PCX
`WORLD INTELLECTUAL PROPERTY ORGANIZATION
`International Bureau
`INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`WO 00/14648
`(51) International Patent Classification 6 ;
`G06F 17/00
`
`(11) International Publication Number:
`
`(43) International Publication Date:
`
`16 March 2000 (16.03.00)
`
`A1
`
`(21) International Application Number:
`
`PCT/US99/20348
`
`(22) International Filing Date:
`
`3 September 1999 (03.09.99)
`
`(30) Priority Data:
`60/099,162
`
`4 September 1998
`
`(04.09.98) US
`
`(71) Applicant:
`IMPOWER, INC. [US/US]; 88 Orchard Road,
`Princeton, NJ 08540 (US).
`
`(72) Inventor: BRENER, Harry; 673 Lawrenceville Road, Prince­
`ton, NJ 08540 (US).
`
`(74) Agents: WALLACE, Michael, J., Jr. et al.; Lemer, David,
`Littenberg, Krumholz & Mentlik, LLP, 600 South Avenue
`West, Westfield, NJ 07090 (US).
`
`(81) Designated States: AE, AL, AM, AT, AU, AZ, BA, BB, BG,
`BR, BY, CA, CH, CN, CR, CU, CZ, DE, DK, DM, EE,
`
`ES, FI, GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, JP,
`KE, KG, KP, KR, KZ, LC, LK, LR, LS, LT, LU, LV, MD,
`MG, MK, MN, MW, MX, NO, NZ, PL, PT, RO, RU, SD,
`SE, SG, SI, SK, SL, TJ, TM, TR, TT, UA, UG, UZ, VN,
`YU, ZA, ZW, ARIPO patent (GH, GM, KE, LS, MW, SD,
`SL, SZ, UG, ZW), Eurasian patent (AM, AZ, BY, KG, KZ,
`
`MD, RU, TJ, TM), European patent (AT, BE, CH, CY, DE,
`DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE),
`OAPI patent (BF, BJ, CF, CG, CI, CM, GA, GN, GW, ML,
`MR, NE, SN, TD, TG).
`
`Published
`With international search report.
`Before the expiration of the time limit for amending the
`claims and to be republished in the event of the receipt of
`amendments.
`
`(54) Title: ELECTRONIC COMMERCE WITH ANONYMOUS SHOPPING AND ANONYMOUS VENDOR SHIPPING
`
`CUSIMtR
`COMPUTER
`100 gjHiwq
`
`CUSTORER
`COHPUTER
`100
`
`ffifmrfu
`
`(T
`
`•
`•
`CUSTOMER
`COHPUTER
`100 A gmmva
`
`SHIPPER
`COHPUTER
`180
`
`SHIPPER
`COIfUTER
`160
`
`NO-O •
`
`SHIPPER
`COHPUTER
`•1B0
`
`SECURE PflOVIOER
`COHPUTER
`110
`
`130
`
`OAIABASE
`
`8ANK
`CMfUlER
`
`Cp"™
`gimvftVl
`
`1
`
`DATABASE
`
`BANK
`COHPUTER
`iso^rp
`
`mum
`
`•170
`
`170
`
`DATABASE
`
`14\
`
`140
`
`I
`
`50
`
`INTERNET
`
`UO^
`
`£
`VENDER COIfUTER
`VEWER COHPUTER
`i.
`VEWER COHPUTER
`
`(57) Abstract
`
`A computer-implemented method delivers goods purchased from a vendor web site without revealing the customer's identity or
`physical shipping address to the vendor computer (140). The method includes associating the identity and physical location of each
`customer with computer (100) linking information which is stored at a secure computer such as a secure provider computer (110) or
`banking computer (150). The customer computer (100) anonymously connects to the vendor web site (140) and orders goods without
`revealing his actual identity or physical location. The goods are given by the vendor to a common carrier in a package encoded by the
`vendor with a transaction identifier or a customer object. The common carrier retrieves the identity and address of the customer from
`the secure provider computer (110) using the transaction identifier or customer object and delivers the package to the customer's physical
`address.
