HK1021042A - Distributed network based electronic wallet - Google Patents

Description

Electronic wallet based on distribution network

This application relates to provisional patent application No.60/065291 entitled "electronic wallet over distributed network" filed on 12.11/1997, to which priority is claimed.

The present invention relates to information storage and retrieval systems, and in particular to electronic systems for personal information storage and authorized distribution.

In today's information-based economy, information has been recognized by many companies as a major wealth that, like money, can only be used frequently to fully realize its value. Information is a heavy wealth, not only for companies, but also for certain individuals who often need to repeatedly provide some personal reality to merchants and service providers with whom they are dealing.

The collection of personal information, collected in a demographic manner, is invaluable to companies willing to engage in purposeful engagement. Examples of information gathering include insurance policies, legal documents, medical records, and financial and credit histories. This information represents a valuable commodity that many companies would like to purchase.

In fact, it is known that many companies inform their customer accounts to generate a list of available sales. Also, most users are aware of the occurrence of such an event and are unaware of surprise to receiving a catalogue of balling-up-like merchandise from previously unknown vendors after mail order the goods. Many users are annoyed by this experience, and some avoid even the annoyed vendor to prevent further misuse of his personal information in the future. However, if the data is first cleansed or cleaned to remove all content associated with a particular individual before useful market data is made, most user concerns may be eliminated, or at least mitigated.

In the internet and electronic commerce arena, privacy is increasingly involved because each time you get to a site, your browser has told the server what kind of situation you are, such as which browser is being used and your IP address. This allows the acquirer to easily track website access and offload information from unsecured data transmission. In response, the internet business community is promoting Open Profiling Standards (OPS) that allow an individual to store personal information on his PC hard drive and allow others to access this portion of information only after permission from the individual.

There is also a concern about the use of tags (cookies) or tokens (tokens) that are attached to the user's program and changed according to the area of the web site being accessed. When you use the tag to go to a web site, you are asked to form a form that provides information about your name and interests. This information is packaged into a label and sent to your web browser for storage for later use. The next time you go to the same web site, your browser sends the tag to the web server. The server can use this information to serve your user's web page. The markup is typically designed to be persistent and remain in the browser for long periods of time and can be used to imperceptibly reveal the site address or activity in the site that you have recently visited.

Users are also increasingly demanding that personal information be systematically organized and protected, but are generally limited to doing so by the availability of commercial software programs to their best capacity. For example, some financial planning and management software packages provide a means of storing personal information on a user's PC. Such an implementation is acute if the PC is continuously experiencing irregular operation or system errors. What is needed is a system that can specifically establish a backup of personal information to protect the information from disasters, natural disasters, negligence, and even PC theft.

Users also require the ability to control and limit access to their information using currently available technologies to securely and covertly store, sort, and/or transact information. There is thus a need for a 3 rd party capable of providing such services, the main purpose of which is to protect the personal privacy of its users.

In one aspect of the invention, a system for selectively organizing, accessing and using personal data is provided. The system may include a server with data storage capability to store various types of personal data in separate data stores, i.e., "information banks," so that such information can be effectively used by users and parties to whom the users have authorized access to the data. The 1 st data store contains data called static identification data, this time private data to a class of users, such data typically requiring a relationship to be established between the user and the community. The user will then have access to the static identification data by means such as a personal computer, network computer, smart phone or other communication device connected via the internet or another network connection or wirelessly. The 2 nd data store includes what is referred to as moderate dynamic personal data relating to the user or users, the customer or customers. Such data typically includes large amounts of data that are difficult to manage and data that are stored primarily for user convenience. The 3 rd data store includes information data about the dynamic demographics of the user or customer. Such data may be collected from the data store or may be user-provided information results such as answers to surveys. In general, such information is valuable to many research or business groups, who may directly or indirectly compensate users to access the information.

For the purposes of the description herein, the term "static identification data" is used to refer to relatively small amounts of data that are relatively static and generally require the establishment of relationships between users and communities. Such data is stored indefinitely, typically without payment from the customer. Examples of such data include name, address, telephone number, social security number, and other general information required at the time of filing, application, and the like. Such data may be used in services provided by parties such as banks, such as free accounts, to allow such activities as automated form filling, secure shopping and general e-commerce. Such account files are commonly referred to as "etiquette accounts".

With respect to "moderately dynamic personal data," this is intended to mean a large amount of data, which is dynamic and stored for a long period of time. Such data includes, for example, billing history, payment history, loans, real estate holds, stocks, contracts, fund holds, medical records, home web pages, and the like. Such data may be used in services provided by a group, such as a bank, in accordance with a service commitment, and in accounts for bill submission/payment, relationship management, tax preparation, decentralised information (medical records) focus, and so forth. Such accounts and files are commonly referred to as "service accounts".

With respect to "dynamic demographic information data," demographic data is characterized by user interests, user biographies, and user agents. Examples include year, geographical location, nationality, block, professional interest, hobbies, goods purchased frequently, express requirements for information, express requirements for repudiation of goods information. A user who is allowed to use and transmit this data to another person, such as a merchant, may obtain some revenue for selling the data obtained by a group, such as a bank. Such data may be provided to market research institutions, electronic statistics providers, organizations that provide biographical special offers, and the like. Such accounts and files are commonly referred to as "value generating accounts".

