(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`
`(19) World Intellectual Property Organization
`International Bureau
`
`llll
`
`(43) International Publication Date
`22 February 2001 (22.02.2001)
`
`PCT
`
`(10) International Publication Number
`WO 01/13275 Al
`
`(51) International Patent Classification7:
`
`G06F 17/30
`
`(21) International Application Number: PCT/USOO/21901
`
`(22) International Filing Date: 10 August 2000 (10.08.2000)
`
`(25) Filing Language:
`
`(26) Publication Language:
`
`English
`
`English
`
`(30) Priority Data:
`09/374,173
`
`13 August 1999 (13.08.1999) US
`
`(71) Applicant (for all designated States except US): FLEET(cid:173)
`BOSTON FINANCIAL CORPORATION [US/US]; 100
`Federal Street, Boston, MA 02110 (US).
`
`(72) Inventors; and
`(75) Inventors/Applicants (for US only): JUNDA, Laurence,
`
`E. [—/US]; 10 McGregor Drive, Sherbom, MA 01770
`(US). GEARHART, Randy, S. [—/US]; 15 Pine Ridge
`Circle, Reading, MA 01867 (US).
`
`(74) Agents: BUCKLEY, Linda, M. et al.; Dike, Bronstein,
`Roberts & Cushman, Intellectual Property Group, Edwards
`& Angell, LLP, 130 Water Street, Boston, MA 02109 (US).
`
`(81) Designated Slates (national): AE, AG, AL, AM, AT, AU,
`AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CR, CU, CZ,
`DE, DK, DM, DZ, EE, ES, FI, GB, GD, GE, GH, GM, HR,
`HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, LK, LR,
`LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, MZ,
`NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SL, TJ, TM,
`TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA, ZW.
`
`(84) Designated States (regional): ARIPO patent (GH, GM,
`KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZW), Eurasian
`patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), European
`patent (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE,
`
`[Continued on next page]
`
`(54) Title: PROXY SYSTEM FOR CUSTOMER CONFIDENTIALITY
`
`(57) Abstract: A system and method for allowing
`customers to make purchases and take delivery of goods or
`services with a desired level of security and confidentiality
`are disclosed. The system and method enable a customer
`(user) (120) to effect a purchase and a delivery of goods or
`sevices from a merchant (130) without revealing selected
`real user data to the merchant. In one embodiment, the
`system includes proxy user data generator for generating
`proxy user data (144) corresponding with selected real
`user data, a database for storing the selected real user data
`and the corresponding proxy user data, and a purchase
`authorization request and reply router connectable to a
`network for routing purchase authorization requests and
`replies between a system includes a unit for providing real
`delivery data corresponding with proxy delivery data to a
`delivery entity (150). The system and method are useful
`for making purchases and taking delivery from either
`traditional retail outlets or on-line merchants.
`
`100
`
`J
`
`r
`CARD ISSUER
`170
`
`CARD ISSUER
`COMPUTER
`172
`
`m
`
`o
`O
`
`APPLE 1008
`
`

`

`WO 01/13275 Al
`
`IT, LU, MC, NL, PT, SE), OAPI patent (BF, BJ, CF, CG,
`CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG).
`
`refer to the "Guid(cid:173)
`For two-letter codes and other abbreviations,
`ance Notes on Codes and Abbreviations " appearing at the begin(cid:173)
`ning of each regular issue of the PCT Gazette.
`
`Published:
`— With international search report.
`—
`Before the expiration of the time limit for amending the
`claims and to be republisPied in the event of receipt of
`amendments.
`
`

`

`WO 01/13275
`
`PCT/USOO/21901
`
`PROXY SYSTEM
`FOR CUSTOMER CONFIDENTIALITY
`
`BACKGROUND OF THE INVENTION
`
`Field of the Invention
`This invention relates generally to information security and
`confidentiality, and more particularly, to a system and a method for
`enhancing the security and confidentiality of users who make purchases
`and take delivery of goods or services. The system and method of the
`present invention include features that reduce opportunities for
`unscrupulous individuals or entities to obtain personal user data, and for
`marketers and others to gather information on the purchasing habits of
`users, including u s e rs who make on-line purchases.
`
`Background
`When making purchases of goods or services, customers generally
`have a variety of payment options available to them with varying levels of
`confidentiality. For example, customers who pay for their purchases using
`cash can advantageously maintain their anonymity, because they typically
`are not required to reveal any personal information to complete the
`transaction. In contrast, customers who pay for their purchases using
`credit or debit cards m u st often present valid identification showing their
`n a m es a n d / or residential addresses. At the very least, a customer who u s es
`
`a credit or debit card m u st reveal his or her card account number to a
`merchant, who typically transmits the account number to a third party for
`validating the account and for obtaining authorization to complete the sale.
`Further, a customer who takes delivery of his or her purchases at a
`particular location or via a personal computer m u st also reveal delivery
`
`information such as a shipping address or an e-mail address. As a result,
`credit or debit card account n u m b e r s, information about purchased items,
`names and addresses of the card holders, etc., can be easily correlated by
`the merchant a n d / or the third party and used in their own businesses or
`sold to others.
`
`10
`
`15
`
`2 0
`
`2 5
`
`30
`
`