`
`VISA - EXHIBIT 1005
`
`

`

`Codes used to identify States party to the PCT on the front pages of pamphlets publishing international applications under the PCT.
`
`FOR THE PURPOSES OF INFORMATION ONLY
`
`AL
`AM
`AT
`AU
`AZ
`BA
`BB
`BE
`BF
`BG
`BJ
`BR
`BY
`CA
`CF
`CG
`CH
`CI
`CM
`CN
`CU
`CZ
`DE
`DK
`EE
`
`Albania
`Armenia
`Austria
`Australia
`Azerbaijan
`Bosnia and Herzegovina
`Barbados
`Belgium
`Burkina Faso
`Bulgaria
`Benin
`Brazil
`Belarus
`Canada
`Central African Republic
`Congo
`Switzerland
`COte d'Tvoire
`Cameroon
`China
`Cuba
`Czech Republic
`Germany
`Denmark
`Estonia
`
`ES
`FI
`FR
`GA
`GB
`GE
`GH
`GN
`GR
`HU
`IE
`IL
`IS
`IT
`JP
`KE
`KG
`KP
`
`KR
`KZ
`LC
`LI
`LK
`LR
`
`Spain
`Finland
`France
`Gabon
`United Kingdom
`Georgia
`Ghana
`Guinea
`Greece
`Hungary
`Ireland
`Israel
`Iceland
`Italy
`Japan
`Kenya
`Kyrgyzstan
`Democratic People's
`Republic of Korea
`Republic of Korea
`Kazakstan
`Saint Lucia
`Liechtenstein
`Sri Lanka
`Liberia
`
`LS
`LT
`LU
`LV
`MC
`MD
`MG
`MK
`
`ML
`MN
`MR
`MW
`MX
`NE
`NL
`NO
`NZ
`PL
`PT
`RO
`RU
`SD
`SE
`SG
`
`Lesotho
`Lithuania
`Luxembourg
`Latvia
`Monaco
`Republic of Moldova
`Madagascar
`The former Yugoslav
`Republic of Macedonia
`Mali
`Mongolia
`Mauritania
`Malawi
`Mexico
`Niger
`Netherlands
`Norway
`New Zealand
`Poland
`Portugal
`Romania
`Russian Federation
`Sudan
`Sweden
`Singapore
`
`SI
`SK
`SN
`sz
`TD
`TG
`TJ
`TM
`TR
`TT
`UA
`UG
`US
`UZ
`VN
`YU
`ZW
`
`Slovenia
`Slovakia
`Senegal
`Swaziland
`Chad
`Togo
`Tajikistan
`Turkmenistan
`Turkey
`Trinidad and Tobago
`Ukraine
`Uganda
`United States of America
`Uzbekistan
`Viet Nam
`Yugoslavia
`Zimbabwe
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`ELECTRONIC COMMERCE WITH ANONYMOUS
`SHOPPING AND ANONYMOUS VENDOR SHIPPING
`
`15
`
`5 TECHNICAL FIELD
`The present invention relates to a method and system of conducting
`electronic commerce which allows a customer to anonymously visit vendor web sites,
`anonymously purchase goods and anonymously receive goods without disclosing the
`customer's identification and home address information to the web site vendor.
`10 BACKGROUND ART
`At present day, more and more consumers are using a global
`communications network such as the Internet to do their shopping. On-line shopping
`allows users the freedom to quickly browse different vendor web sites, compare prices,
`locate hard-to-find items, shop across the country and the world, all within an abbreviated
`period of time. However, for good reasons, many people today are worried about privacy
`issues when using the Internet and World Wide Web ("the web"). Merely by visiting a
`web site, detailed information about the customer can be obtained, such as what computer
`the customer is using, where the computer is connected, which web site the customer last
`visited, etc. Furthermore, more and more sites are requiring that customers log into the
`site with personal information in order to use the services of the site. Many customers,
`however, do not wish to compromise their privacy and reveal their name and address since
`it will likely be placed in a database and sold as a part of a mailing list to other companies.