More specifically, the financial community of the user has held up a large amount of credit and revealed sensitive information by the nature of the transactions in which it is engaged. As will be appreciated from the above, examples of such information include credit card purchases, income data, bank card transactions, loan applications/services, and the like. It is therefore desirable for the financial community to maintain substantial possession, maintenance and storage of information authorized for use and distribution by users of the type described above, while simultaneously securing the customer's personal information in an "information bank" without the intervention of another party.

According to the invention, the information of the client is made available by the computer network server of the financial group, thus allowing easy "universal" access to the personal information of the client, i.e. "static identification data". Thus, access to customer information is limited to standardized devices on computer networks, such as personal computers or PCs, network computers, PADs, smart phones and other communication devices connected to the financial community through the internet or other network connection. More importantly, the present invention eliminates the need for the client to directly access the client's own PC, while providing the required security and authorization control of access.

As mentioned above, there is also a need to organize and use a wider range of information, including personal information. Such information also includes data typically associated with individuals, i.e., "moderate dynamic personal information," and is accessible by groups and institutions of a specified type, such as doctors, tax makers. Essentially, such information is automatically transferred to another party in the format used, depending on the authorization of the customer.

Finally, it is also desirable to organize demographic information from the customer data set, i.e., "dynamic demographic information data," for evaluation and use by other groups and individuals. Many such groups and individuals, including merchants and others engaged in commerce and groups engaged in research, are willing to pay to access such information. However, due to privacy concerns, it is desirable to make demographic information available without exposing the community to individual customer-sensitive information such as real names, specific addresses, email addresses, telephone numbers, and the like. Thus, a research community (e.g., a merchant) may come to a community that stores customer data (e.g., the customer's financial community) for information-based (e.g., electronic) visualizations of the customer of the type appropriate for their product or service. Such avatars typically include the number of clients in a database that meet certain criteria. However, the merchant requests the financial community to distribute information and advertisements for its products or services to individuals who meet certain criteria. The financial community then distributes information or advertisements to individual customers, thus preventing direct contact between the merchant and the individual. After the customer has the opportunity to make an unobtrusive judgment of this information, the customer may choose to contact the trademark according to his own opinion.

A portion of the customer's financial community paying for requesting and accepting customer information may be used to pay the customer as an attraction to engage in such transactions. Thus, the customer investment information receives financial and/or non-financial benefits. One example of a non-financial benefit may receive loyalty honors such as milestones in an airline. Thus, the customer is compensated by the financial group as required by the business strategy.

Thus, in a particular aspect, the system of the information bank can provide 3 types of accounts: an etiquette account, a service account, and a value generating account. The basic information is stored in an information bank etiquette account and is used to automatically "fill in forms" services that are useful to customers as simple devices for providing personal information to others (authorized). Such services may also include signature services, signature authentication services, and, for example, notary services.

The service account of the information banking system is adapted to data occurring by a larger number of customers whose data volume steadily increases over time. Such services provide secure backup and storage, as well as for "pervasive" and "ubiquitous" access. The service account maintains a transaction diary, account history, medical records, insurance information, financial records, and the like.

As personal computing devices become more accessible and "connected" to other home networks through the internet, the demand for home data storage devices may be reduced. Since "standard" client software applications such as email and home accounting software packages become readily available across distributed commercial networks, there is now a corresponding demand for network-based information storage and security, and a great advantage of using network-based information storage, as provided by the present invention, is that customers can enter from many locations without having to carry them (as people do today) to process information while traveling, and the customer's information can be safely and privately utilized, for example, via a "set-top box" on a television, i.e., a cable system box, and based on technology with advanced architecture and RISC, via smart cards or other similar devices, for use on terminals in wards or in emergency rooms, as required by authorization.

The service account also provides software and data backup/archiving services to small office/home office (SOHO) owners who are reluctant to use their standard office software and who want to know their business records and that the data is safely and professionally managed.

Another feature of the service account is to provide the 3 rd party access to another confidential information in case of an accident, emergency or death. For example, an unconscious incident is suffering from the impossibility of providing medical information for which a PIN or a biometric meets urgent requirements. In this or other appropriate circumstances, the service account makes available stored medical information, such as patient allergies, medication compatibility, medical history, etc., to authorized recipients. This feature also allows the legacy implementer to access information required to process the legacy item, such as a key.

Data stored in a self-describing meta language such as XML format facilitates data transfer and use by the 3 rd party. With authorization for access by the appropriate account owner, the service facilitates access to and knowledge of the stored personal data, which will reduce the cost of service and time provided by 3 rd party professional service providers such as accountants and doctors.

The service account also includes a key contract keeping and recovery service that provides the key contract keeping and recovery service by storing the key pair and the certificate copy after the browser generates the key pair and the certificate copy, or generating the key pair and the certificate copy and storing the copy. The service then provides a replacement copy of the key pair and certificate in response to an authorized client request.

The present invention will enable trusted 3 rd party services to be correlated with market demographics and other valuable market class information to be correlated with manufacturers, distributors, and other market concerns while protecting the identity of individuals. Fuzzy logic matching is employed to match merchants and customers on an anonymous basis so that neither one knows the identity of the other, but only allows customers to anonymously investigate, shop and negotiate in the event that items of interest to them are matched by the service and their attention is paid.

