Ulllted States Patent [19]
`Walker et al.
`
`US005 884272A
`[11] Patent Number:
`[45] Date of Patent:
`
`5,884,272
`Mar. 16, 1999
`
`[54] METHOD AND SYSTEM FOR
`ESTABLISHING ANI) MAINTAINING USER-
`CONTROLLED ANONYMOUS
`
`COMMUNICATIONS
`
`4/1996 Weiner et a1. ........................ .. 379/265
`5,509,064
`9/1996 Micali ..................................... .. 380/30
`5,553,145
`3/1997 Carr et a1. .
`5,608,446
`9/1997 Fraser ...................................... .. 705/37
`5,664,115
`5,689,799 11/1997 Dougherty et al. ....................... .. 455/2
`
`IIIVCIIIOI‘SZ Jay S. Walker, Bruce Schneler, Mlnneapolls, M1nn.; T. 'COIIIIZ;
`
`Scott Case, Darien, Conn.
`
`
`
`[73] Assignee: Walker Asset Management Limited
`Partnership, Stamford, Conn.
`
`[21] Appl. N01 708,968
`
`[22]
`
`Filed:
`
`Sep. 6, 1996
`
`[51] Int. Cl.6 .................................................... .. G06F 17/30
`[52] US. Cl. ........................... .. 705/1; 705/26; 379/93.12;
`395/20057; 364/222.2; 364/284
`[58] Field Of Search .................................. .. 705/37, 1, 26;
`364/468.14, 222.2, 284; 379/69, 93.12;
`395/200.57
`
`[56]
`
`References Cited
`
`US. PATENT DOCUMENTS
`
`8/1980 Matyas et al. .......................... .. 380/25
`4,218,738
`7/1989 Solomon et al. .
`....... .. 379/67
`4,847,890
`9/1989 Cicciarelli et al. .............. .. 364/468.14
`4,870,591
`479147698 M1990 Chaum '
`4 961 224 10/1990 Yung _
`4,962,449 10/1990 Schlesinger.
`4,962,532 10/1990 Kasiraj et al. .
`5,018,096
`5/1991 Aoyama .
`
`5,058,152 10/1991 Solomon et al. .................. .. 379/67.01
`
`705/37
`5,077,665 12/1991 Silverman et al. ..
`345/331
`5 107 443
`4/1992 Smith et al
`705/1
`5’164’897 11/1992 Clark et a1:
`__ 705/37
`5j267:148 11/1993 Kosaka et a]_
`_____ __ 705/1
`5,283,731
`2/1994 Lalonde et a1,
`5,361,295 11/1994 Solomon et a1. .................... .. 379/67.1
`5,392,353
`2/1995 Morales -
`574007393
`3/1995 Kmlth et al--
`5,416,694
`5/1995 Parrlsh et al. ............................ .. 705/8
`5,459,859 10/1995 Senda ...................................... .. 707/10
`5,485,510
`1/1996 Colbert .
`5,495,412
`2/1996 Thiessen ................................... .. 705/1
`5,500,513
`3/1996 Langhans et a1. .................... .. 235/380
`
`1/1994 Japan .
`6-19943
`6-224938 8/1994 Japan .
`
`OTHER PUBLICATIONS
`
`Michelle Quinn, “Web Site for Fake E—mail Back?res on
`Operator”, The San Diego—Union Tribune, Jun, 20,1 995 at
`
`_
`_
`P' 7' _
`A. Michael Froomkln, “Flood Control On The Information
`Ocean: Living With Anonymity, Digital Cash, and Distrib
`uted Databases,” Conference for the Second Century of the
`Univ. of Pittsburgh School of LaW: The Adequacy of Current
`Legal Paradigms to Meet Future Challenges (59p- 21, 1995)
`Aaron Weiss, “Grad Seeks Job”, Internet World, pp. 76—79
`(Sep. 1996).
`Jeff Ubois, “Anonymity Has Its Place: Questions Concern
`ing On—Line Anonymity Arise,” Information Access Com
`pany, vol. 8, No. 8, p. 28 (Apr. 28, 1995).
`
`(List continued on neXt page.)
`
`-
`-
`P r 17”” y Examl'?” —ParSh°tam S‘ Lan .
`Assistant Examtner—Davld M. OvedovltZ
`Attorney, Agent, or Firm—Jeffrey L. Brandt; Charles
`Ra?ner
`
`[57]
`
`ABSTRACT
`
`-
`
`-
`
`.A System for esiabhshmg anonymF’us commum‘ianons
`lncludes a plurality of party terminals, a plurallty of
`requester terminals, and a central controller. The system
`receives and stores party data about respective parties. Upon
`receiving criteria for parties of interest from a requestor
`terminal and authorization from respective parties, the cen
`tral controller releases to the requester party associated With
`the parties. The system also establishes communications
`Channels between parties and the requester, While maintaim
`in their anon mit
`g
`y
`y‘
`
`-
`
`-
`
`65 Claims, 12 Drawing Sheets
`
`100
`
`f‘
`
`‘
`‘
`1
`
`PARTY
`TERMlNAL
`Q,
`
`PARTY
`TERM \NAL
`
`PUBUC
`SWlTCHED TELEPHONE
`NETWORK
`
`CENTRAL
`CONTROLLER
`m
`
`REQUESTOR
`TERMINAL
`
`1
`
`