`Further, consumers worry about transmitting personal information such as credit card
`numbers or bank account numbers on-line, for fear of a third-party monitoring their
`transmission.
`
`20
`
`25
`
`the
`that maintains
`At present, Internet billing systems are known
`confidentiality of the customer information by an Internet access provider vis-a-vis a
`vendor web site. The Internet access provider creates access to the Internet through the
`secure provider's web site for the user. The provider then bills the customer's account
`with the provider or another specified account for transactions with outside vendors,
`
`30
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`5
`
`10
`
`without the need for the customer to send his bank account number or credit card
`information to the vendor. The problem with these billing systems is that they do not
`provide complete privacy. While customers using such a billing system do not have to
`reveal their bank account numbers or credit card numbers to outside vendors, they do need
`to reveal their home addresses to the vendor so that the vendor can mail or ship the
`customer their order. Many customers, when shopping on-line, wish to remain completely
`anonymous to vendors in order to avoid future solicitations from the vendor, as well as
`having their names and addresses potentially added to a mailing list. Although anonymity
`is important, many shoppers enjoy the benefit of returning to vendor web sites which store
`information about the shopper (such as via "cookies") so that the same information need
`not be reentered each time and custom offerings and information can be communicated to
`the shopper upon revisiting a favorite web site. Accordingly, what is needed is a secure
`Internet e-commerce system that eliminates the need to provide vendors with both
`customers' actual identities and shipping addresses, and accordingly provides customers
`15 with complete anonymity.
`It would also be desirable to provide such an e-commerce
`system whereby the customer can remain anonymous but still visit web sites as a character
`or persona such that he or she is recognized upon return to the vendor web site.
`DISCLOSURE OF THE INVENTION
`In accordance with a preferred aspect of the present invention, a computer-
`implemented method of delivering goods is provided whereby good are purchased from a
`vendor having a vendor web site accessible over a computer network by a plurality of
`customers at physical locations. The customers have customer computers connected to the
`computer network for accessing the vendor web site and electronically purchasing goods
`therefrom. The method includes: (a) associating the identity and the physical location of
`each customer with a respective customer object via linking information; (b) storing the
`linking information at a secure computer at a location remote from the vendor web site; (c)
`anonymously connecting to the vendor web site by the customer computer using the
`identity of the customer object without revealing the identity and physical location of the
`customer; (d) ordering goods at the vendor web site by the customer using the customer
`computer, and upon initiation of an order by the customer, (i) automatically generating a
`
`20
`
`25
`
`30
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`10
`
`transaction identifier by the vendor computer, (ii) encoding a package of the goods ordered
`by the customer with the transaction identifier by the vendor and (iii) sending the
`transaction identifier together with the customer object to the secure computer by the
`vendor computer; (e) associating the transaction identifier sent by the vendor computer
`5 with the identity and physical address of the customer at the secure computer using the
`linking information and automatically forwarding the transaction identifier and associated
`identity and physical address of the customer to a computer of a common carrier; (f)
`delivering the encoded package to the common carrier by the vendor; and (g) reading the
`transaction identifier by the common carrier, using the identity and the physical location of
`the customer associated with the transaction identifier and physically delivering the
`package to the physical location of the customer.
`In an alternative preferred embodiment, the computer-implemented method
`of delivering goods comprises (a) associating the identity and the physical location of each
`customer with a respective customer object via linking information; (b) storing the linking
`information at a secure computer at a location remote from the vendor web site; (c)
`anonymously connecting to the vendor web site by the customer computer using the
`identity of the customer object without revealing the identity and physical location of the
`customer; (d) ordering goods at the vendor web site by the customer using the customer
`computer, and upon initiation of an order by the customer, encoding a package of the
`goods ordered by the customer with the customer object; (e) delivering the encoded
`package to the common carrier by the vendor; (1) providing the linking information to the
`common carrier; and (g) reading the customer object by the common carrier, retrieving the
`identity and the physical location of the customer associated with the customer object and
`physically delivering the package to the physical location of the customer.
