appears in another related first level tree structure, the sub-tree structure is a sub-tree of another sub-tree structure.
The sub-tree structure is maximal if any of the following occurs:
(a) It has no mother tree, or
(b) It has at least two parent trees, and the parent trees are different expressions.
The concept of the above-described five association clauses will be described below. The first clause is parsed as:
(exists(Folder″Brushes and Patterns″
(Folder-Containing
Application″Adobe Photoshop 2.5″
)
)
)
the second clause is analyzed as:
(exists(Folder″Calibration″
(Folder-Containing
Application″Adobe Photoshop 2.5″
)
)
)
the third clause is analyzed as:
(exists(Folder″Color Palettes″
(Folder-Containing
Application″Adobe Photoshop 2.5″
)
)
)
the fourth clause is analyzed as:
(exists(Folder″Plug-Ins″
(Folder-Containing
Application″Adobe Photoshop 2.5″
)
)
)
the fifth clause is analyzed as:
(exists(Fo1der″Third-Party Filters″
(Folder-Containing
Application″Adobe Photoshop 2.5″
)
)
)
here, the five different relevance clauses are not equal because they name different properties. The set of maximum expressions consists of these five expressions, plus an appropriate sub-expression:
(Folder-Containing
(Application″Adobe Photoshop 2.5″)
)
the viewer, organized around the largest expression, simply operates in the following manner:
parsing all expressions in the set of association clauses into an expression tree structure.
The largest child expressions with parent trees are marked with separate labels.
Convert each expression tree into a new tree built by the largest sub-expression referenced.
When performing the relevance evaluation, additional storage space, referred to as the maximum sub-expression value store, is reserved for recording the value of the maximum sub-expression for later use. When the largest sub-expression referenced is encountered, the memory is first checked for a value already recorded. If the memory has recorded a value, the recorded value is used. If the value is not present in the store, the sub-expression is evaluated and the remaining values in the store are recorded.
In more detail, the operation is as follows: for the set of five relevance clauses described above, the maximum sub-expression:
(Folder-Containing
(Application″Adobe Photoshop 2.5″)
)
will be accompanied by the first location in memory of the largest sub-expression. The translation of a typical dependency clause is through proper reference to this store. In the case of the first relevance clause, it operates as follows:
(exists(Folder″Brushes and Patterns″
(Maximal-Subexpression 1
(quote(Folder-Containing
(Application″Adobe Photoshop 2.5″)
)
)
)
)
)
in summary, a wrap connector called Maximal-Subexpression inserts the largest sub-expression that is identified. The first argument of the wrap-around method is related to the sub-expression of pointer one of the storage, and the second argument is the expression in the quotation mark. The expression within the quote is not evaluated before the wrap method is called, but rather is parsed into the appropriate statements to make an unevaluated data structure that represents the conditionally evaluated expression, which is passed to the wrap method as data. The wrap method looks at position one to see if a value has been stored. If a value has been stored, the wrap method will return the value. If the stored value is not present, the wrap method calls for estimating the sub-expression that has been transmitted. When the estimation is complete, the value will be stored in the maximum sub-expression storage at location one.
The process described above has assumed that the clause under which the relevance estimation is performed is the first estimated sub-expression in a given notification population, and this estimation process will estimate the sub-expressions and record the value of one for the location of the largest sub-expression store.
Now consider the second item in the notification community, which is formatted as:
(exists(Fo1der″Calibration″
(Maximal-Subexpression 1
(quote(Folder-Containing
(Application″Adobe Photoshop 2.5″)
)
)
)
)
)
the above process has assumed that the evaluation of this clause is performed after the previous clause is evaluated. The maximum sub-expression is not estimated here because the wrap finds that the value of the sub-expression is already recorded in memory.
Next, it is described how one can identify the largest sub-expression in a tree of the tree structure of expressions. This is achieved by a tree/forest pruning algorithm. Any method of estimating its value without relying on other methods is defined as a terminal type. Formally, this value is a named property of World (application "Adobe Photoshop 2.5"), an unnamed property of World (system folder) or a constant (string "xxxx"), (integer 1234).
The algorithm begins by scanning individual terminal versions of the association clause population. This algorithm associates a set of indicators pointing to all locations in the population where the pattern appears with all individual terminal patterns.
The algorithm initiates a database of working sub-expression types as a set of all terminal types, i.e., at the beginning, the working sub-expression type is the terminal sub-expression type. These sub-expressions are annotated for evaluation at the next stage.
The algorithm will proceed at various stages, each stage converting the work sub-expression pattern to a set of parent tree patterns. When the working database is empty, the algorithm terminates. In a given phase, it will recurse through the set of all working patterns. For each type that is noted in the working set to be studied at this stage, it will consider the set of all the parent expressions of that expression. This is a feasible approach because a set of indicators that point to their presence in the population are tied to the pattern.
In addition to the parent method calls, it can find individual patterns, i.e., unique combinations of method names and method arguments, and can give sub-expressions as first-level sub-expressions. This single calling pattern is called a mother pattern. If the parent does not exist, the child expression is deleted from the working database. If there is exactly one parent, the child expressions in the working database are replaced by their parent, and the parent is annotated for the next stage only, and the pointer to the occurrence of the parent is calculated appropriately using the pointer previously pointing to the occurrence of the subtree. If more than one parent exists, a new maximum pattern is identified. The maximum pattern is assigned a maximum pattern identifier and a wrap switch is performed on each expression that refers to the pattern. In other words, in all expressions of the occurrence pattern, the wrap is inserted around the pattern according to the following code:
(Maximal-Subexpression$ID#(quote$$))
Where the ID is replaced by the identifier of the identified maximum type, $ represents the occurrence of the maximum type itself, and the (bracketed) type is to avoid immediate evaluation, as described above.
The working-type database is then expanded to include the unique parent of the largest type identified, and newly added items are annotated for the next stage and include pointers to the locations of occurrences of each parent in the notification population.
The end of the algorithm has a set of transformed expressions in which the largest common subexpression is identified and only a concise estimate is made.
The reader may want to check whether the algorithm produces the desired result for the five association clauses.
Alternative to binary relevance determination
The present invention contemplates a situation in which messages arrive and are calculated for the purpose of informing the user about some of the relevant messages, and in which the timing, format, and other notification attributes, including notification or not, are affected by the specific calculation results. If the relevance evaluation is further influenced, slight changes can be made to the system.
In one embodiment, the correlation evaluation result is obtained according to a non-binary criterion. In a relevance language, well-constructed phrases will yield numeric results rather than Boolean values. A boolean true value is considered equivalent to the value 1.0 and a boolean false value is considered equivalent to the value 0.0. It has been assumed that some clauses in the body of the notification produce Boolean values, while other clauses produce values between 0 and 1. A numerical value between 0 and 1 is interpreted to indicate the degree of correlation between complete correlation and complete non-correlation. In one embodiment, the user interface presents the user with announcements ranked according to relevance, with the announcement having a value of 1.0 being ranked at the top of the list and the announcement having a value of 0.0 being ranked at the bottom. This change from boolean values to real numbers is called fuzzy logic.
In various embodiments, the output of the relevance determination is an explicit indication. In this embodiment, the true and false values are two indicators, and the user interface is primarily for displaying messages that are indicated as true. However, other indications are available such as active Offer or Chronic househole establishment requesting eventualpatent. These labels are derived from the evaluation of the relevance clause and, depending on the user interface attached to the present invention, are directed to different notification methods or different presentation methods than other kinds of labels. Com provides a mechanism for publishing and planning these designations. The filtering performed at the user's end enables the user to associate related methods with different labels, including the possibility of no notification.