`

`5,884,272
`Page 2
`
`OTHER PUBLICATIONS
`
`Debora Sparr et al., “The Net”, Harvard Business Review, p.
`125 (May/Jun. 1996).
`Gary H. Anthes, “Stealth E—mail Poses Corporate Security
`Risk”, Computerworla', p. 1 (Feb. 12, 1996).
`Michelle Quinn, “Web Site For Fake E—Mail Back?res On
`Operator”, The San Dieg0—Tribune, Ed. 1—8, p. 7 (Jun. 20,
`1995).
`Jim MilloWay, “Corporate Employment Bulletin Board”,
`WebSta?i Inc., 1996.
`
`Peter LeWis, “Cloaks and Daggers”, Vantage Point, p. 133
`(Jul. 1996).
`Lisa Sanders, “Smile, You’re On Job—Candidate Camera”,
`Business Week, p. 6 (Aug. 5, 1996).
`“Restrac Expands Internet Recruiting .
`(Jul. 10, 1996).
`“Romancing the Internet”, Business Wire (Jul. 12, 1995).
`Quay Partners Int’l., Ltd., “Net Gain For Recruiting”, U.S.
`Banker (Jul. 1996).
`
`. , ”, Business Wire
`
`.
`
`2
`
`

`

`U.S. Patent
`
`Mar. 16,1999
`
`Sheet 1 0f 12
`
`5,884,272
`
`100 /
`
`PARTY
`TERMINAL
`
`PARTY
`TERMINAL
`
`PARTY
`TERMINAL
`
`PUBLIC
`SWITCHED TELEPHONE
`NETWORK
`119
`
`CSIETNQSGER
`E
`
`REQUESTOR
`TERMINAL
`m
`
`FIG. 1
`
`3
`
`

`

`U.S. Patent
`
`Mar. 16,1999
`
`Sheet 2 0f 12
`
`5,884,272
`
`TO/ FROM
`PUBLIC
`SWITCHED
`TELEPHONE
`NETWORK 110
`
`I
`
`NETWORK
`INTERFACE
`24_5
`
`CRYPTOGRAPHIC
`PROCESSOR
`A)
`
`RAM
`215
`
`L——I
`
`ROM
`m
`
`’___I
`
`CPU
`
`2%
`
`PARTY DATA
`
`DATABASE E0
`
`REQUESTOR DATA
`DATABASE @
`
`VERIFICATION
`DATABASE
`
`m
`
`ACCOUNT
`DATABASE ;7_5 O
`
`I
`I
`I
`I
`
`FIG. 2A
`
`4
`
`

`

`US. Patent
`
`Mar. 16, 1999
`
`Sheet 3 0f 12
`
`5,884,272
`
`
`
`
`
`O._.omm<m4mmmm._.__>>zo_._.<_>_m0uz_
`
`
`
`mp<n=oz<o121%
`
`mm.o_n_
`
`
`
`OHQmm<mjmmmm._.=>>zO_H<_>_mOu_z_
`
`
`
`>z<n__>_ooIo<m
`
`.b9mszz
`mokmmaomm2T:9ESE98m:szoSmmano5:cm:5:5:28an
`
`e0......Mfififim.wm_§IH%
`
`
`._.xm._.szIa
`
`mez.wwmmoo<
`H%H%H%
`
`
`
` o_.rm_mm_.o<m<roo._m__u_m2<zGEEM88%
`
`commw<m§<o<29mohmmafim
`
`o_mm__2:z<Inj<E52:9mOHwMDOmm
`
`
`
` o_mm2:z<1$<msgz:%o_._.w_mm_._.o<m<Io9mmm=2<zDEEJ88$
`
`
`
`
`
`OEDfiOmQSfixE$555>z<n_s_oo
`
`
`
`
`
`O_o3<\om_n__>\._.xE.5.05:;Hzm§>o._n=>_m_
`
`
`
`>z<n_s_OomE.mmh<o52<omomjiomm
`
`
`
`mw<m._mmH02._.__>>Qz<fi_>>
`
`
`
`mEBEz/«om1...wm=z<n_s_oou_om.__u_omn_
`
`
`
`mw<m._m_m.52._.__>>oz<._.__>>
`
`$030;Ow._<.O._.zo_._.<s_mon_z_zO_._.<NEOIH:<
`
`
`
`
`
`
`
`
`mmoaozow._<.0...zo_._.<_>_mon_z_zO_._.<N_mOI._.:<
`
`
`
`H<I>>OHm<zOC<_2m0u_z_manoma
`
`
`
`bar‘sO._.m<zo_._.<2mou_z_m.__u_omn_
`
`
`
`O_QD<\Omo_>\._.xm_.rwzQEEmeQmow
`
`
`
`
`
`OfiSiOmDSFXEmpwmmmhzQOSO
`
`
`
`
`
`O_n_3<\0mo_>:.xm_._.m..__n_omn_._<_oz<z_n_
`
`
`
`
`
`O_o:<\om_n__>FXm._.>mo._.w_IzO_._.<o:om_
`
`3Nmw<m§a5%>55
`
`5
`
`