The system information bank also serves as a value conversion unit for clearing houses and creating products for use as tickets, tokens and other trust plans. All units go through essentially equal generation, acquisition, recovery and automatic purge functions. Information banks can provide services related to the creation and maintenance of trusted programs. These tickets, tokens, etc. may be held in an information bank and temporarily distributed to or tracked by an example electronic wallet. For convenience of explanation, an "electronic wallet" is a physical container for holding various information and financial applications to be moved by a user. The information is generic in nature and allows the "wallet" to maintain a heterogeneous set of applications that need not be related to, or even sold by, the issuer of the wallet. After the wallet is released, the application may be given a "special" look. Although not required, an example of a "wallet" implementation is the use of "smart card" technology of the type well known to those of ordinary skill in the art.

The information banking system also provides the ability for customers to specify certain important events they want to remember or pass through. The user may also define notification levels or priorities such as cell phone, job number, email, home phone number, etc., as well as the duration of time to load into the system for each event notification.

"information Bank" also contains the ability to provide anonymous shopping services, which allows shoppers to span multiple points of commerce and shopping services. The information bank orchestrates customer shopping by specifying different aliases for each site of the customer to make data cross-correlation data requests more difficult. Instructing popular merchants to consolidate and aggregate total payments. The customer is paid internally by the information bank so that no customer payment identifying information is available through the internet or to the merchant. The customer may have shipments that miss the address, and the 3 rd party ships the customer again based on the address, so the merchant never knows the identity of the customer, and the re-shipper does not know the shipping contents.

The service also provides internet and point of sale identity protection. The customer account name is replaced with a random number, and each time user information is sent to the web, the information bank protects the trail of the generated pseudonym and answers the appropriate parties via internal routes while maintaining anonymity.

Having briefly described the present invention, it will be better understood from the following detailed discussion, with reference to the accompanying drawings, in which:

FIG. 1 shows an overview of one embodiment of the present invention;

FIG. 2 shows a usage overview as a 1 st named data store implemented in the system;

FIG. 3 shows a usage overview as a 2 nd specified data store implemented in the system;

FIG. 4 shows another overview diagram of the use of the specified data store of FIG. 2 as implemented in a system;

FIG. 5 is an overview of how a customer may enter information or data into the 2 nd designated data store of FIG. 3 or 4;

FIGS. 6 and 7 show another overview of how a customer enters a 2 nd designated data store, i.e., service account, in the system;

FIG. 8 is a detailed overview of the use of the 3 rd named data store in conjunction with the 1 st and 2 nd named data stores as implemented in a system;

FIG. 9 is another overview diagram of the use of the 3 rd named data store as implemented in a system;

FIG. 10 is an overview of how certain event triggers notify a client using the system;

FIG. 11 is a diagram showing how the system may implement providing customer information to merchants on an anonymous basis;

FIG. 12 is a table showing different types of data in different accounts in the system;

FIG. 13 is a general view of the structure of an electronic wallet used in the system;

figure 14 shows a diagram of a wallet and application access protocol.

An information banking system having a distributed network-based electronic wallet provides a means for customers to interface with an information bank and a 3 rd party provider of goods, services or information, herein referred to as a merchant. Fig. 1 shows a customer 25 in contact with both an information bank 23 and various merchants or service providers 27. Contact may be made by the customer 25 through a home PC or wall-mounted telephone type device that utilizes smart card technology. The connection to the information bank 23 may be via a conventional transmission line 29 such as a telephone line, cable, wireless communication, etc. Regardless of the type of user interface selected, the customer contacts the information bank 23 and/or the merchant or service provider 27 via the network 29. Such a network may be a closed network accessible only to the customer 25, the information bank 23 and the agreed merchant or provider 27, or may be a network such as the internet, where all transaction activities may be conducted in a secure manner by means of appropriate keys, as is well known in the art. The information bank 23 may consist of a conventional server with a suitable data storage. Within the data store, separate files or accounts are defined as will be readily appreciated by one of ordinary skill in the art. Communication between the server and other users/devices is accomplished by conventional means such as telephone modems, cable modems or other established means, as well-known systems.

An overview of the various types of accounts maintained at the information bank 23 and the various types of information retrieval controlled by the customer 25 is shown in fig. 1. The customer's authorization information may be requested by or relayed to various merchants or service providers 27, such merchants or service providers 27 comprising a community, a payee, or a financial group with which the customer 25 wishes to transact business. One type of customer account is called an etiquette account 31 and holds certain family or personal information such as name, address, telephone number, email address, birthday, social security number, mother's maiden name, spouse information, and other general form-filling information or information identifying the customer to whom the customer has a business relationship. This type of data is generally referred to as "static identification data" as has been described above and will become more apparent herein.

The class 2 account is a service account 33 that maintains the customer's interests, contains "moderate dynamic personal data" about the customer 25 and software programs accessible by the customer 25 and which may be accessed or referred to by various merchants or service providers 27 when authorized by the customer 25. For example, bank accounts, insurance information, tax payments, and other customer data may be stored in the service account. Such data is characterized by large data volumes, dynamic and long-term storage. It may be used for such functions as bill submission/payment, relationship management, tax preparation, and others, as will become more apparent herein.