In one embodiment of the present invention, an additional layer of analysis is interposed between the relevance assessment and the user interface. Thus, the results of the relevance calculations may be filtered according to the user's preferences and observations about the user. Therefore, the relevance calculation will affect the process of notification, rather than determining the notification status of the message separately. For example, the user can use filtering methods (as described above) at the user's end to prevent certain ostensibly associated messages from being displayed. In one embodiment, this audit mechanism is performed automatically. The notification reader or other application includes modules for observing user behavior and inferring information about user preferences, and may drive such an audit mechanism. Likewise, in one embodiment, the mechanism for prioritizing is performed automatically. The notification reader or other application includes a module for observing user behavior and inferring information about user preferences so that messages that are more likely to attract user interest, in addition to relevance messages, will be displayed earlier or in a more prominent manner.
Alternative message format
Alternative to MIME wrap-around
The preferred embodiment disclosed herein uses MIME, a well-known internet standard, as a method of packet announcement and transmission over the internet and other digital transmission media.
Another method of grouping textual information for remote interpretation is the XML language. Such languages also enable hierarchical communication and can be adapted to message elements of the types listed above.
The basic configuration disclosed herein has a variety of implementations. Whether using conventional protocols such as MIME and XML or proprietary protocols, these protocols can be used to implement the present invention.
Substitution of three-way communication
The invention is discussed in terms of three-way communication, which includes human-interpretable information, relational clauses, and computer-interpretable information. The three logically connected parts need not be grouped into the same specific message, but there is only a relationship between these parts. For example, the ASUP agreement transfers a digest that contains only the message identifier and the association clause extracted from the message body, which includes the explanatory contents, software, and reference data. Under ASUP, the evaluation of the association clause drives a second reader-server interaction, so that the associated message body is obtained. In other implementations, a looser relationship between the relevance clause and the content is preserved, wherein the associated result begins the search of the entire message sequence.
Substitution of associative languages
The association language is a convenient tool in describing the state of the user's computer and its environment. However, other languages may be modified to be suitable for use in calculating the type of communication of the association.
JAVA mode
The JAVA programming language is a well known and widely used tool for specific computing applications.
In one embodiment of the present invention, the role of the association language is played by software tools implemented by the JAVA programming language. Due to the well-received nature of JAVA, software developers and other computer experts will have wide acceptance of this implementation.
With the best method known to date for developing the above implementation, an adaptation RELEVANCE-JAVA in the JAVA language has been developed, with its own specialized resources, and calculated by dedicated JAVA devices. This particular version is intended to provide the privacy and security features of the association language as described above. The RELEVANCE-JAVA language provides three features that make it a very useful tool:
specialized checker lexicon: special JAVA objects and classes have been developed to determine the characteristics of the user's computer. The objects and categories may examine the document system, the system environment, and characteristics associated with the computer and its environment. This is accomplished by turning on certain features on the JAVA virtual machine to access features of the device.
Privacy restrictions: although the RELEVANCE-JAVA language is capable of knowing a large amount of information about a user device, it is unable to return the collected information to the author. This function is implemented by restricting the installation of objects and classes and shutting down certain features in the JAVA virtual machine.
Security restrictions: although the RELEVANCE-JAVA language is capable of knowing a large amount of information about a user's device, it does not alter the device, i.e., modify the documentation and affect the system environment settings.
The three-way communication described above operates in the following manner: one side consists of human-interpretable explanatory content; one party consists of RELEVANCE-JAVA programming code that specifies under what circumstances the message will become relevant on the user device; and the other is computer interpretable code, perhaps in different versions of JAVA, that can affect the user's device under the user's consent.
Visual Basic mode
Visual Basic programming language is a well known and widely used tool for specific computing.
In one embodiment of the present invention, the role of the association language is played using software tools implemented by the Visual Basic programming language. Due to the well-received nature of Visual Basic, software developers and other computer experts will have wide acceptance of this implementation.
With the best known methods for developing the above implementation now, adaptation RELEVANCE-Basic in Visual Basic language has been developed, with its own specialized resources, and calculated by a specialized Basic translator. This particular version is intended to provide the privacy and security features of the association language as described above. The RELEVANCE-BASIC language provides three features that make it a very useful tool:
specialized checker lexicon: specific Visual Basic functions and data types have been developed to determine the characteristics of the user's computer. The functions and data types may examine the document system, the system environment, and characteristics associated with the computer and its environment.
Privacy restrictions: although the RELEVANCE-BASIC language is capable of knowing a lot of information about the ue, it cannot return the collected information to the author. This functionality is achieved by restricting the installation of objects and classes and shutting down certain features in the BASIC translator.
Security restrictions: although the RELEVANCE-BASIC language is capable of knowing a great deal of information about a user device, it does not alter the device, i.e., modify documentation and affect system environment settings.
Three-way communication operates in the following manner: one side consists of human-interpretable explanatory content; one party consists of RELEVANCE-BASIC code that specifies under what circumstances the message will become relevant on the user device; and the other is computer interpretable code, perhaps in a different version of Visual Basic, that can affect the user's device under the user's consent.
UNIX mode
The UNIX command interpreter (Shell) can be considered a descriptive language in the implementation of variants, which is a tool known and widely used to examine the characteristics and specific calculations of document systems.
In one embodiment of the present invention, the role of the association language is played by a software tool implemented by a UNIX command interpreter and related UNIX tools. Due to the well-received nature of UNIX, software developers and other computer experts will have wide acceptance of this implementation.
With the best known methods for developing the above implementation now, an adaptation RELEVANCE-Shell of the UNIX command interpreter has been developed, which has its own specialized resources and is computed by a dedicated Shell interpreter. This particular version is intended to provide the privacy and security features of the association language as described above. RELEVANCE-Shell provides three characteristics that make it a very useful tool:
Specialized checker application: special applications have been developed to determine the characteristics of the user's computer. The applications may examine the document system, the system environment, and the characteristics associated with the computer and its environment. RELEVANCE-Shell is aware of the above characteristics.
Privacy restrictions: although RELEVANCE-Shell is able to learn a lot of information about the user device, it cannot return the collected information back to the author. This function is achieved by freeing the Shell translator of access to certain communication and network features.
Security restrictions: although RELEVANCE-Shell is able to learn a lot of information about a user's device, it cannot change the device, i.e., modify documents and affect system environment settings, unless done through standard mechanisms, such as creating temporary documents at standard locations such as tmp (temporary folder) and accepting metered allocation of resources.
Three-way communication operates in the following manner: one side consists of human-interpretable explanatory content; one party consists of RELEVANCE-Shell code that specifies under what circumstances the message will become relevant on the user device; and the other is computer interpretable code, perhaps in a different version of Shell or other UNIX interpretable code, and capable of affecting the user's device under the user's consent.
Alternative to state description
Various other methods have been described above that can be used to describe the state of a user's computer. If one can use a community of watchers each with a unique interface, then the entire association language need not be used to describe the state. The association language can then be replaced by any expression tool through which the application module can be invoked and controlled.
Processing of moderate degrees of correlation
In the context of the present detailed description, the purpose of the relevance assessment is to centrally communicate a notification to the user that a message exists. To this end, the notification reader application functions as a communication center, while the announcements play the role of messages like e-mail, USENET newsgroups and other communication types, since they are read by the user as part of the user-defined time schedule. In this regard, users are managers of their computers, belongings, and organizational members, and users read notifications that help them play a role as managers.
However, there are still other unmanaged environments in which associations may make use of a portion of the process in which the user participates to convey information to the user.
Guidance: the user is the user of the computer application and the association-based communication provides a reference to the user at the time of or after the performance of an action.
The compositional structure: the user reads the document using a display application on the computer and adapts the document based on the relevance-based content so that the human-interpretable message is directly targeted to the reader's features.
In fact, all of the above applications are embodiments of the present invention. The calculated value of the associated communication mode is far superior to the management mode.
Relevance guided computer interaction
The following is an example showing how the announcements can guide the user in the operation of the software.
The following issues are considered: certain dangerous e-mails are received in a widely spread situation. When the user receives the email using the email program Eudora 4.0, the user sees an apparently harmless email message, and the email contains an attached document and is expected to be opened. In fact, this additional document is a maliciously made file; if the computer is turned on, the computer of the user is damaged.