`

`US. Patent
`
`6,
`
`21
`
`5,884,272
`
`18:52
`
`
`
`OEEEQEEQSm:mszz9mmofiafloééoam:$223m:
`
`
`
`
`
`agmv303EMAW/ESE5:82ENmm<mfi<ozoEoEmm>
`
`
`825$gamma
`9cm:8255:824255.mzoE@2530;EB20.25282.5528mcamssz
`
`
`
`
`MEmaflm
`m.mohmmaomfimo>EE82682SE895%292538;“55:
`
`
`
`zmmm2:ET:42E;«at:E5:zo:<o:_mm>awe;8:2?zommgmwmz
`
`
`"Mdoz_._.=szm§><n_oEmEDz/‘Imém50_23mo>E<n_
`.bm:91988mm
`
`
`o_mm2:z<:n:<£52:9mommammmoESoamzazéméngz:9Elam;
`
`
`
`.0520.258;mzzzo
`
`0N.o_n_
`
`6
`
`

`

`U.S. Patent
`
`Mar. 16,1999
`
`Sheet 5 0f 12
`
`5,884,272
`
`VIDEO
`MONITOR
`E
`
`VIDEO
`DRIVER
`2%
`
`f’ 300
`
`RAM
`219
`
`ROM
`m
`
`TO/FROM
`PUBLIC
`SWITCHED
`TELEPHONE
`NETWORK 1 10
`
`I
`
`CRYPOTOGRAPHIC _
`PROCESSOR
`E
`
`COMMUNICATION
`PORT
`
`E
`
`MODEM
`@
`
`INPUT
`DEVICE
`@
`
`INFORMATION
`STORAGE
`
`FIG. 3
`
`7
`
`

`

`U.S. Patent
`
`Mar. 16,1999
`
`Sheet 6 0f 12
`
`5,884,272
`
`TO/FROM
`PUBLIC
`SWITCHED
`TELEPHONE
`NETWORK 1 10
`
`I
`
`MODEM
`@
`
`INPUT
`DEVICE
`
`f’- 400
`
`ROM
`m
`
`VIDEO
`MONITOR
`@
`
`VIDEO
`DRIVER
`@
`
`RAM
`m
`
`%I
`
`CRYPOTOGRAPHIC _
`PROCESSOR
`&
`
`COMMUNICATION
`PORT
`
`21%
`
`INFORMATION
`STORAGE @
`
`FIG. 4
`
`8
`
`

`

`U.S. Patent
`
`Mar. 16, 1999
`
`Sheet 7 0f 12
`
`5,884,272
`
`CENTRAL CONTROLLER RECEIVES ENCRYPTED PARTY DATA
`AND REQUESTOR DATA, DECRYPTS THE RECEIVED DATA, AND
`STORES THE DATA IN APPROPRIATE DATABASES
`500
`
`1
`CENTRAL CONTROLLER PERFORMS A SEARCH OF THE
`PARTY DATA BASED UPON A SEARCH REQUEST AND
`TRANSMITS INFORMATION IN RESPONSE m
`
`V
`CENTRAL CONTROLLER RECEIVES l‘VERIFICATION OF
`INFORMATION‘l REQUEST AND VERIFIES THE PARTY
`DATA AN D/OR THE REQUESTOR DATA
`
`@
`
`V
`CENTRAL CONTROLLER ESTABLISHES, UPON REQUEST
`AND AGREEMENT, ANONYMOUS COMMUNICATIONS
`CHANNEL BETWEEN PARTY AND REQUESTOR @
`
`7
`
`CENTRAL CONTROLLER TRANSMITS BILL TO REQUESTOR
`AND DEBITS REQUESTOR ACCOUNT
`
`FIG. 5
`
`9
`
`