FIG. 1 also shows type 3 data called "dynamic demographic information data" stored in the value generating account 35. The customer 25 is provided with a file or account 35 as a means to define certain demographic data, including general customer image, interests and hobbies, and a type of information that the customer would like to accept from the 3 rd party. This information is deposited into the value generating account 35. Part or all of the customer information may be provided to the 3 rd party merchant or service provider by the information bank 23 at the request of the 3 rd party merchant or service provider 27 for a fee. Some or all of the information about the participating customers does not provide information identifying the individual participating customers, but still provides sufficient information to the 3 rd party merchant or service provider to decide whether to request the information bank to provide the customer with an advertisement for their goods or services. The merchant or service provider 27 would also pay for all of this customer data and for customers who have access indirectly to the data bank for which information is stored, as this would enable the merchant or service provider 27 to accurately supply the target market in an efficient manner.

FIG. 2 illustrates an example of how an etiquette account may be used as a form filling service. There is a 3-way relationship between the merchant (here, doctor 39), customer 25 and information bank 23. First, the merchant (doctor 35) issues a request for permission to the customer 25 for information via a separate connection 37 (internet, dedicated line, telephone line, etc.). The customer 25 then sends back to the doctor 39 a license message including an authenticatable signature. Doctor 39 then issues a request for information, including now authenticatable permissions, to information bank 23, for example, by using a communication device. The information bank 23 verifies that the permissions of the particular customer 25 are valid before sending the customer's personal information to the doctor's office 39. In the present case, the information is directly input to the information bank 23 by the customer 25 in advance. There are also merchants or service providers such as doctors who keep information about individuals such as immunization history, and can transmit such information directly to an information bank when authorized by their patients. Providing patient/customer related medical history or updated information (e.g., up-to-date immunization) to the bank by the merchant or service provider provides convenience to the patient/customer without the inconvenience of manually sending such information to an information bank and then having to take additional steps to enter the data. This will also save the doctor the cost of storing the records.

Of course, such services are not limited to form filling. In a more general sense, information banks allow customers to specify conditions for single or limited access by merchants or service providers, such as tax specialists, loan brokers, financial planning staff and similar institutions, who typically use information provided by the customer. After retrieving the customer's information, these institutions may generate compilations and/or analyses of the customer's data and prepare the customer for, for example, tax payment, loan applications, or financial plans. The service provider then sends the prepared file back to the customer or directly archives it under the authorization of the customer, such as a tax fund. The final information is also incorporated into the customer information in the presence information bank for future entry and/or analysis.

Fig. 3 depicts an application of the information banking account 33 to provide signature services. Such signature services may be provided to the customer 25 when the customer requests such services and provides appropriate authorization, such as a power of attorney, by the service organization. As shown, the customer 25 issues an untagged file to an information bank 33, which uses key software 39 (of a type that is conventional in nature and well known to those of ordinary skill) to authenticate the customer 25 and generate a signed file back to the customer 25. There is also a customer that can authorize the information bank to sign the customer with certain documents sent by the 3 rd party to the bank. At this point, the customer will review the file and instruct the information bank to sign the file. The information bank then returns the file to the customer or to party 3 at the customer's request.

E-commerce requires some kind of trust component to be enforced for signature services. In particular, current digital signature programs require that parties in an electronic transaction provide strict trust components such as cryptographic keys and non-negative services. Current public key bases (PKI) facilitated by vendors include Certificate Authorities (CAs). For the above-described principal signing service, the information bank will provide the required keys and certificate authority without requiring access to any private authentication information or keys owned by the customer. But will provide all the attestation services through the information banking service. For the performance of the signature service, the information bank in turn requires an appropriate validation from the individual customer.

By implementing the digital signature service with appropriate software 39, the information bank 23 can be used to correct or cancel many of the issues relating to registration, certificate issuance, certificate authentication and Certificate Revocation Lists (CRLs). This also reduces the amount of data transfer required to authenticate a transaction because the standard certificate includes the certificate holder's identification, the certificate serial number, the certificate holder's expiration date, a copy of the certificate holder's public key, the identification of the CA, and the CA's digital signature used to validate that the digital certificate was issued by a valid authority.

The present invention also provides digital signature verification and notary services. This is illustrated in fig. 4. Current PKI solutions require several parts to verify the integrity of the digital signature. All certificates in the chain and CRLs into each CA on the credit root must be valid, except for the file and the signature itself. These parts are then fed into the software program to prove that one, at the time of signing, has no certificate on the CRL; secondly, the integrity of each certificate in the chain has no problem, depending on the public key of the next higher certificate in the chain; third, the integrity of the original file. Customers 25 who want to do this need to enter the software, but they must also trust the software that is doing the checks. That is, if the software provides a valid or invalid signature result, but the software is not properly protected on the client's machine, then any result provided by the software is suspect.

The signature verification functionality provided by the present invention provides a simple and trusted method to verify the integrity of the additional signature. The client 25 is not required to know the complexity of the CRL nor is it forced to load the key software on his access device. Instead, whenever the customer 25 sends a signature to the information bank 23 and makes a request, the bank performs the appropriate checks. In this case, the key 39 has been loaded into the information bank 23, but the CRL and root certificate are provided to the information bank 23 via line 41 to perform the validation as the client 25. Another function that is somewhat related to signature verification is the authentic signature function. In the signature function provided, the information bank accepts the unsigned document and signs on behalf of the customer 25. Another benefit of the off-load signature and validation process to the information bank 23 is a reduced overhead for the customer 25 equipment. Generating 1024-bit key pairs using browsers on today's pentium processors takes considerable time. However, information banks run this software on the latest machines as described above, and can perform this function quickly. Furthermore, the information bank 23 operates in a secure environment, eliminating any problems with software integrity, and is likely to have many stored in local fast cache memory based on the routing certificate into all required CRLs and from the appropriate x.500 directory structure via connection 41. The information bank 23 also functions as a backup and storage device service.