The following discussion will describe an implementation of association-based communications that facilitates handling the above-described conditions in an efficient manner. In this implementation, the author makes a notice and evaluates the relevance before the user opens the additional document using Eudora. The association clause will check various attributes of the action to be performed while accurately targeting the intent to unlock an attached document with certain attributes. The announcement then returns the text that the mail application shows to the user to the mail application.
In one embodiment, the desired effect may be produced using the following interactive application communication facilities:
the mail reader application has a special set of relevancy assessment events; i.e. predefined events known to the author of the announcement.
Whenever these events occur, the mail reader will notify the notification reader of the event by standard event notification conventions.
Notify the reader that the event population will be retained; that is, after receiving notification of certain events, an attempt is made to evaluate the advertisement.
After receiving a notification for a corresponding event, the notification reader will evaluate the advertisements in the event population.
Notify the reader of the message that there is an association in one of the following ways:
directly notifying the user of the application program by using a standard user interface of the notification reader; or
The associated message is transmitted to the mail reader. The mail reader then displays the messages to the user according to the user interface of the application.
The above notification methods are selected under the control of user's preference, author's preference or preset values of the application program.
This kind of event-driven architecture is particularly powerful when:
the application delivers a message containing descriptive information about the event. In the context of a mail reader, an Eudora abort to Open Attachment event will accompany information About the mailer, information About the name of the attached document, and information About the attributes of the attached document.
Informing the reader that it contains a checker thesaurus that will take part in the functionality provided by the application; such as mailers and document names.
In the above-mentioned context, if one wants to alert all users who receive mail with attached documents from king @ places.gr not to open the attached documents, an association clause may be made to target the users who will open the attached documents. The advertisement is processed and forwarded to the notification event group by MIME's header column mechanism and message column changes as described above. Service-event-pool followed by predefined notification events: the type of simple header column indicates the desired route.
Communication adapted to relevance
The following is an example showing how relevance can be used to tailor the dissemination of an information ontology (see fig. 19):
the following issues are considered: a publisher wants to create an electronic document whose contents are specially made by the reader; for example, because the advertisements in the content are better suited for certain readers, or because the technical information contained in the content is better suited for certain readers. In any event, the desired customized content must be in-depth with an understanding of user preferences, the types and details of belonging and organization members that are more likely to be available to the user.
The following discussion describes a system implemented using the association evaluation unit of the present invention. This implementation enables the issuer to build files of applicable associations to solve the above problem. The distribution is in the form of a digital file that contains content embedded therein and referenced to a number of possible changes. Other possible variations may be selected by the relevance clause. The cells in the document that do appear on the user display are selected according to the user's detailed characteristics.
The following is one embodiment of the system described above: a basic document processing destination format is selected. For the sake of detail, this is set up as an HTML document. A special native format is then defined that contains the file. In this context, this file is called a PRE-HTML file. Primitive format 194 provides the possibility of arranging a plurality of hierarchically nested sections of an HTML document that are modified in linear order. Each element of this arrangement is protected by one or more dependency clauses. The elements of the original format differ from the HTML document in that they also provide embedded include expressions from the relevance language.
The author of the notification writes the document with an association clause and a checker clause 191. To create a tailored document for a particular user, the document in its original format is sent to the user's computer 192 and the document in its original format is programmed into a tailored destination format file 195. The destination format file is then processed by the destination file processing system to display the tailored file 193.
This editing step occurs as a step of tailoring and accepting detailed inspection. When the raw format is processed, it will encounter a variety of elements. Units that are protected by the association clause and evaluated as false, or any rating that is not true, are excluded. The excluded elements will not appear in the final destination format document. The units protected by the association clause and evaluated to be true are retained and appear in the final destination format document. All of the retained elements are processed before being placed in the destination document. If any include expressions exist in the document, the expressions are evaluated, and the evaluation result is inserted into the destination document.
The above process solves the problem of creating a tailored document because the association language enables the notification provider to write a tailored document as if the author had known details of the user's computer and environment, but the user does not need to disclose personal information to the provider.
The above-described embodiments of the present invention provide a notification provider that presents information to a user in a precisely defined environment and that utilizes the above-described association-supervised communication scheme. Here, the collector, viewer and notifier each have a different structure in the present invention, but their functions are similar at an abstract level. For example, in the five-party model (five-part model), the tool for editing the source format file into the destination format file plays the roles of both the viewer and the notifier, and the destination file processing system plays the role of the user interface of the notifier. The role of collector can be played by any system or systems that bring the raw format files into the user's environment.
Privacy concerns exist in such tailored documents. For example, HTML is used as a target language, which indicates that there is a possibility of information leakage.
Other association-driven document tailoring processes are also possible implementations. For example, one can develop a system in which the original document is not all written at once into a destination document of known format, but is constructed as an interactive interpretation. The following is an example: an original document is composed of a plurality of pages of a document in PRE-HTML format. The conditional edit block protected by the association clause is embedded in the original file and includes the above expression replacement using the association clause. When the viewer checks the document page by page, each page is compiled from the PRE-HTML document into an HTML document, which can be displayed if desired. In this mode, the path that the user has taken in the file is determined only during execution. For example, certain links in a file may be protected by relevance. The relevance expression refers to the environment attributes, and the environment attributes are changed along with the reading of the file by the reader; that is, the environment attribute changes as the reader reads in the document. For example, the reader may be prompted for information as part of the document reading process, and the results of the prompting may cause changes in the profile variables of the web site, thereby causing changes in the web pages subsequently visited.
Remote access to personal information
The present invention enables the notification author to target lock conditions based on any combination of verifiable conditions calculated for the user's computer and its environment. This environment may include data of a personal nature. Since certain types of personal data can be widely available in a standardized format on a large number of personal computers, this allows the present invention to be used to notify a large number of individuals on an issue of personal nature. Natural application areas include:
personal finance: if information about personal property exists in a standardized format on a large number of user computers or their environment, the notification author can provide timely association notifications for a large number of individuals regarding their bank account management or their portfolio.
Personal health issues: if information about a personal medical record exists in a standardized format on a large number of user computers or their environment, the author of the notification can provide timely notification of the association between the drug interaction or the interaction between gene or blood type information and the drug to a large number of individuals.
This creates an unprecedented opportunity to provide highly targeted notifications without compromising privacy. Although the author is notified to make detailed announcements about the financial or health status of the user and although detailed knowledge of sensitive personal information is required to evaluate the announcements, the system itself does not disclose the information to the author. In some cases, the user may choose to reveal the information after reading the association bulletin.
The above application areas are limited to users acquiring and retaining accurate data regarding the standardized formatting of items of interest, and the data can be accessed by means well known to the notification provider. It is highly desirable to eliminate the burden of data management and data input work so that the user does not need to be the manager of data. In particular, professional organizations responsible for maintaining accurate data about their customers are highly desirous of being able to focus on the integrity of the data for which they are responsible. For example:
the bureau maintains records of its users.
The physician maintains a record of his patients.
Financial institutions maintain records of their customers.
The administrator component charges the costs of maintaining accurate and timely records for their patients, users or customers.
It is highly desirable for users to have access to certain critical information maintained by the professional institution in which they participate. For example:
rather than the user entering computer data about his own prescription, the data that one wishes to require is automatically obtained from the pharmacy upon request from the user's computer.
Rather than the user entering computer data about his own stock portfolio and operating on a daily basis, the data that one wishes to require can be automatically retrieved from the financial institution at the request of the user's computer.
Rather than the user entering computer data about his or her health record and processing it each time the data changes, the data that one desires to require is automatically retrieved from the medical facility at the request of the user's computer.
The following is a solution to solve the above problems with the present invention:
the standard combination of remote medical record checker, remote financial record checker, and remote drug prescription checker has been developed and its syntax and method of use has been published. These checkers have server side components and client side components, as will be described later.
The author of the notification writes notifications relating to different issues with the personal data.
Some physicians, financial institutions, and drug offices have server components installed on computers in their offices. They will advertise to the general public the functionality of having remote information access.
Users interested in benefiting from access to remote information will contact financial institutions, physicians or drug offices and authorize the addition of their personal information to the server software.