`

`U.S. Patent
`
`Mar. 16,1999
`
`Sheet 8 0f 12
`
`5,884,272
`
`CENTRAL CONTROLLER RECEIVES SEARCH CRITERIA
`FROM REQUESTOR
`I
`CENTRAL CONTROLLER SEARCHES THE DATABASE FOR
`PARTY DATA MATCHING THE SEARCH CRITERIA
`610 T
`
`I
`CENTRAL CONTROLLER TRANSMITS THE NUMBER OF PARTIES
`MATCHING THE SEARCH CRITERIA TO REQUESTOR
`
`DOES CENTRAL
`CONTROLLER RECEIVE SEARCH
`REQUEST CRITERIA CHANGES?
`
`YES
`
`DOES CENTRAL
`CONTROLLER RECEIVE REQUEST FOR
`PARTY DATA?
`w
`
`NO
`
`END
`TRANSACTION
`%
`
`GO TO FIG. 6B
`STEP 650
`
`FIG. 6A
`
`10
`
`

`

`U.S. Patent
`
`Mar. 16,1999
`
`Sheet 9 0f 12
`
`5,884,272
`
`CENTRAL CONTROLLER TRANSMITS REQUEST FOR
`PARTY DATA TO PARTY
`
`END
`TRANSACTION
`???
`
`DOES CENTRAL
`CONTROLLER RECEIVE
`AUTHORIZATION TO RELEASE
`PARTY DATA?
`@
`
`CENTRAL CONTROLLER
`TRANSMITS
`AUTHORIZED PARTY
`DATA TO REQUESTOR
`@
`
`CENTRAL CONTROLLER RECEIVES QUERY FROM PARTY
`FOR REQUESTOR DATA
`I
`CENTRAL CONTROLLER TRANSMITS QUERY FOR REQUESTOR
`DATA TO REQUESTOR
`
`@
`
`m
`
`END
`TRANSACTION
`@
`
`DOES CENTRAL
`CONTROLLER RECEIVE
`REQUESTER‘S AUTHORIZATION TO
`RELEASE REQUESTOR
`DATA?
`gag
`
`CENTRAL CONTROLLER TRANSMITS
`REQUESTOR DATA TO PARTY
`
`FIG. 6B
`
`11
`
`

`

`U.S. Patent
`
`Mar. 16, 1999
`
`Sheet 10 0f 12
`
`5,884,272
`
`CENTRAL CONTROLLER RECEIVES REQUEST FROM
`REQUESTOR TO VERIFY PARTY DATA
`
`CENTRAL CONTROLLER TRANSMITS REQUEST TO
`VERIFICATION AUTHORITY
`
`V
`
`CENTRAL CONTROLLER RECEIVES VERIFICATION STATUS
`QQ
`
`7
`
`CENTRAL CONTROLLER TRANSMITS VERIFICATION
`STATUS TO REQUESTOR
`
`FIG. 7
`
`12
`
`

`

`U.S. Patent
`
`Mar. 16,1999
`
`Sheet 11 0f 12
`
`5,884,272
`
`CENTRAL CONTROLLER RECEIVES REQUEST FROM
`REQUESTOR TO OPEN COMMUNICATION CHANNEL
`WITH PARTY
`I
`CENTRAL CONTROLLER TRANSMITS COMMUNICATION
`REQUEST TO PARTY
`
`800
`
`m
`
`END OF
`TRANSACTION
`m
`
`DOES
`CENTRAL CONTROLLER
`RECEIVE ACCEPTANCE FROM PARTY TO
`OPEN COMMUNICATION
`CHANNEL?
`w
`
`YES
`
`CENTRAL CONTROLLER OPENS REAL-TIME
`COMMUNICATIONS CHANNEL
`
`84_0
`
`CENTRAL CONTROLLER DEBITS REQUESTOR
`BILLING ACCOUNT
`
`850
`
`FIG. 8
`
`13
`
`

`

`U.S. Patent
`
`Mar. 16, 1999
`
`Sheet 12 0f 12
`
`5,884,272
`
`CENTRAL CONTROLLER RECEIVES MESSAGE
`FROM REQUESTOR
`
`CENTRAL CONTROLLER STRIPS IDENTITY
`INFORMATION FROM MESSAGE
`
`‘
`m
`
`m
`
`CENTRAL CONTROLLER TRANSMITS MESSAGE TO PARTY
`m
`
`CENTRAL CONTROLLER RECEIVES RESPONSE FROM PARTY
`m
`
`CENTRAL CoNTRoLLER STRIPS IDENTITY FROM MESSAGE
`m
`
`CENTRAL CoNTRoLLER SENDS RESPONSE To REQUESTOR
`ggq
`
`FIG. 9
`
`14
`
`