`

`WO 01/13275
`
`PCT/US00/21901
`
`This problem is especially acute for customers who make on-line
`
`purchases; i.e., customers who purchase goods or services from merchant
`
`sites over a public distributed network such as the Internet. Not only can
`
`merchants and credit or debit card authorities gain access to a customer's
`
`5
`
`personal information during an on-line transaction, but unscrupulous
`
`individuals or entities can also intercept the customer's personal
`
`information a n d / or information about the transaction sent over the
`
`network. This can lead to a serious invasion of privacy for the customer and
`
`weaken the customer's confidence in the Internet as a viable commercial
`
`10 medium. For example, such u n s c r u p u l o us individuals or entities may
`
`attempt to commit credit card fraud by using intercepted credit card
`
`account numbers.
`
`15
`
`Various systems and methods have been proposed for enhancing
`customer information security. For example, in US Patent 5,420,926 ("the
`'926 patent") issued May 30, 1995, to Low et al., a method for making an
`anonymous non-cash transaction is described. In accordance with that
`disclosure, a communications exchange is used so that information a n d / or
`funds may be transferred without the destination of the transfer knowing
`
`2 0
`
`the source of the information a n d / or the funds. Public key encryption is
`
`also used so that each party to the transaction and the communications
`exchange can read only the information the party or the exchange needs for
`its role in the transaction.
`
`25
`
`In addition, in US Patent 5,815,665 ("the '665 patent") issued
`
`September 29, 1998, to Teper et al., a method of providing an on-line service
`
`to a user over a public network is described. According to that disclosure,
`
`an on-line brokering service provides user authentication and billing
`
`services to allow users to anonymously and securely purchase on-line
`
`3 0
`
`services from service provider sites over a distributed public network such
`
`as the Internet. After performing a user authentication process, the on-line
`
`brokering service transmits an anonymous u s er ID to the service provider
`
`site, which can be used by the service provider for subsequently billing the
`
`user. A database of user payment information, e.g., credit card numbers
`
`3 5
`
`and other personal user data, is maintained at the on-line brokering service
`
`site and is neither sent over the distributed public network nor exposed to
`
`the service provider sites.
`
`

`

`WO 01/13275
`
`PCT/US00/219O1
`
`However, the methods for enhancing customer information security
`described in the '926 and '665 p a t e n ts have some drawbacks. Specifically, if
`a method for making on-line p u r c h a s es is to be fully accepted and utilized
`by customers, then it not only m u st guard against unauthorized disclosure
`and use of customer personal information, but it also m u st be convenient
`and easy-to-use. Although both the methods of the '926 and '665 patents
`may be u s ed for enhancing customer information security, they
`substantially limit the convenience of making on-line p u r c h a s es by either
`requiring customers to install and u se specialized software on their
`
`computers or requiring customers a nd merchants to communicate indirectly
`
`5
`
`10
`
`through a third party.
`
`It would therefore be desirable to have a system and a method for
`15 making on-line purchases and taking delivery of the purchases that keeps
`customers' personal information confidential and secure throughout the
`purchase or purchase and delivery transactions, while still allowing
`customers and merchants to communicate with each other over the public
`network without u n d ue interference from any third party. Such a system
`
`2 0 would be convenient and easy-to-use for all parties involved in purchase
`and delivery transactions. It would also be desirable to have a system and a
`method for enhancing customer information security and confidentiality
`that can be used for both on-line a nd conventional purchase a nd delivery
`transactions.
`
`25
`
`SUMMARY OF THE INVENTION
`The present invention provides a system and a method for enabling a
`customer (referred to herein as a "user") to make purchases and take
`delivery of goods or services while keeping some or all of the user's personal
`
`3 0
`
`information confidential and secure throughout the purchase and deliver}'
`
`transactions. The user's personal information may include, b ut is not
`limited to, the user's real name, real residential or shipping address, real e-
`mail address, and real credit or debit card account number. Before making
`purchases and/or taking delivery of goods or services, the user obtains
`proxy personal information for u se in place of the user's real personal
`
`3 5
`
`information during the purchase a n d / or delivery transactions. Because the
`user may select the real personal information for which he or she desires
`
`