The user subscribes to certain notification sites, wherein the notifications of these sites include notifications using a remote checker. The start time of the subscription is appropriate for the notification reader of the user's computer to utilize the message.
The notifications are periodically evaluated according to the notification population in which they are placed. The results of the evaluation may cause the user computer to establish communication with a remote computer to obtain the desired information. For example, a remote drug prescription checker lexicon on the user's computer communicates with a drug information server and queries the user whether the user has some problematic prescription combination.
The following is an example of the use of the present system to compose a publication: it is hypothesized that a pharmacist provides an antidepressant to his patient and finds that the patient may be critically ill with the concomitant use of an anti-inflammatory drug. In practice, one prescription may be made by a psychiatrist, while another prescription is made without the orthopaedic surgeon knowing that the patient is using the other medication prescription. The manufacturer will make a notice indicating a dangerous situation as follows:
exists pharmacy prescription″Xanax″and exists pharmacyprescription″Buterin″
the manufacturer will include a description of the potentially dangerous combination into the body of the message. When the association clause is encountered by the notification reader on the user's computer, it contacts the pharmacy server and queries the drug order Xanax and drug order Buterin and determines the association of the notice based on the query. If the advertisement has relevance, the notification reader will inform the user of the condition.
An important issue in determining whether a user accepts the system is the ability of the system to protect the privacy of the user. To this end, the interaction between the user and the server is carefully protected:
the communication between the user and the bureau server is secured by standard encryption methods, such as the SSL protocol.
The identity of the user requesting the information is authenticated by the standard encryption method of the bureau server.
With these devices, the pharmacy server avoids the leakage of information about the individual, except for the notification reader on the individual's computer. At least under normal operating conditions, the notification reader on the personal computer does not leak the received information out.
The following is a convenient interactive protocol for the remote inspector described above. In this protocol, it is easy to set up client software. The user terminal will transmit the ASCII string describing the query in the surface language through the secure link. In the above example, the user end delivers the prescription of the medication Xanax. The server analyzes the prescription using a microanalysis calculator of the relevance clause analyzer. The server knows that this clause refers to the prescription record for Joshph a. patient because the initial authentication has been effected, and searches the medication database for data items indicating patients who have the medical prescription Xanax using standard database lookup methods. The server then returns a true or false value in the ASCII string, at which point the client parses the string and returns the corresponding boolean value to the notification reader.
Two-way communication
It is an object of the present invention to allow only one-way communication, i.e., sending notifications from a notification provider to a notification user, but not to allow leakage of user information to the provider. The term unidirectional layer means this function.
However, in many cases, this mode will be limited. For example, in some cases, the user may want to contact the provider, especially when the user is benefited in the interaction. One example is when a user wants technical support to solve a particular problem, but existing announcements fail to address the solution. To address the problems faced by users, users are willing to provide various information about their configuration settings to the solution provider. In other cases, the notification user who subscribes to a particular web site is actually a member of the organization that operates the notification web site, and therefore the notification user wants to share information with a particular notification provider.
Opening two-way communication
The term "open two-way communication" refers to an environment in which the present invention is implemented and typically communicates in a one-way manner, but the process sometimes returns a message to the notification provider, and occurs when the provider is made aware of the identity of the user's computer.
Questionnaire survey
In one implementation (see FIG. 20), a specific file format called a questionnaire 200 is defined that contains text with annotations and explicit include-expressions. It has been assumed herein that the include-expression is defined by two monetary symbols $ $ each. include-expressions are written in a relational language and do not require evaluation of true or false values; for example, the value is a string or an integer. Also assume that the annotation is preceded by a% symbol. An example of a questionnaire is as follows:
%Data needed by ABC Corporation to
%Diagnose the XYZ Problem
inventory of User Computer Configuration:
Computer Manufacturer:$$Manufacturer of Computer$$
Model:$$Model of Computer$$
OSVersion:$$version of Operating System$$
RAM:$$System Ram$$
Disk:$$size of boot volume$$
the questionnaire includes text such as the computer manufacturer, and include an include-expression such as the computer manufacturer. The purpose of questionnaires is to enable notification readers to collect information about computer types and certain characteristics using their rich inspector thesaurus.
The following is an example showing how to use a questionnaire: the questionnaire as above is authenticated by the notification provider 200 and inserted into the solution portion of the post in MIME format with explicit content type 201. The user will view the associated bulletin 202 and the accompanying human interpretable content. Human interpretable content is as follows:
you have XYZ status. To be able to help you, we in ABC corporation need some information about this situation-information about your system environment. If you press the bottom left button, this information will be automatically collected. You would have the opportunity to review this information and then agree to transmit this information to ABC company.
There are two buttons below the announcement: one to collect information and the other to require re-inspection. The first key indicating the collection of consent information; the second button represents the original document that requires re-examination of the questionnaire in order to learn more about the provider's desire to collect information.
If the user agrees 203, the relevance clauses in the questionnaire are evaluated 204, for example using various checkers 205, 206, and the corresponding results are incorporated into the evaluated relevance clauses. In the foregoing example, this process would result in:
%Data needed by ABC Corporation to
%Diagnose the XYZ Problem
inventory of User Computer Configuration:
Computer Manufacturer:Toshiba
Model:T1200
OSType:Windows 98
OSVersion:1.0
RAM:64M
Disk:2G
the user may be prompted to include the results of the process and have the opportunity to review the results while communicating the results to the notification provider. In one implementation, the results are presented to the user as part of a sender window, which displays the recipient of the message 207, and below which is a button labeled as a sender 208.
With this arrangement, the association language can simplify communication between the notification provider and the notification user, and allow the checker to collect information that is needed by the notification provider and difficult for the user to collect by himself. The provider can benefit because it can quickly and accurately obtain the important information needed in the technical support process, and the user can benefit from it because the process will eliminate the burden of finding the correct data and obtaining the correct report.
In order for this method to work, it must be acceptable to the user. The user is quite sensitive to the possibility of being fraudulently exposed to a questionnaire that indicates that one type of information, such as the type of CPU, is to be collected, but in fact another type of information, such as the VISA credit card number or password, etc.
A privacy rating service that further allows user acceptance of technology is a central site that can prove compliance with privacy standards when implemented with appropriate random response protocols. Under The current website protocol (see Khare, Rohit, Digital Signal Label Architecture, The World Wide Web Journal, Summer 1997, Vol.2 Number 3, pp.49-64, Oraily, Sebastopol, CA, http:// www.w.3. org/DSIG), there is a method of establishing a hierarchical service that can prove in a reliable way that certain messages do have certain characteristics. The reliability of these claims, i.e. that they are indeed provided by the service and not made by fraudsters, is ensured in accordance with the use of standard authentication and encryption means. Using this technique, privacy rating services can be built into central websites, such as betteradvicebureau. The notification author submits the messages to the certifying authority seeking certification for his questionnaire with privacy respecting properties, and the certifying authority, after scrutinizing the messages, will optionally agree to prove that some messages have privacy respecting properties. In one embodiment of the present invention, the user interface or similar component of the notification reader is configured to allow questionnaires to be presented to the user only after the questionnaires have been reliably certified for reliable privacy classification services.
Forced feedback
In one embodiment of the present invention (see fig. 21), two-way communication may be enabled in order to maintain a relationship with a certain reliable provider.
The above assumes that the user's situation is different from the general environment of the present invention. In such an altered environment, certain types of notification providers enjoy a particular status, such as an employer or contractor, that may have mandatory privileges for the employer or contractor to be distinguished from notification providers in other environments. These overload notification websites 210 publish the announcements collected by the reader 211 and then perform relevance evaluations on the announcements 212. An associated message may be presented 213 to the user, who may approve or reject the action suggested by the announcement 214. The feedback path 216 allows the user's actions to be reported 215 to the overload notification website.