`

`5,884,272
`
`1
`METHOD AND SYSTEM FOR
`ESTABLISHING AND MAINTAINING USER
`CONTROLLED ANONYMOUS
`COMMUNICATIONS
`
`BACKGROUND OF THE INVENTION
`
`Field of the Invention
`
`The present invention relates to establishing anonymous
`communications betWeen tWo or more parties. More
`speci?cally, the invention relates to controlling the release of
`con?dential or sensitive information of at least one of the
`parties in establishing anonymous communications.
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`10
`
`15
`
`2
`contribution, an adoption agency typically shields the iden
`tity of a child’s birth mother, a Catholic confessional offers
`anonymous unburdening of the soul, and local phone com
`panies maintain millions of unlisted telephone numbers
`accessible only by special operators.
`The concepts of anonymity and shielded identity do not
`lend themselves to conventional communication systems.
`While it is possible to send and receive anonymous
`messages, such as a postcard With no return address or a call
`placed from a pay phone, it is dif?cult for parties engaged in
`multiple communication episodes to remain anonymous
`from one another. In general, conventional communication
`systems are premised upon the notion that communicating
`parties knoW each other’s identity. For the purposes of this
`invention, the term “communications system” refers to any
`system that facilitates an ongoing cycle of messages and
`responses.
`Most current communications systems, Whether Written or
`oral, do not permit an ongoing, multi-party, shielded identity
`dialogue. For example, letters need an address to be
`delivered, calling someone on the phone requires a phone
`number, and meeting face-to-face provides for visual iden
`ti?cation. The process involved in most ongoing communi
`cation systems is simply not conducive to retaining con
`cealed identities.
`Yet, in some cases, concealing identity can actually
`encourage or facilitate communication betWeen unWilling or
`cautious parties. For example, a party negotiating a peace
`treaty With another may be unWilling to reveal his identity
`because, if the negotiations fail, that party might be exposed
`or subjected to potential blackmail.
`One speci?c example of the need for concealing identities
`is in the employment search process, Where the release of the
`name of the hiring company (or the position involved) could
`be damaging to the company. The hiring company might be
`concerned about hoW potential competitors Would use the
`knoWledge that the company is searching for employees to
`upset customers Who are relying on the stability of the
`company. Mere speculation that a company is searching for
`a neW president could dramatically reduce the price of the
`company’s stock.
`To ?nd potential candidates for the vacant position, the
`company could engage an employment search ?rm to dis
`cretely ?nd potential candidates Without disclosing to the
`market, or even potential candidates, the company’s identity
`until the company decides to con?de in or hire a particular
`candidate.
`In engaging such employment search ?rms, hoWever, a
`hiring company entails some risk that the search ?rm Will
`prematurely or indiscriminately reveal the company’s iden
`tity to a potential candidate. Search ?rms are generally
`compensated based upon the number of successful
`placements, and thus are motivated to make vacant positions
`appear as attractive as possible to potential candidates. In
`doing so, search ?rms could be tempted to reveal enough
`information about the company for potential candidates to
`discover the identity of the company, or, for that matter, the
`?rms may reveal the company’s identity itself. Accordingly,
`hiring companies cannot be counted upon to maintain effec
`tive control of What information is released to potential
`candidates, and thus are unable to instill any satisfactory
`degree of con?dence in their clients about the con?dential
`status of their search for job replacements.
`The use of search ?rms also creates inef?ciencies. In
`dealing With a search ?rm, candidates looking for a neW job
`may engage in a dialogue With the search ?rm, asking a
`
`This is application is related to co-pending patent appli
`cation Ser. No. 08/711,437 entitled “METHOD AND SYS
`TEM FOR FACILITATING WHISTLE-BLOWING
`INCORPORATING USER-CONTROLLED ANONY
`MOUS COMMUNICATIONS”, noW abandoned applica
`tion Ser. No. 08/708,969 entitled “METHOD AND SYS
`TEM FOR MATCHMAKING INCORPORATING USER
`CONTROLLED ANONYMOUS COMMUNICATIONS”,
`application Ser. No. 08/704,314 entitled “METHOD AND
`SYSTEM FOR FACILITATING AN EMPLOYMENT
`SEARCH INCORPORATING USER CONTROLLED
`ANONYMOUS COMMUNICATIONS”, and application
`Ser. No. 08/711,436 entitled “METHOD AND SYSTEM
`FOR FACILITATING NEGOTIATIONS INCORPORAT
`ING USER-CONTROLLED ANONYMOUS
`COMMUNICATIONS”, noW abandoned all ?led on Sep. 6,
`1996.
`
`20
`
`25
`
`30
`
`DESCRIPTION OF THE RELATED ART
`
`The need for anonymous communications can be found in
`everyday situations. Police hotlines solicit tips from the
`public to help solve a crime, often Without requiring callers
`to give their names. Cash reWards are often offered for the
`return of missing items With no questions asked.
`One form of anonymity involves “shielded identity,”
`Where a trusted agent knoWs the identity of a masked party,
`but does not reveal that identity to others except under very
`special circumstances. Unless otherWise speci?ed, the term
`“anonymity” is used throughout this application inter
`changeably With the notion of shielded identity.
`Shielded identity appears in a Wide range of useful and
`commercial functions. Acompany might run an employment
`advertisement in a neWspaper With a blind PO. box knoWn
`only to the publisher. A grand jury could hear testimony
`from a Witness Whose identity is knoWn only to the pros
`ecutor and the judge, but is concealed from the jurors, the
`accused, and opposing counsel. A person could identify a
`criminal suspect from a lineup of people Who cannot see
`him. A recruiter could contact potential candidates for a job
`opening Without revealing the client’s name. Witness pro
`tection programs are designed to shield the true identity of
`Witnesses enrolled in the programs. A sexual harassment
`hotline could be set up for victims of sexual harassment to
`call in With their complaints, While promising to protect the
`callers’ identities.
`The above examples illustrate the need for anonymity or
`shielded identity due to a fear of exposure. The need for
`anonymity can also be motivated by a desire for privacy. For
`instance, donors may Wish to make an anonymous charitable
`
`35
`
`45
`
`50
`
`55
`
`60
`
`65
`
`15
`
`