`

`WO 01/13275
`
`PCT/US00/21901
`
`corresponding proxy personal information, a desired level of confidentiality
`and security in purchase and delivery transactions can be achieved.
`
`5
`
`10
`
`An important feature of the present invention is that the user may
`utilize the proxy personal information in place of the selected real personal
`information when making p u r c h a s es a n d / or taking delivery of goods or
`services at both traditional retail outlets and on-line merchant sites. By
`utilizing the proxy personal information when making purchases, the user
`can obtain virtually the same level of anonymity that cash-paying customers
`
`normally enjoy. Further, by utilizing the proxy personal information when
`making on-line purchases, the user can avoid any potential leakage of his or
`her real personal information from the on-line network. Moreover, the user
`can make on-line p u r c h a s es utilizing the proxy personal information in the
`same convenient and easy way that he or she would make such purchases
`
`15
`
`using the real personal information.
`
`Another important feature of the present invention is that the proxy
`personal information may be provided to the user in the form of a proxy
`credit or debit card. The user utilizes the proxy credit or debit card in the
`same way that he or she would use a conventional credit or debit card.
`
`2 0
`
`However, the user may select beforehand the real personal information that
`he or she desires to be concealed from the merchant when using the proxy
`credit or debit card. For example, the user may obtain a proxy credit or
`debit card that incorporates only a proxy credit or debit card account
`
`2 5
`
`number corresponding with his or her real credit or debit card account
`
`number. Accordingly, when the user utilizes the proxy credit or debit card
`for making purchases, only his or her real credit or debit card account
`number is concealed from the merchant. In other embodiments of the
`present invention, the user may obtain a proxy credit or debit card that
`
`3 0
`
`incorporates proxy personal information corresponding with, e.g., the user's
`
`real name, real residential or shipping address, a n d / or real e-mail address,
`thereby allowing the user to conceal additional real personal information
`from the merchant.
`
`3 5
`
`Still another important feature of the present invention is that the
`
`user may not only select the real personal information for which he or she
`
`desires corresponding proxy personal information, but the user may also
`
`

`

`WO 01/13275
`
`PCT/USO0/21901
`
`select a specific number of purchases that can be made using the proxy
`personal information, an expiration date for the proxy personal information,
`a n d / or a monetary limit for purchases made using the proxy personal
`information.
`
`5
`
`10
`
`The present invention also provides the user with a method for
`effecting the delivery of the goods or services that conceals the user's real
`residential or shipping address a n d / or e-mail address from the merchant.
`In this embodiment of the present invention, the merchant may deliver
`
`goods or services in digital form to the u s er by utilizing the user's proxy e-
`mail address. Further, the merchant may deliver goods or services in
`tangible form to the user by providing the user's proxy residential or
`shipping address to an accepted delivery service, which obtains the user's
`corresponding real residential or shipping address and then delivers the
`
`15
`
`goods or services to the user.
`
`2 0
`
`In accordance with the present invention, a method of enabling a
`u s er to effect a purchase of goods or services from a merchant, without
`revealing selected real user data to the merchant, includes the steps of
`generating proxy user data corresponding with the selected real user data;
`maintaining a database including t he selected real user data and the
`corresponding proxy user data for u se in translating the selected real user
`data into the corresponding proxy user data, and in translating the proxy
`user data into the corresponding selected real user data; and, routing
`
`2 5
`
`purchase authorization requests and replies between the merchant and a
`
`purchase authorization entity using the selected real user data and the
`corresponding proxy user data in the database, wherein the requests routed
`to the purchase authorization entity include the selected real user data, and
`the replies routed to the merchant include the corresponding proxy user
`
`3 0
`
`data and do not include the selected real user data.
`
`According to one embodiment of the present invention, the proxy user
`
`data can be used for making a selected number of purchases. According to
`
`other embodiments, the proxy user data has a selected expiration date
`
`3 5
`
`and/or a selected monetary limit.
`
`