As more and more customers begin to use electronic commerce and related electronic bill payment services, customers need to keep home records on their own PCs about these items. Customers can quickly enter and require secure storage of electronic copies of insurance policies and other legal documents. Many customers have come to generate large amounts of data, such as that available in commerce, with personal financial software under the name of Quicken or TurboTax. The secure backup and storage service provided by information bank 33 provides customer 25 with the ability to securely and reliably store vital files on a server that is professionally managed and resident on the hardware of information bank 23. Storage remote from the client PC provides a catastrophic recovery plan and alleviates any problems with hardware crashes, fires, and theft.

Fig. 5 provides a general view of various types of personal financial information that will reside in the secure backup and storage facility of an information bank and be managed by the bank. Financial information about the individual, designated by the corporate number 43, such as banking transactions, bill submissions, stocks, mutual funds, 401K accounts or IRA, is transferred to the information bank under the control of the customer via connection 29. Legal documents such as insurance policies, will orders, contracts and other e-commerce documents are also sent to the information bank 23 for deposit into the security profile. Electronic artifacts such as debt coupons, point of sale receipts, tickets, tokens and other forms of credit can be manually produced by customers and tracked in an information bank in a secure manner. Important medical records such as customer allergies, drug combinations, past X-ray films, diagnoses and doctor notices are created by the medical service provider and stored electronically, and are stored by the customer 25, securely and secretly stored in the service account 33 of the information bank 23, and are only available for opening upon approval by the customer 25. In the preferred embodiment, the customer 25 instructs the 3 rd party merchant to send this information directly to the information bank and then have it there for the customer. In another embodiment, these financial and personal files are transferred from the 3 rd party merchant to the customer 25 and then sent by the customer to the information bank 33.

Another office-related service is the actual office provided by the information bank 23. This service gives away storage or secure backups by providing software to students or to small office or home office users. A room for office software, including word processing or spreadsheet programs, can be provided to individuals minding on fees who have internet access but are not necessarily burdened with resources of the home office software library, or wish to continue to update and manage the home office software library. This can be provided by the service account 33 and implemented in a conventional manner well known to those of ordinary skill in the art. The subscriber to such a service can execute the software when needed and never worry about upgrades or system compatibility issues, all managed by the information bank 33 which delivers the software to the customer 25 for use by the customer on his device, i.e. home computer.

The information bank 23 may be utilized to coordinate the relationship between the customer 25 information deposited in the information bank 23 and the 3 rd party service provider to more conveniently enable the customer 25 to use the 3 rd party service. The information bank 23 may be used, for example, to provide software that facilitates the downloading of certain customer information to a print service or to a medical provider in an emergency. The information bank may also be programmed to send this information to, for example, the customer's property performers if previously authorized to do so by the customer. By being able to share information that occurs with various service providers, the customer 25 will find many of the previously burdensome tasks now easily accomplished. In a preferred embodiment, such data would be stored in a self-proposed format, such as the XML protocol, for easy transfer and utilization by the various 3 rd parties.

Netscape and Microsoft corporation market web browsers have recently provided support for generating key pairs. However, if the user is so unfortunate that it suffers from fragmentation of the disk or failure to update the browser software, it may be that the user permanently loses the key. Once this occurs, there is no way to recover the information that was previously encrypted with the key. The information bank 23 may provide a key contract and restore functionality as shown in fig. 6 to protect the customer from catastrophic key loss. In fig. 6, the client 25 generates a key pair using software such as a browser and sends it to the information bank 23. The information bank 23 then generates a key pair and a certificate, stores the key pair and certificate, and sends them to the customer 25 for use. Alternative 2 is shown in fig. 7, where the client 25 uses browser software to generate the key pair and certificate, and then sends the key pair and certificate to the information bank 23 for archiving. If the client 25 ever loses the key pair, the client can request and receive an alternate copy from the information bank 23. Key software 39 is of course required to do this, the details of which will be readily apparent to those skilled in the art.

Information banks are generally configured to facilitate electronic transactions and to make customers and their lives more comfortable and convenient. Value generating account 35, discussed in more detail below, may be used to provide assistance, services or information search that not only makes the customer life more convenient, but also provides some value to the customer in return for using the service. This value may be in the form of monetary compensation or credit, depending on the merchant selected by the customer 25. This is an optional service, controlled entirely by the client 25. The customer 25 can make their hobbies, personal interests and demographic information available while protecting their private identification code. The user's profile is compiled by the information bank 23 from explicit and implicit information. The limitation of the information and the exclusion of certain information from products, services or categories of information search are fully controlled and specified by the customer 25. Merchants that meet customer criteria make invoices sent by information bank 23 to customer 25. In the present system, the merchant does not know the identification or address information of the customer 25, nor does the customer 25 know the merchant's identification. The information provided must present in a summary way how to satisfy the unique interests of the customer 25 and may include short promotional information. The customer 25 has the opportunity to request more information or to make a purchase. So far, the advertisements provided from the merchant to the customer 25 are free to the merchant. This gives merchants free of charge a valuable summary indicator of real-time challenge statistics and the quality of their invoices. To complete the final transaction, however, the merchant needs to pay to proceed. In this way, merchants can develop advertising fees, learning about the target sales markets to which they are highly related.