`

`5,884,272
`
`3
`series of detailed questions about the particular job, com
`pany expectations, various quali?cation criteria, bene?ts,
`options, perks, and other factors, all Without the candidate
`knowing the name of the hiring company. In response, the
`search ?rm may reveal, from general to speci?c, information
`about the hiring company. For instance, in response to
`questions, the search ?rm may successively reveal that the
`hiring company is a Fortune 500 company, a transportation
`company, an airline, headquartered in the MidWest, and,
`?nally, that it is United Airlines. In return, the candidate may
`also authoriZe the search ?rm to release information about
`itself For instance, the search ?rm may disclose that the
`candidate is employed at a small softWare company, that he
`is the head of a softWare development group of seven
`programmers, then that he is earning $75,000 plus a $20,000
`bonus in his current job, then that he is located in the
`Stamford, Conn. area and then ?nally his identity.
`From the outside, these actions may appear to be a type
`of “dance,” Where each party seeks to learn the necessary
`information to keep the process moving forWard. To ansWer
`any dif?cult questions, the search ?rm, trusted by both
`parties, facilitates an assisted dialogue betWeen the candi
`date and the company.
`By creating this additional layer in the communication
`process, hoWever, the amount of effort and expense incurred
`by the hiring party and the candidates increases. Further,
`using such a search ?rm creates delays in communicating
`information betWeen the company and the candidates and
`increases the likelihood that misunderstandings may occur.
`In addition, the success of a search ?rm to ?ll a position
`is limited by the number of candidates that the search ?rm
`contacts. Search ?rms may target only certain individuals
`While overlooking many other quali?ed candidates Who, if
`contacted, Would have been very interested in considering
`the available positions. As such, search ?rms often do not
`reach a large pool of potential candidates. Search ?rms also
`knoW that the candidates most quali?ed for jobs are those
`that are currently employed. Recruiters Would love to be
`able to shoW these coveted employees even better opportu
`nities. Unfortunately, search ?rms have no Way of identify
`ing and contacting these prime candidates. Present systems
`for recruiting typically rely on the candidate to present
`himself to the recruiter—at a substantial risk to the
`employee. No system currently gives an employee the
`incentive and protection he needs to feel comfortable sub
`mitting his resume.
`Another area in Which shield identity may be desirable is
`dating. For example, a person could serve as a match-maker
`by setting up tWo people With Whom he is acquainted on a
`blind date. Before agreeing to go on the date, each acquain
`tance may ask the match-maker questions about the other
`person and instruct the match-maker not to reveal his/her
`identity Without prior authoriZation. Once each of the
`acquaintances feels comfortable about the other person,
`he/she may authoriZe the match-maker to reveal his/her
`identity and agree to the date.
`Again, hoWever, the use of match-makers suffers from the
`same draWbacks as the search ?rms. There is little or no
`control over What information match-makers disclose. For
`instance, a match-maker may feel greater loyalty to one of
`the acquaintances and Willingly divulge the identity of the
`other acquaintance. Also, using match-makers sloWs doWn
`the communication process and can result in miscommuni
`cation. Finally, the number of people that a match-maker can
`set up is limited by the number of people to Whom the
`match-maker is acquainted.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`50
`
`55
`
`60
`
`65
`
`4
`Attempts have been made to automate the employment
`search process and matchmaking process. For instance, US.
`Pat. No. 5,164,897 discloses an automated method for
`selecting personnel matching certain job criteria. Databases
`storing employee quali?cations are searched to identify
`Which personnel have quali?cations matching search crite
`ria. Such a system, hoWever, does not provide anonymous
`communications betWeen the employer and the employee
`and does not provide control over the release of information
`stored Within those systems to others. Thus, there is a need
`for a system that alloWs users to exercise control over the
`release of information to others and that provides ef?cient
`anonymous communication.
`
`SUMMARY OF THE INVENTION
`
`Accordingly, the present invention is directed to a com
`munications method and system that obviates problems due
`to limitations and disadvantages of the prior art.
`A goal of the invention is to provide a communication
`system incorporating a central database of information sup
`plied by one or more of parties and managed by a central
`administrator, Where all parties to the system can manage
`and control the release of any or all information about
`themselves or their identities, and Where such a system
`alloWs for electronic-based communications betWeen the
`parties Without the necessity of revealing the identity of
`either party.
`Another goal of the invention to alloW parties to submit
`criteria for searching a trusted agent’s con?dential database
`and receive a count of the number of records that satisfy the
`criteria, Without revealing the identities of the parties asso
`ciated With those records.
`A further goal of the invention is to alloW a system
`administrator to send a request for authoriZation to release
`information about a party to a searching party.
`Other goals of the invention are to provide a system that
`encrypts communications betWeen parties to maintain the
`anonymity of the parties; to authenticate searchable infor
`mation contained in a central database for release to parties;
`to alloW one or both parties to receive compensation for
`contributing or maintaining information accessible in a
`database; and to alloW one party to apply a customiZed
`scoring algorithm to information contained about other
`parties in a database.
`Still other goals of this invention are to provide a system
`for a trusted agent to act as an anonymous remailer or
`communicate via e-mail or other electronic means With
`speci?c outside parties requested or identi?ed by one of the
`parties to validate information about the parties.
`Yet another goal of the invention is to be able to store and
`authenticate such information that may be provided by
`outside parties in a central database While alloWing the
`outside parties to retain control over the release of respective
`information to other parties.
`This invention meets these goals by alloWing a party to
`maintain effective control over the timing and release of
`certain information stored in a database, including the par
`ty’s identity and other relevant data about the party, to
`another party. This controlled release of identity can be
`performed gradually in a series of steps Where the party
`authoriZes release of more and more information. The inven
`tion also authenticates information stored in the database
`before releasing the information, thereby improving the
`reliability of the released information. Finally, the invention
`establishes a communications channel betWeen a party and
`a requestor While not necessarily revealing the identity of the
`
`16
`
`