`

`WO 01/13275
`
`PCT/USOO/21901
`
`In accordance with another embodiment of the present invention, the
`method of enabling a user to effect a purchase of goods or sendees from a
`merchant, without revealing selected real user data to the merchant, further
`includes a step of effecting a delivery of the goods or services to the user,
`wherein the selected real user data does not include either a real name/real
`shipping address or a real e-mail address.
`
`5
`
`According to still another feature of the present invention, the goods
`
`or services have digital form, and the merchant delivers the digital goods or
`
`10
`
`services directly to the user computer over a network.
`
`15
`
`2 0
`
`According to yet another feature of the present invention, the selected
`real user data includes a real e-mail address and the corresponding proxy
`user data includes a proxy e-mail address, and the merchant delivers the
`digital goods or services to the user utilizing the proxy e-mail address.
`
`In accordance with yet another embodiment of the present invention,
`the merchant provides the proxy shipping address to a delivery entity, and
`the method of enabling a user to effect a purchase and delivery of goods or
`services from the merchant, without revealing selected real user data to the
`merchant, further includes steps of receiving a request for the real shipping
`address from the delivery entity, the request including the proxy shipping
`address; translating the proxy shipping address into the real shipping
`address using the database; and, providing the real shipping address to the
`
`2 5
`
`delivery entity for u se in subsequently delivering the goods or services to the
`user.
`
`In accordance with yet another embodiment of the present invention,
`
`a method of enabling a user to effect a purchase of goods or services from a
`
`3 0 merchant using a funding account, includes the steps of generating user
`
`account data for the funding account, the user account data having at least
`
`one restricted-use attribute; maintaining a database including the user
`
`account data; and, routing purchase authorization requests and replies
`
`between the merchant and a purchase authorization entity using the user
`
`35
`
`account data in the database, wherein the at least one restricted-use
`
`attribute of the user account data is selectable by the user.
`
`

`

`WO 01/13275
`
`PCT/USOO/21901
`
`According to another feature of the present invention, the at least one
`restricted-use attribute corresponds with a selected number of p u r c h a s es
`that can be funded using the funding account. According to other features,
`the at least one restricted-use attribute corresponds with a selected period
`of time during which purchases can be funded using the funding account,
`a n d / or a selected monetary limit for the purchases.
`
`5
`
`In accordance with another embodiment of the present invention, a
`
`method of enabling a user to effect a delivery of goods or services from a
`10 merchant, without revealing real delivery data to the merchant, includes the
`steps of generating proxy delivery data corresponding with the real delivery
`data; maintaining a database including the real delivery data and the
`corresponding proxy delivery data for u se in translating the proxy delivery
`data into the corresponding real delivery data; and, providing the real
`
`15
`
`delivery data corresponding with the proxy delivery data to a delivery entity,
`wherein the user provides the proxy delivery data to the merchant, and
`wherein the merchant provides the goods or services and the proxy delivery
`data to the delivery entity for subsequent delivery of the goods or services to
`the user. The delivery data may include the user's name a n d / or shipping
`
`2 0
`
`address.
`
`Still further aspects and advantages will become apparent from a
`
`consideration of the ensuing description and drawings.
`
`2 5
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`The invention will be better understood by reference to the following
`more detailed description and accompanying drawings in which
`
`FIG. 1 is a block diagram of the general architecture of a system that
`operates in accordance with one embodiment of the present invention;
`
`3 0
`
`FIG. 2 is a flow chart showing the steps performed when a user
`
`requests proxy user data from a proxy agent according to one embodiment
`
`of the present invention;
`
`35
`
`7
`
`

`

`WO 01/13275
`
`PCT/US00/21901
`
`FIG. 3 is a flow chart showing the steps performed when a user
`makes an on-line purchase of goods or services according to one
`embodiment of the present invention; and
`
`5
`
`FIG. 4 is a flow chart showing the steps performed when the
`
`purchased goods or services are delivered to the user according to one
`
`embodiment of the present invention.
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`10
`
`The systems a nd methods of the present invention will be illustrated
`
`by an embodiment that provides proxy data to a customer, including a proxy
`name, a proxy shipping address, a proxy e-mail address, a n d / or proxy
`credit or debit account data, to provide customer anonymity from the
`ordering of goods or services to the delivery of the goods or services.
`However, varying levels of anonymity may be provided in accordance with
`the present invention, and delivery is optional. In some embodiments, the
`customer will be provided with only proxy credit or debit account data; and,
`in other embodiments, the customer will be provided with complete
`anonymity of identity and location, from the point of p u r c h a se to the point
`of delivery of the goods or services. It should be understood t h at this
`
`detailed description of the present invention is by way of illustration only,
`and is not intended to limit its scope.
`
`15
`
`2 0
`
`FIG. 1 shows the general architecture of a system 100 that allows a
`
`2 5
`
`customer to make p u r c h a s es and take delivery of goods or services while
`
`keeping the customer's personal information, e.g., his or her name, shipping
`
`address, e-mail address, a n d / or credit or debit card account n u m b er (also
`
`known as a "funding account number"), confidential and secure throughout
`
`the purchase and the delivery processes.
`
`30
`
`In this illustrative embodiment, the system 100 includes at least one
`
`customer 120 (referred to herein as a "user") having a user computer 122, at
`
`least one merchant 130, at least one delivery provider 150 having a delivery
`
`computer 152, and at least one proxy agent 140. Each of the computers
`
`3 5
`
`122 and 152 are connectable to an untrusted public network 110 such as
`
`the Internet. The system 100 further includes a merchant site 132 and a
`
`proxy agent site 142, which are directly accessible sites on the Internet 110.
`
`