`information
`Desirably,
`the above methods further comprise sending
`representing the cost of the goods ordered by the customer and the customer object from
`the vendor computer to a financial institution computer via the computer network for credit
`approval, ascertaining the credit status of the customer object, and automatically sending a
`message approving or declining credit to the customer to the vendor computer from the
`30 financial
`institution computer. Ascertaining the credit status of the customer object can also
`
`15
`
`20
`
`25
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`• 4 ~
`include ascertaining the identity of the customer based on the linking information obtained
`by the financial institution from the secure provider.
`The step of anonymously connecting to the vendor web site may include
`revealing one or more customer characteristics to the vendor web site by the customer
`object so as to allow the vendor web site to use such customer characteristics to customize
`information and goods presented to the customer upon return to the vendor web site using
`the customer object. The step of anonymously connecting to the vendor web site is
`preferably performed automatically without customer interaction on at least some occasions
`by the customer object programmed to shop for the customer in accordance with directions
`specified by the customer. The customer object may be personified to the customer via the
`customer computer through the display of audio and/or visual display.
`The secure computer may comprise a secure provider computer allowing the
`customers to anonymously connect to the vendor web site therethrough, or alternatively,
`the secure computer can comprise the financial institution computer.
`In another preferred embodiment of the present invention, a computer
`character generating system is provided in the context of a computer system for offering
`goods, services and/or information from a vendor computer providing access to a vendor
`web site over a computer network including a plurality of customer computers connected
`to the network for accessing the vendor web site. The computer character generating
`system includes (a) a character generation program executable on the vendor computer and
`containing instructions for causing the vendor computer to generate an interactive vendor
`character which represents the vendor and interactively guides a customer through the
`vendor computer site, (b) the character generation program being operative to send
`character display commands to the customer computer when the customer computer has
`accessed the vendor web site causing the customer computer to display on a display device
`associated with the customer computer the interactive vendor character, (c) the interactive
`vendor character providing a trademark function for the vendor such that the interactive
`vendor character is identified with the vendor by customers who desire to acquire goods,
`services and/or information over the computer network from
`the vendor web site, the
`interactive vendor character further having a persona such that the vendor character will
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`10
`
`15
`
`20
`
`respond to inputs from a customer computer representing communications by a customer in
`a manner representative of a human having particular personality traits acting in a
`representative capacity.
`Desirably, the vendor computer records the identities of customer computers
`5 which interact with the vendor web site and records historical data representing
`transactions of each customer computer with the vendor computer, and the vendor
`character responds to inputs from each customer computer based partially on the inputs
`and partially on the historical data in conjunction with the personality traits. The vendor
`character preferably has an artificial intelligence function which allows the vendor
`character to predict responses which would tend to elicit an acquisition by each customer
`computer based upon the historical data associated with such customer computer, and the
`interactive vendor character bases responses at least in part upon such predictions. The
`vendor character can also check for available goods, services and/or information requested
`by each customer computer and also checks for goods or services which are different from
`those requested by the customer computer but which are likely to be of interest to such
`customer computer based upon the historical data. The vendor character can be displayed
`with facial expressions, movement characteristics and voice accents associated with the
`personality traits.
`In yet another preferred embodiment of the present invention, an interactive
`computer-implemented method of offering goods, services and/or information is provided
`with a vendor computer providing access to a vendor web site over a computer network to
`a plurality of customer computers connected to the network for accessing the vendor web
`site. The method includes (a) providing a plurality of customer objects representing
`individuals who desire to acquire goods, services and/or information from the vendor sites,
`each customer object being provided with a set of user characteristics representing personal
`preferences and information about the individual; (b) providing a vendor persona object
`representing the vendor, the vendor persona object being provided with a set of vendor
`characteristics representing information about the goods, services and/or information
`offered by the vendor; and (c) visiting the vendor computer site via the network with a
`customer object such that the customer object and the vendor persona object dynamically
`
`25
`
`30
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`- 6 -
`
`5
`
`10
`
`interact with one another to exchange one or more subsets of the set of user characteristics
`and vendor characteristics for determining whether the goods, services and/or information
`offered by the vendor computer site are of interest to the user persona object.