In this embodiment, any of the following options may be implemented:
subscription of certain notification websites is mandatory;
some notifications cannot be deleted by the user, some providers cannot be scheduled, prioritized, or opposed by the user;
some notifications generate automated feedback from the user to the provider regarding one or all of the following:
(a) Identification of the user's computer;
(b) the relevance status of an advertisement on the computer; and
(c) the fact that the user has/has not adopted the solution proposed in a certain bulletin.
The content of the feedback is transmitted via e-mail or other convenient electronic means.
In this environment, many managers of computers can:
(1) composing an announcement to be sent to a plurality of devices managed thereby;
(2) expecting all devices to receive the announcement; and
(3) it is desirable to receive information in reply to the associations and/or solution states related to the advertisements on the devices.
The above-described functions can be implemented by modifying the structure of the notification reader (refer to fig. 22) discussed above.
The notification website 220 may be given a particular overload state (i.e., as discussed above in connection with FIG. 21) by setting the subscription administrator of the notification reader to have that particular state.
A new message column type trusted Action (managed-Action) will be set up and used by the notification website to mark message parts with special key phrases in an overloaded state to invoke certain mandatory privileges:
marking a message as undeletable by the user and undeletable by the user through the user interface 221 of the notification reader;
At the relevance 222, the evaluation questionnaire 223 and the posting back 224 indicate that a message requires relevance and then immediately informs 225 the author via the feedback path 226, the informing process first processes the questionnaire filled in the various include-fields and then passes the information to the author;
the user acceptance and return is marked with a message requesting the user to notify the author immediately after selecting the action key of the accompanying announcement to accept the suggested action;
the user refusal to send back is a message requesting the user to notify the author immediately after accepting the suggested action by selecting the action button of the accompanying announcement. The reader is notified that it is appropriately modified so that when a message with an overload condition is received and processed, it can perform the desired function.
Masked two-way communication
While performing two-way communication, some degree of privacy protection can be obtained by obscuring the identity of the replying person.
Masking by anonymous communication and privacy classification
In one embodiment (see FIG. 23), the notification provider 231 may obtain detailed information from the user's computer when the notification provider communicates with the user anonymously. This embodiment of the invention limits the scope of communication so that when a message is returned to the notification provider:
The header of the message does not contain information that uniquely identifies the replying person's identity;
the message body itself does not contain information that uniquely identifies the replying person's identity; and
the process consists of three parts:
the notification provider makes a file, i.e., a questionnaire as discussed above, for collecting information in an automated manner, or in HTML format and by user interview. The user's notification reader 232 may collect this information.
When relevance is decided 233:
if the file is a questionnaire, the notification taker will fill in the appropriate include-fields.
If the document is in HTML format, the user fills in the appropriate survey questions.
The file is a website that provides identity protection through some central website, such as Better service Bureau, advisories, com, or other, anonymous re-register or functionally equivalent service, and routes to the provider anonymously via feedback paths 235, 236 in email.
The last stage of the process removes information about the identity of the user by deleting the identity of the message header. It is expected that the user will have confidence in the basic effectiveness of the process because the user knows that the central site will protect the process from its sophistication.
The user himself needs to be responsible for ensuring that the body of the message does not contain information identifying his identity. For example, if the user responds to the HTML format asking for his name and address, the user does not protect his identity. If the user forwards a questionnaire containing identification information (e.g., IP address), the user does not protect his identity.
In one implementation, the user utilizes a privacy rating service provided by the central website to help protect his privacy. Under current website agreements (see Khare, Rohit, Digital Signal Label architecture, The World Wide Web Journal, Vol.2 Number 3, pp.49-64, OReilly, (1997) http:// www.w.3. org/DSIG), there is a way to build a hierarchical service that can prove in a reliable way that some messages do have some characteristics. The reliability of these claims, i.e. that they are indeed provided by the service and not made by fraudsters, is ensured in accordance with the use of standard authentication and encryption means. With this technique, privacy rating services can be built on central websites, such as betteradvicebureau. The notification author submits the messages to the certifying authority seeking certification for his questionnaire with privacy respecting properties, and the certifying authority, after scrutinizing the messages, will optionally agree to prove that some messages have privacy respecting properties. In one embodiment of the present invention, the user interface or similar component of the notification reader is configured to allow questionnaires to be presented to the user only after the questionnaires have been reliably certified for reliable privacy classification services.
Masking by randomizing responses
In one embodiment, the notification provider retrieves detailed information from the user's computer while enabling the user to protect his or her own privacy. This embodiment of the invention limits the scope of communication so that when a message is returned to the notification provider:
the message body itself does not contain information that can reflect the true state of the user's computer or its environment by reliable inference.
In some embodiments, the techniques are implemented using centralized anonymous communications and centralized privacy authentication.
This process includes three parts:
the notification provider makes a file, i.e. a questionnaire as discussed above, for collecting information in an automated manner, however subject to additional restrictions.
Notify the reader to fill in the appropriate include-field and randomly change the answer and correct the incorrect answer depending on the random mechanism.
Return the resulting file to the author.
In one embodiment, the process by which the information is returned is anonymous. The file may be submitted to some central website, such as Better services Bureau or advssories. The last stage of the process removes information about the identity of the user by deleting the identity of the message header.
The concept of randomly changing answers is explained in more detail below: it is assumed here that only questionnaires with boolean values can be allowed, whereas more generalized questionnaires can be tolerated under additional operations. Informing the reader's affinity evaluation unit to evaluate the boolean expression indicated in the include-field; however, the results are not always inserted into outgoing messages. The value resulting from the relevance evaluation will be referred to as R. The reader is not always notified to replace the include-field with the value represented by R, but rather performs a two-stage speculation experiment. In the first phase, the reader is informed to obtain a random boolean value X from the random number generator, which is similar to a true or false value. The value of X will remain private and is made a decision in the first stage. In this determination, if the Boolean value of X is true, the decision inserts the value represented by R into the include-field. If the Boolean value of X is false, the decision is to again obtain a second Boolean value Y of the same probability and insert the value represented by Y into the include-field. Thus, in any particular message, it is not possible to judge whether the answer (R) obtained in the relevance assessment stage is true or false based solely on that message, since the probability of reporting a value of R or Y is the same, and the variable X making the judgment between R and Y is not revealed.
Thus, the privacy of the user can be guaranteed.
At the same time, the randomized response protocol allows the author of the questionnaire to obtain reliable information about the user without revealing information about the particular user. If pi represents the proportion of users having a certain sample characteristic and P represents the proportion of received true responses, then:
E(p)=1/4+π/2
where E (p) represents the mathematical expectation.
From p ═ e (p) (law of majors), pi can be estimated as:
for example, if 61% of the responses are true, one estimates that a sample of 72% — 2 (61% -25%) has a given characteristic.
The method has the expansion of non-Boolean variables and the response of multiple items.
In order for the above method to be effective, it is necessary to be acceptable to users. A privacy rating service that further allows user acceptance of techniques is provided by a central site that can prove compliance with privacy standards when implemented with appropriate randomized response protocols. Under The current website agreement (see Khare, Rohit, Digital Signal Label Architecture, The World Wide Webjournal, Vol.2 Number 3, pp.49-64, Oreilly (1997), CA, http:// www.w.3. org/DSIG), there is a way to set up a hierarchical service that can prove in a reliable way that certain messages do have certain characteristics. The reliability of these claims, i.e. that they are indeed provided by the service and not made by fraudsters, is ensured in accordance with the use of standard authentication and encryption means. Using this technique, privacy classification services can be built into central websites, such as betteradvicebureau. The notification author submits the messages to the certifying authority seeking certification for his questionnaire with privacy respecting properties, and the certifying authority, after scrutinizing the messages, will optionally agree to prove that some messages have privacy respecting properties. In one embodiment of the present invention, the user interface or similar component of the notification reader is configured to allow questionnaires to be presented to the user only after the questionnaires have been reliably certified for reliable privacy classification services.
Network management
The following discussion will illustrate two important variations of the present invention that help solve the problem of network management; i.e., a large network of managed computing devices.
Mandatory notification
In the basic description of the invention, it has been assumed that the purpose of providing notification is to enable a user in the role of manager to conveniently and properly read and manipulate his own selections (see fig. 24).