Figure 8 illustrates schematically the process whereby customer information sent by the customer 25 device enters an information bank value generating account (previously referenced 35 in figure 1). At this time, the information bank 23 is shown to be composed of the information bank section 123 including the aforementioned etiquette account and service account. The information bank 23 also includes a value generating account module, here designated by reference numeral 125, an independent customer consulting module 127, a transaction module 129 (providing matching, brokering, aggregation and settlement functionality), and a merchant gateway module 131 connected to merchants 133. In this embodiment, the value generating account module 125 extracts input data from the etiquette and service account 123 in the form of explicit and implicit data. From this data, the profile of the customer 25 is updated and supplied to the module 129 with matching functionality during the operation of the information bank 23. The matching function is also connected to a merchant gateway module 131 connected to a merchant 133 to receive an offer. Merchants that satisfy the profile of the matching customer 25 are offered by the information bank 23 to the customer for evaluation via module 129. When customers 25 indicate an interest in a particular offer, they send a request or purchase request back to the information bank aggregator in module 129, which is then sent to the merchant either individually by the aggregator or in bulk with other customer offers. The merchant 133 will then pay for the intermediary service and will be divided by the information bank into portions that are appropriately distributed to the customer's account. This functionality also includes a separate customer consultant module 127 that includes reference data useful to the customer 25 and provides background information about each merchant's offers.

The merchant's fee for accessing the customer information may also be structured as follows: the fee is provided according to the merchant usage category. For example, a certain amount of charge is determined for entering a summary of viewing customer information. The amount of charge would be increased if the merchant elected to request that information be provided to individual customers. The amount of charge assessed is further increased if the customer chooses to answer or purchase the goods after soliciting the notice through the information bank. There may be other levels of service and charges.

The information bank 23 may also be programmed to provide management programs such as coupons, tickets, tokens and loyalty programs, where the information bank 23 serves as a coinage factory and clearinghouse for units established using coupons, tokens, tickets and other loyalty programs. Although presenting a diverse appearance, the internal functions of coinage, obtaining reimbursement, and automatic clearing are essentially the same. This feature is valuable to the customer 25 since it is added to the electronic wallet (described later) to keep track of the various coupons, tokens and tickets that the customer obtains.

The coupon and loyalty management program is depicted in fig. 9 as including several components of the information coupon 23. These components include a clearing house 139, a retailer gateway module 137, a service account module 123, a redemption module 135, a manufacturer credit road module 141, and an interface with merchants, which may be either retailers 147, manufacturers 145, or service providers such as theaters 149 or ticket issuers 143.

Also shown in FIG. 9, the information bank manufacturer gateway module 144 may be programmed to make and electronically issue coupons to customers 25 via the manufacturer 145, which customers 25 then deposit into the information bank service account 33 or electronic wallet therein. Coupons may be issued by manufacturers, distributors, and/or retailers, tickets may be issued by various entertainment and/or educational related entities, and tokens may be issued by a variety of entities (from transit authorities to entertainment enterprises). Almost all retailers or business units can set up loyalty programs that use tokens. The customer 25 who receives the coupon, ticket or token deposits these into a service account or smart card electronic wallet. When the customer wants to redeem these coupons, they send them to the information bank retailer gateway module 137, which module 137 submits the coupons to the information bank clearing house module 139 for settlement. The information bank manufacturer gateway module 141 then sends back the appropriate credit to the appropriate retailer through the information bank clearing house 139 to redeem the redeemed coupon. All of these functions can be implemented programmatically using existing hardware and software tools and equipment after understanding the various functionalities described in detail herein by those of ordinary skill in the art.

As shown in fig. 10, the information bank can also provide important event, notification and response functions. This type of feature service allows the customer 25 to specify certain events that are important to the customer. This type of feature service allows the customer 25 to specify certain events that are important to the customer. Such events may be birthdays, stock price fluctuations, loan availability, unusual bill payments, requests for personal information, etc. The customer 25 may establish a hierarchy for the information bank 23 to find the customer 25, such as trying to make a call to the customer's cellular telephone, then a work number, then an email, then a home number. When an event matching a trigger occurs, an event notification is generated by the monitor program 151. The priority of the event will determine the degree of service adherence to notify and get a confirmation from the client 25. This process is illustrated in FIG. 10, where customer 25 sets special event triggers and deposits these into an information banking account 33. The information bank then insists on monitoring the event notifications with the monitor program 151 and, when the target event occurs, the information bank 23 sends the notification back to the customer 25 according to the notification level determined by the previous customer.