`The method desirably includes targeting a sales offer by a vendor computer
`to at least one customer computer via the secure provider computer based upon the
`purchasing interest and demographic information collected for at least one customer
`computer by the secure provider computer and provided to the vendor, wherein the
`customer object is configured by the customer to determine whether the sales offer will be
`presented to the customer computer.
`In yet a further preferred embodiment of the present invention, a method for
`providing advertising on the web site of a secure provider computer is provided comprising
`(a) providing a secure provider computer to allow customer computers connected to the
`secure provider computer to have access to authorized vendor offers on the secure provider
`web site; and (b) posting one or more vendor offers on the secure provider web site,
`15 wherein the offers are only viewable by the customer computers.
`In still a further preferred aspect of the present invention, a computer-
`implemented method for knowingly monitoring network navigation and purchasing history
`of a plurality of customers by a secure provider is provided,comprising: (a) requiring each
`customer to first establish an account with the secure provider by requiring each customer
`to agree to have the customer's demographic information and purchasing history tracked
`by the secure provider; (b) providing on-line access to a computer network to computers of
`customers who have established an account via a secure provider computer of the secure
`provider; and (c) tracking and storing the customers' demographic information and
`purchasing history by the secure provider computer as the customers update and change
`their demographic information and make purchases via their customer computers.
`Preferably, at least one customer computer is presented with an item to be
`purchased selected by the secure provider computer based on the customer's demographic
`information and purchasing history tracked by the secure provider. Further, a sales offer
`can be targeted by a vendor computer to at least one customer computer via the secure
`provider computer based on the customer's demographic information and purchasing
`
`20
`
`25
`
`30
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`5
`
`history collected by the secure provide computer and provided to the vendor in a modified
`form which does not include the customers' identity information, wherein the customer
`object is configured by the customer to determine whether the sales offer will be presented
`to the customer computer.
`In an even further preferred embodiment of the present invention, a method
`of providing outside vendor offers on a web site of a secure provider computer is
`provided, including (a) establishing a secure provider web site allowing member customer
`computers to have access to an area on the web site that posts outside vendor offers; and
`(b) configuring the secure provider web site so that the vendor offers are only viewable by
`the member customer computers. Desirably, only vendors who have signed up with the
`secure provider in advance are able to view the area on the web site that posts the outside
`vendor offers.
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a schematic diagram of a preferred embodiment of a computer
`system according to the present invention.
`FIG. 2 is a flow chart of the steps followed in a preferred method according
`to the present invention.
`FIG. 3 is a depiction of a sample secure provider web site.
`FIG. 4 is a depiction of a sample vendor web site.
`20 BEST MODES FOR CARRYING OUT THE INVENTION
`Referring to FIG. 1, the computer system of the present invention comprises
`a network of interconnected computers connected via a global communications network
`such as the Internet 50. The network of computers comprise plurality of customer
`computers 100, a secure provider computer 110, a plurality of vendor computers 140, a
`plurality of bank computers 150 and a plurality of third party carrier or shipping computers
`180. Each computer comprises the typical components needed to connect to the Internet
`and World Wide Web, such as RAM and ROM memory, mass storage, microprocessor(s),
`display device, user input devices, etc. The secure provider computer 110 and vendor
`computers 140 also will typically include one or more server computers to allow provision
`
`10
`
`15
`
`25
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`5
`
`10
`
`15
`
`g
`of web sites such as a secure provider web site and vendor web sites, which offer goods,
`services and other information desired.