In some circumstances, the basic communication mode described previously may be usefully modified so that the user does not have to check for certain announcements. In one example of such an environment, network administrator 240 oversees a large network of communicating computing devices, while the various devices may be different from one another and constantly changing their status. The network manager wants to have certain notifications capable of performing certain operations, but does not know why the notifications are.
Under the above circumstances, it is of practical value to have a notification reader program 241 that can fetch and review 242 the announcements, and after the relevance is determined 243, the notification reader will automatically apply the indicated solution operator 244. This allows network administrators to write a generic advertisement targeting multiple devices without knowing what the devices are present, and to obtain the desired functionality on those devices. The solution or communication job record 245 may optionally be sent back to the network administrator via a feedback path 246.
The occasions suitable for the functions comprise:
target all devices whose security settings do not meet the criteria set by an administrator. Rejoin the desired environment setting.
Target all devices that have copies of a document. On the devices, the document is replaced with the updated document.
All devices below a certain amount of usable space targeted to their near-end disks. On these devices, the amount of documents that are buffered is cleared.
Other examples exist, including applications other than technical support. For example, in an environment where office equipment is a computing device, network management involves tasks related to maintaining and monitoring equipment assets and their usage.
In view of the presently preferred embodiment of this invention, there are several variations to this:
the notification reader is implemented as an application without an interface, where no user interface exists.
In a typical case, the notification reader is received through a communication mechanism different from the general subscription mode; for example, by email or other distribution mechanism.
The format of the message omits human-interpretable content.
The message format is incorporated into the message components, including software tools such as descriptive character sets (scripts) or executable binary code, or reference software tools such as URLs or pathnames of document systems, which provide functionality that can be automatically invoked when a context becomes relevant.
Some of the technical features may include the following variations:
safety technical features: the notification reader includes an authentication feature that can be used to verify the identity of a notification web site that is attempting to exercise mandatory privileges.
Two-way communication technical features: when the author of the notification requests, the notification reader can return to communicate with the notification author, and the function is represented by a managed-Action: the message column.
Master-slave configuration
In the description of the invention, it has been assumed that the purpose of providing notification is to enable a user in the role of manager to conveniently and appropriately read and manipulate his own choices. In the description, it has been implicitly assumed that the user is the manager of the personal computer or its environment.
In some circumstances, the basic communication scheme described above may be usefully modified to reflect the needs of administrators of a large number of computing devices. In one example of such an environment (see FIG. 25), a network administrator 250 oversees a large network of communication computing devices 251 and 253, while the various devices may be different from one another and constantly change their status. The network administrator desires a notification reader that functions as an active reader 254 in which each entry viewed by the administrator in the active user interface summarizes the relevance status of notifications on multiple devices 255, 256 simultaneously. This allows the administrator to monitor 257, 258 and decide to accept or reject notifications on multiple devices altogether.
In the above environment, the network administrator's workstation is the master, and the computing device it manages is the slave. It would be highly desirable to have a master notification reader program that executes and gets announcements on the master device, which then communicates with a number of slave devices, each executing a slave association calculator and a slave action enforcer, and summarizes the results of the interaction. These slave relevance calculators receive messages from active notification readers. The messages are composed of routing information and individual association clauses. The slave device performs an evaluation of the association clause in the environment defined by the devices and transmits the resulting value to the master device. The active reader then studies the results thus obtained and presents an active association summary to the network administrator in accordance with a special active user interface. If the boolean value of the accompanying dependency clause is true on any slave device, the message is considered to be actively dependent. The network administrator studies proactively associated messages and may accept suggested actions accompanied by certain messages. When the administrator accepts the recommendation, the active reader contacts the slave action calculator on the slave device that obtained the association result and sends the recommended action as part of the announcement, indicating that the action should be performed. Each slave calculator is associated in the manner described above and then uses the indicated solution in the environment provided by the device.
In the above environment, the network manager subscribes to notifications and plays a role of a process of managing notifications in place of users of all slave devices. If a notification is associated in the general case of the present invention, suggesting to the user that the software on their device should be updated, the same notification will be presented to the network administrator when some devices on the network should also be updated, thus efficiently suggesting that all devices on the network should be updated with the corresponding software.
In view of the presently preferred embodiment of the invention, there are several variations of the invention in the general form disclosed:
the slave relevance calculator and the slave action implementer are implemented as an application without an interface, in which no user interface exists.
In a typical case, the slave relevance calculator and the slave action enforcer receive through a communication mechanism different from the general subscription mode; for example, by email or other distribution mechanism.
The communication message format between the active reader and the slave relevance calculator omits human-interpretable content.
The message format between the active reader and the slave action enforcer incorporates message components including software tools such as descriptive fragments or executable binary code, or references to software tools such as URLs or pathnames of document systems that provide functions that can be automatically invoked when a situation becomes associated.
In addition, certain modifications may also be performed. The slave relevance calculator and slave action enforcer include an authentication feature that may be used to verify the identity of a notification web site attempting to exercise mandatory privileges.
Depending on the network administrator's different perspective, the technical features of the active user interface are not available under the general circumstances of the present invention. These technical features include:
device list display: a list of all devices associated with a given announcement is displayed. Other features of the devices are included to modify this list.
Device list filtering: a selection mechanism is applied to the list of associated devices and the suggested action is allowed to be applied only to the secondary set in the group of associated devices. It is particularly useful to be able to intersperse a predefined list, such as a list of devices in an operating department, a list of devices in a location, or a list of devices that appear to be associated in other announcements. It is also important to have the list of devices expandable beyond the associated device to allow manual editing or concatenation of other device lists, such as predefined lists, or lists presented as associated devices in other announcements.
The logical structure described above is a single ontology of logical structures for advertisements that are evaluated for relevance in different sets of contexts, where the results in all different contexts are aggregated into a single active user interface. This logical structure has significance in other environments. For example, in the case of drug interactions described above, the pharmacist is the administrator, the body of whom the announcements from the pharmaceutical manufacturer are received is applicable to bodies in a variety of different contexts, and the database records of the individual customers of the pharmacist provide a special context for interpreting the announcements. Here, the background is not an individual device, but rather an individual record in a database. The active user interface is the basis for another variation of the present invention; for example, operating with specialized database checkers, the active notification reader can obtain a list of all patients associated with a given notice. The user interface presents only information associated with the active device to the pharmacist, i.e. announcements associated with certain patients in the database. The pharmacist then reviews the associated notice and reviews the list of relevant patients.
Although the present invention has been described in detail with reference to the preferred embodiments, those skilled in the art will readily appreciate that other applications may be made without departing from the spirit and scope of the invention, and the scope of the invention is accordingly limited by the claims that follow.

Claims (44)

1. A communication system, the system comprising:
a notification provider that propagates information over a communication medium;
a notification user that collects said disseminated information from said communication medium; and
a reader attached to the notification user for determining the relevance of the broadcast information;
wherein the notification user is notified of the information only if the information meets a certain relevancy condition.
2. The system of claim 1, wherein the reader further comprises:
providing relevance information to the device notifying the user without revealing any aspect of the identity of the user to the notification provider.
3. The system of claim 1, wherein the relevance of the information provided to the notifying user is based on all characteristics of the notifying user computer, the content or state of the computer, or characteristics of the local environment associated with the computer.
4. The system of claim 1, wherein the notification provider specifies the readership potentially associated with the information by reference to a notification user characteristic used to determine relevance of the information provided to the notification user.
5. A method of communication, comprising the steps of:
producing a message at a notification provider location;
propagating the information anonymously to potential notification users using a network;
processing the information at a notification user location;
determining whether the message is associated with the notified user;
wherein the information is disseminated to the notification user without requiring the notification user to disclose its identity or attributes to the notification provider.