Information banks also provide anonymous shopping services. As shown in FIG. 11, this service enables several components of the information bank (e.g., service account 33, anonymizer module 153 that assigns names to all customer transactions, invoice payment summary module 155, mailed email investigator module 157, and re-shipment module 159) to work in concert to provide brokerage shopping services that allow customers to browse the displays of certain merchants through the Internet without revealing their identification codes. The modules and functions described are conventional and are fully understood from the services already utilized by some network service providers. However, no one at present integrates the functions and modules obtained into an inherent functional system, as provided by the present invention.

Anonymous shopping features are similar to assistance, services and information searches, but this feature assumes that discovery and comparison work has been done, both through offers issued by merchants to customers and through independent investigation by customers.

This feature is more like a "shopping card" at the web site of the internet or at the server provider's address, where the shopper can span multiple merchant addresses and shopping markets and build aggregated buys. The information bank 23 acts as a broker for the customer 25. The client 25's identification code is replaced with a pseudonym, which is memorized by the function of sequential reference. Different pseudonyms are used for each merchant address, so that the data cleaner is difficult to shop according to pseudonyms and cross-correlation customers. An e-mail box for an advertisement sent from an unknown address can track the point of sale of address information by alias.

This function aggregates the offers to the publishers and pays them directly in an aggregated manner, also referred to as an offer list and corresponding shipping address. Customers 25 transfer money internally so that their credit cards and other identification information are never exchanged over the internet.

For additional shipping fees, the customer may choose to drop into the box at the beginning of the delivery or choose a re-shipper address where the 3 rd party collects the goods and re-ships the goods to his/her storage address of the customer 25. In this manner, the merchant never knows the address or identification code of the customer 25. The anonymous shipping of the package and re-shipment service does not know the contents of the package.

As regards the types of data stored by the information bank 23, as mentioned above, there are used in particular the 1 st data memory stored on the data storage means, which contains static identification data, the 2 nd data memory stored on the data memory, which contains medium dynamic personal data, and the 3 rd data memory, which contains dynamic demographic information data, as is more clear from the description of fig. 12. The etiquette account shown in fig. 12 includes static identification data, which is personal data for the user who has access to the information bank 23. The 2 nd data store corresponds to dynamic personal data in the service account and includes data about the user such as billing history, payment history, etc. Data No. 3 is demographic data and is stored in a benefit-related account, allowing compensation to be made to the customer in exchange for using the data. All of the types of data described have been discussed previously and will be further expanded and illustrated in the table shown in FIG. 12.

Turning now to the application of the aforementioned "electronic wallet" for use in connection with the system 21 of the present invention, such a typical wallet 171 is shown in FIG. 13, which illustrates a typical construction of such a wallet 171. The concept of an electronic wallet means many things. One form is a pocket computer with a dot-on-axis print sized color screen to replace many of today's customer-owned necessities such as currency, keys, identification cards, credit cards, tickets, and items that provide customers with mobile information and communications such as watches, newspapers, calculators, mobile phones, pagers, and the like. In this embodiment, the wallet is a particular item that is carried in a pocket. Due to its electronic nature, it can add functions not possible with a conventional wallet. However, customers are concerned about this type of equipment making it impractical. While it is technically possible to support the content of such electronic devices, it is a reality that customers may not need to take responsibility for such devices, at least as currently with their own data. Moreover, such a wallet is contacted by the wallet provider or others to the extent that there is a security concern where the customer's information is used by others to gain interest and not known to the customer. Therefore, additions to a particular wallet, particularly those offered by the 3 rd party software or hardware vendor, are quickly taken out of service.

The other extreme is a full virtual wallet. It is not a specific device but a set of applications on a server somewhere. The main drawback of this approach is that all transactions must be processed "online" or connected to a server. This results in greater expense and/or less convenient application. Another problem is safety.

A hybrid approach, in which some data and applications are placed on specific devices and some on servers, is preferred by the system 21 according to the present invention. Smart cards are ideally suited for such applications because of its most important implications being that they are placed on a secure basis and enter functionality on the card, while large amounts of data and applications are placed on servers such as information banks 23. Also, transactions that are too expensive to do while online, such as small electronic cash transactions, make sense on smart cards. Thus, as shown in fig. 13, in one embodiment, the electronic wallet comprises: an electronic cash application container 173, an electronic cash application manager 175, a use or validation module 177, an application manager's key 181, a key ring application container 183, an external application orchestration actionability API (application program interface) 179, and a user application organizer and manager 185.

The electronic cash application container 173, as the name implies, is a memory for electronic cash applications. To obtain a decisive amount of money, more than one type of electronic cash is supported. The memory in the container 173 is fairly generic, recording only each of its parts as a form of electronic cash, while the actual "target" in the container 173 is a "connector" for a real electronic cash application. The programming provides the ability to determine and initiate an electronic cash application. The electronic cash manager 175 is software that provides how to add electronic cash applications and use them in a generic way. User validation module 177 may be replaced to allow for growing needs in terms of security and validation techniques. Prior to smart card implementation, it is software that requires an account and a personal identification number, but with current technology, it can be implemented with cards and servers, with authentication technology implemented today. In the future, another security and validation technique, i.e., biometric, may be used.

The application manager key 181 is used to manage cashless applications in the wallet such as lending, borrowing, electronic checking, authentication, easy entry, and other applications. This is software that maintains the key ring application container 183. The key ring container 183 holds the connectors of the server application. The contents of which are managed and maintained by the aforementioned key of the application manager 181. Even if smart cards become more commonly available, it is believed that they are not large enough to actually hold the application. But they will protect the "connector" pair for applications residing on the server. The most important aspect of the "connector" is a key or certificate that helps identify the authorized user of the application. The "key ring" is then the container for the key. They are not like "real" keys, as further illustrated by FIG. 14 below.