`The present invention desirably allows a customer to shop on-line at vendor
`web sites in an anonymous fashion. To do so, a customer uses his customer computer 100
`(such as a home computer with dial-up connectivity to the Internet) to connect the secure
`provider computer 110 and login with a certificate based ID and password. Prior to
`conducting on-line shopping, the customer creates a customer object or on-line personna
`that represents the preferences of the customer. This is discussed in further detail below.
`The customer object which can be represented by a name (such as "GOLFO") and the
`customer's personal information, such as the customer's name and address, are matched up
`with linking information. This linking information is stored, in one embodiment, in a
`linking table stored in the database 130 of the secure provider computer 110. This linking
`table matches up each customer object with the customer's personal information which the
`customer wants shielded from the vendor web sites. Alternatively, the linking information
`can be stored in the database 170 of bank computer 150 so that only the bank, and not the
`secure provider, actually knows the true identity and address of the customer. In either
`case, the linking information is stored in a secure computer so as to shield the linking
`information from third parties, including the vendor. Using this linking table, the secure
`provider computer 110 or the bank computer 150 can determine which customer a given
`customer object represents.
`Once the customer computer 100 is connected to the secure provider
`computer 110, a secure connection pipeline 120 is provided between the customer
`computer 100 and the secure provider computer 110 in order to prevent transmissions
`between the customer computer 100 and the secure provider computer 110 from being
`25 monitored. Namely, after the customer joins the web site of the secure provider computer
`110, the customer computer 100 is preferably provided with software by the secure
`provider computer 110. This software enables the customer computer 100 to connect
`directly to the secure provider computer 110, along a known, fixed node-to-node route,
`without having to connect to the vendor web site through a different node-to-node network
`each time as is common over the Internet. Thus, to protect the privacy of the user, the
`
`20
`
`30
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`_ 9 _
`customer computers 100 are preferably connected to the secure provider computer 110
`through a virtual personal network ("VPN") which provides a private passageway or
`tunnel through the Internet. As is known in the Internet communications art, in a VPN,
`computers communicate with each other through firewall computers, so that the only
`addresses known are those of the firewall computers. This secure pipeline 120 allows the
`customer to connect directly, node-to-node, with a VPN, when there is communications
`between the secure provider computer and the vendor computer, so the only address that is
`revealed to the vendor is the address of the firewall computer. This allows customer
`computers 100 to communicate from within a network to vendor computers 140 without
`having their addresses revealed or access to any peripherals or devices on customer
`computer 100.
`With the secure connection, the customer computer 100 can anonymously
`connect to the web sites of various vendor computers 140 using the Internet via the secure
`provider's proxy servers. The customer computer 100 can browse for the web sites of
`vendor computers 140 of interest using various different search methods known in the art.
`When a customer computer 100 connects to a vendor web site of a vendor computer 140,
`the vendor computer 140 is provided only with the customer object, which identifies the
`customer as a fictitious entity without revealing personal information about the customer
`such as real name or address. When the customer computer 100 notifies the vendor
`computer 140 that the customer computer 100 would like to make a purchase, the vendor
`computer 140 contacts a bank computer 150 through the Internet to verily that the
`customer object on the customer computer 100 has sufficient funds to make the purchase.
`To facilitate the verification process, the vendor computer 140 forwards the customer
`object to the bank computer. The bank computer 150 obtains or is already provided with
`the linking information to link the customer object with personal information about the
`customer, including customer account information. Once the bank computer 150
`determines whether the customer object has sufficient funds to make the purchase, the
`bank computer 150 notifies the vendor computer 140 whether the customer has sufficient
`funds to make the purchase.
`In an alternate embodiment, the vendor computer 140 need
`
`5
`
`10
`
`15
`
`20
`
`25
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`5
`
`10
`
`15
`
`- 10 -
`not contact a bank but can simply bill the secure provider computer 110 for the
`transaction, who will in turn bill the customer.