6. In a system including computing devices connected by a communications network, a communications apparatus for linking an information provider with an information consumer, said apparatus comprising:
a shared specific notification unit;
transmitting a digital file of the notification;
a notification provider that propagates the notification in the form of an announcement;
receiving a notification of the announcement to a user;
wherein the announcement is propagated from the notification provider to the notification consumer via the communication network; and
a communication protocol that targets ads in a centralized manner by automatically matching the ads to notified users associated with the ads.
7. The apparatus of claim 6, further comprising:
a notification reader associated with the computer notifying the user for performing the relevance determination.
8. The apparatus of claim 7, wherein the relevance determination is automatically made based on a combination of a set of conditions, the conditions including hardware features, configuration features, database features, environmental features, computed features, remote features, timeliness, personal features, randomness, and notification features.
9. The apparatus of claim 6, wherein the advertising comprises:
a digital file containing an explanatory part describing the reason why the announcement has relevance in terms that the informing user can easily understand, and the purpose and effect of suggesting the informing user to take an action.
10. The apparatus of claim 7, wherein the notification reader comprises:
a collector for collecting announcements to which the notification usage is subscribed;
a subscription manager for entering subscriptions to announcements based on documents defined by at least one user website;
A de-wrap connector for parsing said announcement;
a module for determining the relevance of said announcements, said determination being made continuously or at predetermined time intervals, or under manual control of a user;
a user interface for receiving associated announcements; and
a display and management system that displays the associated bulletin for informing the user of the examination.
11. A communication device, comprising:
an advertisement, comprising:
an association clause containing a statement regarding a status, content or context of a notifying user computer that can be automatically evaluated by comparing the statement to an actual status of the user computer;
a message relating to said relevance clause, the applicability of which to said user is determined, at least in part, by evaluating said relevance clause;
a collector for ensuring that said relevancy clauses flow from different locations into said notification user computer;
an observer which evaluates the relevance clause by comparison with the actual state of a notifying user's environment and detects the characteristics of the notifying user's computer and its environment and checks whether the result is close to or far from relevance; and
And a notifier for displaying a message to a notification user at least partially guided by the evaluated relevance clause.
12. The apparatus of claim 11, wherein the announcement further comprises any one of:
a wrap for grouping information in the announcement for transmission and subsequent decoding;
a source column for identifying a notification author;
a subject column for identifying consideration of the announcement;
an association clause indicating that the notification is an associated condition;
a message body for providing explanatory material to the notifying user to explain under what conditions associations can be found, why there are associations with the notifying user, and what actions are suggested to be taken; and
an action button provides the user with the ability to invoke automated execution of the suggested action.
13. An apparatus for encoding more than one digital file, said digital file transmitting notifications over computer networks and other digital transmission media, comprising:
a wrap connector for grouping one or more digital files for transmission and subsequent decoding;
A source list element for identifying a notification author;
a subject list section for identifying the subject matter of the notification in a summarized manner;
an association clause element for indicating that the notification is an associated condition;
a message body element for providing explanatory content to a user to explain under what conditions relevance can be found, why there is a relationship with the user, and what actions are suggested to be taken; and
an action button element for enabling said user to invoke automated execution of said suggested action;
wherein the one or more digital files include a propagated message that is not directed to a particular recipient or list of recipients.
14. The apparatus of claim 13, wherein the one or more digital files further comprise any of:
a when-expired clause, if said clause is evaluated as true, making a file an expired file;
a when-to-evaluate clause that, if evaluated as true, causes the file to be subjected to a relevance evaluation;
a clause requiring a checker thesaurus for giving the name of the checker thesaurus and its URL that can be found, wherein the checker thesaurus must be installed in order for the association to be correctly evaluated;
A reference clause for giving a system keyword mark referred to by a condition related to a document; and
a solution utility clause for providing a keyword designation of the effect of the suggested response.
15. The apparatus of claim 13, wherein the message body further comprises:
a digital authentication feature that is appended to the message to ensure its integrity and authentication.
16. The apparatus of claim 13, wherein the one or more digital files are grouped into textual documents that are valid instances of MIME documents.
17. The apparatus of claim 16, wherein the MIME document further comprises any of:
a header column specifying an extended message header preceded by a message body, the extended message header consisting of various header columns, wherein each column begins with a well-known clause and includes an address, a date, and an associated description;
means for creating a new message column in a message, including means for embedding said new message column in the message, and means for registering said new column with MIME authentication;
providing devices of different versions of the same message with a method of purposefully selecting appropriate displays; and
A summarization mechanism for grouping several complete MIME messages into a single document for internet delivery.
18. The apparatus of claim 13, further comprising:
more than one grading block for containing information, the information is according to one of judgment rules such as privacy, security and usefulness, and the one or more than one digital files are graded.
19. A method of encoding one or more digital files that transmit notifications over a computer network or other digital transmission medium, characterized in that it comprises at least the following steps:
grouping the one or more digital files for transmission and subsequent decoding;
identifying a notification author;
identifying the subject matter of the notification in a summarized manner;
a condition indicating that the notification is associated;
providing the user with explanatory content explaining under what conditions associations can be found, why there are associations with the user, and what actions are suggested to be taken; and
providing the user with an action that can invoke automatic execution of the suggestion;
wherein the one or more digital files contain a propagated message that is not targeted to a particular recipient or a list of recipients.
20. The method of claim 19, wherein the one or more digital files further comprise any of:
a when-expired clause, if said clause is evaluated as true, making a file an expired file;
a when-to-evaluate clause that, if evaluated as true, evaluates the relevance of the file;
a clause requiring a checker thesaurus for giving the name of said checker thesaurus and its URL that can be found, wherein for a correct evaluation of the association said specific checker thesaurus has to be installed; a reference clause for giving a system keyword mark referred to by a condition related to a document; and
a solution utility clause for providing a keyword designation of a suggested response effect.
21. The method of claim 19, wherein the message body further comprises:
a digital authentication feature that is appended to the message to ensure its integrity and authentication.
22. The method of claim 19, wherein the one or more digital files are grouped into textual documents that are valid instances of MIME documents.
23. The method of claim 22 wherein said MIME document further comprises any of:
A header column specifying an extended message header preceded by a message body, the extended message header consisting of various header columns, wherein each column begins with a well-known clause and includes an address, a date, and an associated description;
means for creating a new message column in the message, including any means for embedding said new message column in the message, and means for registering said new column by MIME authentication;
providing devices with the same message and different versions, and selecting a proper display method; and
a summarization mechanism for grouping several complete MIME messages into a single document for internet delivery.
24. The method of claim 19, further comprising:
one or more rating blocks for containing information that rates the one or more digital files according to one of privacy, security, and usefulness criteria.
25. A method for checking any characteristic of a computer, said computer characteristic comprising configuration of said computer, contents of said computer storage device, peripheral devices of said computer, environment of said computer, or remotely associated computer, said method comprising the steps of:
Checker scheduler
Providing at least one checker, said checker comprising a checker lexicon and associated methods; and
evaluating a sub-expression with the at least one checker;
in the checker scheduler, the checker performs one of the following calculations: performing mathematical logic calculations, executing calculation rules, returning results of system calls, accessing content in a storage device, and querying a device or remote computer.
26. The method of claim 25, further comprising the steps of:
providing a checker program associated with the notification user computer for continuing the relevance determination;
wherein the relevance determination is driven by a relevance clause, which is continuously evaluated; and
wherein the checker thesaurus contains executable code that can be invoked by the checker program as part of the relevance evaluation process.
27. The method of claim 25, further comprising the steps of:
transmitting the particular relevance clause to a remote location;
evaluating the clause; and
returning said clause after a user has made the content to be transmitted; wherein the characteristics of the distal location are known.
28. The method of claim 25, wherein the association evaluation is driven in a master-slave relationship by a master informing a slave device to evaluate an association clause.
29. The method of claim 26, wherein the method scheduling module performs the steps of:
parsing a clause in a relevance language;
generating a method schedule list in which specific methods are called in a specific order of a specific variable table according to the parsing step; and
a series of method schedules are performed systematically in the appropriate order.