More specifically, FIG. 14 shows a wallet and application access scheme 201. In this figure, the concepts of the access device provider, wallet issuer, and application provider are all separated. As shown in fig. 14, the customer 25 may use the access device 203 to access his information 205. The access device 203 provides a point of sale, or a point of contact on one party. The wallet then connects to the network of contact wallet issuer servers 209 using the ingress equipment 203 and the ingress equipment server 207. The client 25 then identifies the appropriate application by its own specification. The description relates to the application key signature 211 which is sent to the application provider server 213.

In the scenario 201, customers 25 can access their information through a device 203 provided at the point of sale or at a point of contact. Since this party wants something to appear instead of the device 203, some "real property" is placed next to the display interface of their content. The wallet 171 utilizes the device 203 and the device server 207 to connect to the network 201 that contacts the wallet publisher server 209. As mentioned earlier, the client 25 identifies the appropriate application by its own description. The description relates to the application key attorney 211 that is sent to the issuer server 209. The issuer server 209 validates that the user 25 then views the location of the application and the actual and actual keys to use for entry. It then connects the client 25 to the application at the application server 213 and acts as a conduit.

It will be appreciated that in the event of a long loss or theft, the actual key is replaced by the principal. In this manner, the issue of new key transactions in coordination with many non-affiliated organizations may be eliminated. The issuer only needs to issue a new card and a new principal on the card.

It will be apparent that such a system can be readily implemented in the system of fig. 1-12 to provide enhanced functionality and flexibility.

Although the invention has been described with reference to these preferred embodiments and features, other similar embodiments and features can achieve the same results. Variations and modifications of the present invention will be obvious to those of skill in the art, and this description is intended to cover all such modifications and equivalents.

Claims (21)

1. A system for selective organization, access and use of personal data, comprising:

a server having data storage means for storing personal data in 3 separate and distinct data stores;

a 1 st data store, stored on the data storage device, comprising static identification data, the static identification data being private data to a user having an access device connected to an access and use server;

a 2 nd data store, stored on said data storage device, containing moderate dynamic personal data about the user;

a 3 rd data storage, stored on the data storage device, comprising dynamic demographic information data about the user.

2. The system of claim 1, further comprising access means connected to said server for accessing said 1 st, 2 nd and 3 rd data stores.

3. The system of claim 2, wherein said access means comprises a computer terminal connectable to said server via a network.

4. The system of claim 2 wherein said access means comprises an electronic wallet having a copy of said 1 st data storage, a portion of said 2 nd data storage and said 3 rd data storage stored therein.

5. The system of claim 1, further comprising authorization means for enabling selected users to access and use the dynamic personal information data in the 3 rd data store.

6. The system of claim 5, further comprising matching means for matching selectable dynamic personal information data in said 3 rd data store assigned to a customer with selected information provided by said selected user.

7. The system of claim 1, further comprising means for authorizing a user and signing a file based on data obtained from said 2 nd data store in communication with the user.

8. The system of claim 1, further comprising matching means for matching the user profile obtained from the 3 rd data store with a merchant profile in response to a request from the user to communicate product information about the merchant to the user.

9. The system of claim 1, wherein the data in the 3 rd data store is stored in a structure that guarantees user anonymity.

10. The system of claim 1, wherein the 2 nd data store comprises credit value data used by a user in a business transaction.

11. A method of selecting organization, access and use of personal data, comprising the steps of:

storing a 1 st data store comprised of data including static identification data, the static identification data being private data to a user able to access the 1 st data store;

storing a 2 nd data store, the composition data of said 2 nd data store comprising moderate dynamic personal data relating to users who can enter the 2 nd data store;

storing a 3 rd data store, the composition data of the 3 rd data store comprising dynamic demographic information data relating to users who are able to access the 3 rd data store.

12. The method of claim 11 further comprising providing access by a user to said 1 st data store to populate a table with data therein.

13. The method of claim 11 further comprising copying the data in the 1 st data memory and portions of the data in the 2 nd and 3 rd data memories on the electronic wallet.

14. The method of claim 11 further comprising making the selected user data available to the merchant in the 3 rd data store on an anonymous basis to cause the merchant to provide the user with information about goods or services matching the provided data.

15. The method of claim 11 further comprising downloading a purchase reputation from said 2 nd data store into an electronic wallet to participate in a commercial trade with a user using said reputation.

16. The method of claim 11, further comprising monitoring certain data sets in the 2 nd data store for the occurrence of certain events and notifying users corresponding to the data of the events.

17. The method of claim 16, further comprising updating data in the 2 nd and 3 rd data stores on a periodic basis with a data source entering the outside.

18. The method of claim 11, further comprising authorization by a user to allow a selected 3 rd party to access data in the 2 nd data store.

19. The method of claim 18, wherein the 3 rd party is a physician.

20. The method of claim 18, wherein the 3 rd party is a financial service provider.

21. The method of claim 18, wherein the 3 rd party is one of a group of people consisting of a telephone service party, a power service party, a cable service party, an insurance service party, and a credit card provider.