`

`5,884,272
`
`5
`party and/or the requester to each other. The controlled
`release of information in the invention alloWs for neW
`improvements in the quality of the communication process
`When one party to the process Would suffer signi?cant costs
`or be exposed to signi?cant risks if their identity Were
`released prematurely or indiscriminately.
`To achieve these and other objects, and in accordance
`With the purposes of the invention, as embodied and broadly
`described, one aspect of the invention includes a method for
`facilitating an eXchange of information betWeen a ?rst party
`and a second party. In this method, ?rst party information
`data is received from the ?rst party and stored in a secure
`database. At least one ?rst party rule for releasing said ?rst
`party information data is received from the ?rst party and
`stored. A search request to the secure database including at
`least one search criterion to be satis?ed is received from a
`second party. Second party data relevant to said at least one
`?rst party rule is determined. At least one second party rule
`for releasing the second party data is received from the
`second party. The search request from said second party is
`then processed to determine if said ?rst party information
`data satis?es said at least one search criterion; and if the ?rst
`party information data satis?es said at least one search
`criterion, then the second party is noti?ed that the at least
`one search criterion has been satis?ed. A request from said
`second party for said ?rst party information data is then
`received. Second party data is released pursuant to said
`second party rule. The central controller then determines,
`based on the received second party data, Whether the at least
`one ?rst party rule has been satis?ed; and if the at least one
`?rst party rule has been satis?ed, the ?rst party information
`data for Which the at least one ?rst party rule has been
`satis?ed is released to the second party.
`In another aspect, the invention includes an apparatus for
`facilitating an eXchange of information betWeen a ?rst party
`and a second party. The apparatus includes a secure database
`device operatively connected to: a device for receiving ?rst
`party information data from a ?rst party; a device for storing
`the ?rst party information data in the secure database device;
`a device for receiving, from the ?rst party, at least one ?rst
`party rule for releasing ?rst party information data; a device
`for storing the at least one ?rst party rule; a device for
`receiving, from a second party, a search request to the secure
`database device, the search request comprising at least one
`search criterion to be satis?ed; a device for processing the
`search request from the second party to determine if the ?rst
`party information data satis?es the at least one search
`criterion; a device for communicating to the second party
`that the at least one search criterion has been satis?ed; a
`device for receiving a request from the second party for the
`?rst party information data; a device for determining second
`party data relevant to the at least one ?rst party rule; a device
`for receiving, from second party, at least one second party
`rule for releasing second party data; a device for releasing
`second party data pursuant to the second party rule; a device
`for determining, based on second party data, Whether the at
`least one ?rst party rule has been satis?ed; and a device for
`providing to the second party the ?rst party information data
`for Which the at least one ?rst party rule has been satis?ed.
`In another aspect, the present invention includes a system
`for facilitating an exchange of information betWeen a ?rst
`party and a second party, the system including a memory for
`storing at least a secure database; a communication port; and
`a processor connected to said memory and said communi
`cation port, the processor being operative to receive ?rst
`party information data from the ?rst party and store the ?rst
`party information data in the secure database. The processor
`
`10
`
`15
`
`25
`