30. An inspector for inspecting any characteristic of a computer, said characteristic comprising a configuration of said computer, contents of a storage device of said computer, a peripheral device of said computer, an environment of said computer, or a remotely associated computer, said inspector comprising:
a checker lexicon comprising executable code that is invoked as part of a persistent association evaluation process; and
one or more checker methods for performing mathematical logic operations, performing arithmetic operations, returning results of system calls, accessing content in storage, and querying a device or remote computer.
31. The apparatus of claim 30, further comprising:
a checker scheduler associated with the notification user computer for continually making relevancy decisions, wherein the relevancy assessment is driven by a database of relevancy clauses that may be continually assessed;
wherein the checker thesaurus contains executable code that is called by the checker scheduler as part of the relevancy determination process.
32. The apparatus of claim 30 wherein said specific relevance clause is transmitted to a remote location and evaluated and said relevance clause is returned after a user has made the transmitted content, wherein the characteristics of said remote location may be known.
33. The apparatus of claim 30, wherein the association evaluation is driven by a master in a master-slave relationship, the master informing a slave device to evaluate an association clause.
34. The inspector of claim 30, said inspector corpus further comprising:
a description of a [ phrase ] used in a relevance language;
association of the [ phrase ] with a particular method;
A specification of a new data type for the evaluation process;
calling a specification of a prototype of the particular method, including numbers provided to the particular method and data types required by variables;
a specification of a data pattern generated by the particular method;
implementation of the particular method in an executable form;
a specification of special hooks associated with program code to be invoked in an event, the event comprising: the start of the checker scheduler, the end of the checker scheduler, the start of the checker scheduler primary evaluation loop, and the end of the checker scheduler primary evaluation loop;
the establishment and maintenance of a special cache associated with the particular method, and a description of special collusions associated therewith; and
implementation of the special event method and the cache method in an executable form.
35. The inspector of claim 30, further comprising:
a module for linking said checker lexicon to said checker scheduler and attaching all evaluated specifications to make changes to the internal data structure of said checker scheduler, wherein a new method can provide said checker scheduler call.
36. The inspector of claim 35, further comprising:
a grammar list for providing the generated variations to all allowed phrases and associated data types on which they operate; and
a dispatch list for systematically making decisions regarding the associated executable methods for a given phrase and data type.
37. The inspector of claim 30, wherein said plurality of inspector libraries are installed in an instance of said inspector dispatcher to define a set of [ phrases ] recognizable in a relevance language, a set of data types permitted in evaluation, and a set of methods associated with said data types.
38. The inspector of claim 30, wherein said inspector thesaurus is linked to said inspector dispatcher when said inspector dispatcher is launched; and
wherein a declarative program is invoked, new [ phrases ] are installed in a vocabulary parsing table of an associative language, and when the link occurs, the new [ phrases ] are associated with the invocation of a particular method.
39. The inspector of claim 30, further comprising:
A base layer including a mechanism for performing basic operations, including all basic arithmetic and logical operations that are system independent;
a system specific layer associated with a specific operating system;
one or more vendor specific layers for providing access to specific hardware devices and software products; and
suitable additional layers are based on other notification providers.
40. The inspector of claim 30, wherein said inspector comprises:
a system specific checker for accessing characteristics of an operating system and allowing notifications to be written to check for the presence and configuration of add-ons and other subsystems;
a log checker for enabling the association language to reference and evaluate a characteristic of a log database;
a preference setting checker for enabling the association language to refer to and estimate characteristics of a preference setting document of a specific application program;
a database checker that enables the association language to access fields in the database; and
a user profile checker enables the association language to reference data stored in the user profile.
41. The inspector of claim 30, further comprising:
A template document describing a set of variables, a notification provider planning to refer to the set of variables in an announcement;
wherein the template document is placed at a notification website and collected in an automated manner at a synchronized time;
wherein the template document is used to drive an editing module on a user computer, which presents a list of template variable names and a list of their current values to a user, and if not previously defined, blank fields appear; and
wherein the user can fill in the blank field and edit other fields.
42. The inspector of claim 30, wherein said inspector comprises:
a remote checker for checking the characteristics of the other communication device;
wherein the remote inspector is to inspect any of:
remote physical measurements;
remote device query;
remote computing;
remote database query; and
and (5) remote relevance calling.
43. The inspector of claim 30, wherein said inspector comprises:
a program record checker for enabling the associated language to refer to data stored in a specific work record document or documents associated with any specific application, wherein the program work record document may include one of a web browser, a telecommunication work record, a facsimile work record, or a click stream work record.
44. An inspector in a system comprising computing devices connected by a communications network, said system comprising a communications device for linking information providers and information consumers, said communications device comprising specific units of shared notifications, digital files for transmitting said notifications, notification providers for propagating said notifications as notifications, notification consumers for receiving said notifications, wherein said notifications are propagated from said notification providers to said notification consumers over a communications network, a communications protocol for focusing on targeting said notifications in an automated manner and matching said notifications with notification consumers having associations to said notifications, and an inspector scheduler associated with a notification consumer computer for continuing an association determination, wherein said association determination is driven by an association clause database, these associativity clauses being evaluated continuously, characterized in that said checker comprises:
a checker lexicon and associated methods that utilize the at least one checker to evaluate sub-expressions;
wherein the checker thesaurus contains executable code that is called by the checker scheduler as part of the relevance determination process; and
Wherein the checker performs one of the following: and (3) mathematical logic operation: executing the calculation rules, returning the results of the system call, accessing the content in the storage device, and querying the device or the remote computer.
HK02107360.5A 1998-09-01 1999-08-27 Method and apparatus for computed relevance messaging HK1046044A1 (en)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US9879898P 1998-09-01 1998-09-01
US09/272,937 US6256664B1 (en) 1998-09-01 1999-03-19 Method and apparatus for computed relevance messaging
US09/272,937 1999-03-19
US09/315,732 US6356936B1 (en) 1998-09-01 1999-05-20 Relevance clause for computed relevance messaging
US09/315,732 1999-05-20
US09/351,416 1999-07-09
US09/351,416 US6263362B1 (en) 1998-09-01 1999-07-09 Inspector for computed relevance messaging
PCT/US1999/019751 WO2000013121A1 (en) 1998-09-01 1999-08-27 Method and apparatus for computed relevance messaging

Publications (1)

Publication Number Publication Date
HK1046044A1 true HK1046044A1 (en) 2002-12-20

Family

ID=71993758

Family Applications (1)

Application Number Title Priority Date Filing Date
HK02107360.5A HK1046044A1 (en) 1998-09-01 1999-08-27 Method and apparatus for computed relevance messaging

Country Status (1)

Country Link
HK (1) HK1046044A1 (en)

Similar Documents

Publication Publication Date Title
CN1344398A (en) Method and appts. for computed relevance messaging
US7346655B2 (en) Method and apparatus for computed relevance messaging
US8219677B2 (en) Method and apparatus for inspecting the properties of a computer
US8914507B2 (en) Advice provided for offering highly targeted advice without compromising individual privacy
US10033537B2 (en) Promoting learned discourse in online media with consideration of sources and provenance
US7716288B2 (en) Organization-based content rights management and systems, structures, and methods therefor
US7512798B2 (en) Organization-based content rights management and systems, structures, and methods therefor
CA2736584C (en) Method and system for secure use of services by untrusted storage providers
US7392547B2 (en) Organization-based content rights management and systems, structures, and methods therefor
US7549062B2 (en) Organization-based content rights management and systems, structures, and methods therefor
CN101116100A (en) System and method for grading documents containing images
US11799884B1 (en) Analysis of user email to detect use of Internet services
HK1046044A1 (en) Method and apparatus for computed relevance messaging
WO2000057327A1 (en) Method and apparatus for computed relevance messaging
McDonald SpamAssassin: A practical guide to integration and configuration
Weissbacher Measurement and Detection of Security Properties of Client-Side Web Applications
Dathathri et al. Countering Privacy-Invasive Software (PIS) by End User License Agreement Analysis
MXPA01002036A (en) Method and apparatus for computed relevance messaging