`Once a purchase by the customer has been approved, the vendor arranges
`for the package to be picked up by a third party carrier. The package, however, must be
`labeled with information that the shipper can use to ship the package to the correct address,
`but cannot contain the actual address of the customer, since it is to be shielded from the
`vendor. To accomplish this, the vendor computer 140, in a preferred embodiment,
`provides the third party carrier computer 180 with a transaction identifier and the customer
`object through the Internet to shipper computer 180. The vendor also places the
`transaction identifier only on the package. Once the shipper comes to the vendor to pick­
`up the package, the shipper, who is provided with or can ascertain the linking information,
`knows the address to match up with the transaction identifier. Alternatively, the vendor
`can simply attach the customer object to the package, such as in the form of a bar code or
`a label. The third party shipper computer 180 can then contact the secure provider
`computer 110 directly through a secure pipeline or through the Internet, to retrieve the
`customer's address from the database 130 or is provided ahead of time with the linking
`information to match up the customer object with the customer's actual name and address.
`Alternatively, where the linking information is not known to the secure provider and is
`known only to the bank, the shipper can retrieve or be provided with the linking
`information for the transaction identifier and/or the customer object from the bank.
`FIG. 2 illustrates a preferred method in accordance with the present
`invention. As shown in step 200, a customer computer 100 first connects to the web site
`of the secure provider computer 110, illustrated in FIG. 3, and joins the secure provider's
`service by filling out a standard form on the web site of the secure provider computer 110.
`25 When a customer signs up to use the secure provider web site and services, the customer is
`prompted to create a "persona" or customer object to be stored on a database 130 on the
`secure provider computer 110. In one embodiment, this object may have both a public and
`private segment to a digital certificate or key. In another embodiment, a linking table is
`also stored on the database 130 of the secure provider computer 110 which provides the
`link between the customer's personal information, such as the customer's name and
`
`20
`
`30
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`- 1 1 -
`shipping address, and the customer's object such as a public key, but not the synonym, or
`name of the object. Alternatively, the linking table is stored only by banking computer
`and is not known by the secure provider. Thus, while the information about the customer
`object is stored by the secure provider, in the case where the customer wishes to remain
`anonymous to the secure provider, the linking information to link customer object to the
`actual customer is given only to the bank by the customer. The linking table is ultimately
`used to provide the bank computer with the account number or private key authorization of
`the customer and to provide the third party carriers with the actual name and address of a
`customer once the package has been labeled by the vendor with the customer object or
`transaction identifier.
`In one preferred embodiment, the customer can create and modify his
`customer object via a personalized home page stored on the web site of the secure provider
`computer 110. For example, if the customer is a golfer, the customer might create the
`persona or customer object named "GOLFO," which object can then be used to navigate
`anonymously on the Internet. In creating the persona, the customers can, for example,
`select an available name (such as GOLFO) and enter in detailed personal information about
`himself. The GOLFO persona thus functions as the customer's anonymous alter-ego and
`will contain personal information such as age, sex, interests, hobbies, shirt size, shoe size,
`likes, dislikes, merchandise the customer has an interest in, etc. This persona, GOLFO,
`along with all other customers' personas, is stored on the database 130 of the secure
`provider computer 110, which may or may not store the linking information as explained
`above.
`
`Once the customer joins the web site of the secure provider computer 110,
`the customer is provided with a customer object identifier number or certificate, also
`stored on database 130. The customer's object identifier number or certificate, but not
`their bank account information, credit card numbers or home address, is preferably stored
`on a "cookie" or database at the customer computer 100, and is also stored on secure
`provider computer 110. In this manner, when a customer logs into the secure provider
`web site using customer computer 100, the customer object identifier number or certificate
`
`5
`
`10
`
`15
`
`20
`
`25
`
`

`

`WO 00/14648
`
`PCT/US99/20348
`
`5
`
`10
`
`15
`
`- 12 -
`can be used by the secure provider computer 110 to identify the user as a customer of the
`web site of the secure provider computer 110.
`Once the customer computer 100 has been identified as a member of the
`web site of the secure provider computer 110, the customer computer 100 can then access
`the Internet through the web site of the secure provider computer 110 and begin to securely
`browse, as shown in step 210.
`When the custom