`35
`
`45
`
`55
`
`6
`is further operative to receive, from the ?rst party, at least
`one ?rst party rule for releasing ?rst party information data
`and to store the at least one ?rst party rule. The processor is
`further operative to receive, from the second party, a search
`request to the secure database, said search request having at
`least one search criterion to be satis?ed. The processor is
`further operative to determine second party data relevant to
`the at least one ?rst party rule and to receive, from the
`second party, at least one second party rule for releasing
`second party data. The processor is further operative to
`process the search request from the second party and deter
`mine if the ?rst party information data satis?es the at least
`one search criterion. If the ?rst party information data
`satis?es the at least one search criterion, the processor is
`further operative to communicate to the second party that the
`at least one search criterion has been satis?ed and receive a
`request from the second party for ?rst party information
`data. The processor is then operative to release the second
`party data pursuant to the second party rule and to
`determine, based on the second party data, Whether the at
`least one rule has been satis?ed. If the at least one ?rst party
`rule has been satis?ed, the processor is further operative to
`provide, to the second party, the ?rst party information data
`for Which said at least one ?rst party rule has been satis?ed.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`The accompanying draWings provide a further under
`standing of the invention and are incorporated in and con
`stitute a part of this speci?cation. The draWings illustrate
`preferred embodiments of the invention, and, together With
`the description, serve to eXplain the principles of the inven
`tion.
`In the draWings:
`FIG. 1 illustrates one embodiment of the present inven
`tion;
`FIG. 2A illustrates a block diagram of the central con
`troller of the system in accordance With the embodiment in
`FIG. 1;
`FIG. 2B illustrates the contents of a party data database
`and a requestor data database in accordance With the
`embodiment in FIG. 1;
`FIG. 2C illustrates the contents of a veri?cation database
`and an account database in accordance With the embodiment
`in FIG. 1;
`FIG. 3 illustrates a block diagram of a party terminal in
`accordance With the embodiment in FIG. 1;
`FIG. 4 illustrates a block diagram of a requestor terminal
`in accordance With the embodiment in FIG. 1;
`FIG. 5 illustrates a How diagram of a preferred method for
`establishing anonymous communications in accordance
`With this invention;
`FIGS. 6A—6B illustrate a How diagram of a preferred
`method for searching for and releasing party data in accor
`dance With this invention;
`FIG. 7 illustrates a How diagram of a preferred method for
`verifying the authenticity and accuracy of party data in
`accordance With this invention;
`FIG. 8 illustrates a How diagram of a preferred method for
`opening a communications channel betWeen a party and a
`requester in accordance With this invention; and
`FIG. 9 illustrates a detailed ?oW diagram of a preferred
`method for transmitting party and requester information in a
`communications channel in accordance With this invention.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`System Structure
`FIG. 1 illustrates one embodiment of an anonymous
`communication system 100 according to this invention.
`
`65
`
`17
`
`

`

`5,884,272
`
`7
`System 100 identi?es parties having characteristics of inter
`est to a requester, releases certain information about the
`identi?ed parties to the requestor With authorization from the
`parties, releases certain information about the requestor to
`the identi?ed parties With authoriZation from the requester,
`and provides a communications channel betWeen the iden
`ti?ed parties and the requestor While maintaining their
`anonymity. For example, system 100 can be used to alloW an
`employer (the requester) to communicate With prospective
`candidates (the parties) Whose background satis?