`

`WO 01/13275
`
`PCT/USOO/21901
`
`For e x a m p l e, t he m e r c h a nt site 132 a nd t he p r o xy a g e nt site 142 a re
`
`a c c e s s i b le on t he I n t e r n et 110 via a t r a n s m i s s i on c o n t r ol p r o t o c o l / I n t e r n et
`
`protocol (TCP/IP) c o n n e c t i o n.
`
`5
`
`In a d d i t i o n, t he s y s t em 100 i n c l u d es at l e a st o ne credit or debit c a rd
`
`i s s u er 170 h a v i ng a c a rd i s s u er c o m p u t er 172 c o n n e c t a b le to a n e t w o rk 112
`
`t h at s u p p o r ts t he a u t h o r i z a t i on of credit or d e b it c a rd t r a n s a c t i o n s. In o t h er
`
`preferred e m b o d i m e n ts of t he p r e s e nt i n v e n t i o n, t he p r o xy a g e nt 140 a nd
`
`t he c a rd i s s u er 1 70 a re t he s a me entity. F u r t h e r, t he a u t h o r i z a t i on n e t w o rk
`
`10
`
`112 m ay be e i t h er a private or a p u b l ic n e t w o r k, a nd m ay also i n c l u de m o re
`
`t h an o ne n e t w o r k.
`
`T he c a rd i s s u er c o m p u t er 172 c o m m u n i c a t es w i th t he p r o xy a g e nt
`
`site 142 a nd t he m e r c h a nt site 132 over t he a u t h o r i z a t i on n e t w o rk 112
`
`15
`
`u s i ng a protocol s u ch as a ny of t h o se c o n v e n t i o n a l ly u s ed for p r o c e s s i ng
`
`electronic t r a n s a c t i o n s. Accordingly, software r u n n i ng on t he m e r c h a nt site
`
`132 a nd t he p r o xy a g e nt site 142 s u p p o rt b o th t he I n t e r n et protocol a nd t he
`
`b a n k i ng p r o t o c ol a nd c an therefore perform t he t r a n s i t i on in c o m m u n i c a t i on
`
`from t he I n t e r n et 110 to t he a u t h o r i z a t i on n e t w o rk 112 a nd vice v e r s a.
`
`20
`
`T he u s er 1 20 a nd t he delivery p r o v i d er 1 50 utilize t he u s er c o m p u t er
`
`122 a nd t he delivery c o m p u t er 152, respectively, to c o n n e ct to t he I n t e r n et
`
`110 in a ny c o n v e n t i o n al m a n n e r. For e x a m p l e, c o n n e c t i on b e t w e en t he
`
`c o m p u t e rs 122 a nd 152 a nd t he I n t e r n et 110 m ay be m a de u s i ng a m o d em
`
`2 5
`
`(not shown) and a telephone line (not shown) via a network service provider
`
`(not shown) that is directly connected to the Internet 110. It should be
`
`noted t h at the particular mechanism of how the u s er computer 122 and the
`
`delivery computer 152 form connections with the Internet 110 are not
`
`critical to the present invention.
`
`30
`
`It should also be noted that the u s er computer 122 and the delivery-
`
`computer 152 are conventional in design, each typically including a housing
`
`that encloses a processor and supporting integrated circuitry, a floppy drive,
`
`and a h a rd disk drive. Each of the computers 122 and 152 also typically
`
`3 5
`
`includes a keyboard, a mouse, and a monitor for allowing u s e rs to enter
`
`commands and observe results. For example, the u s er 120 may enter
`
`commands for making purchase selections and observing results such as
`
`

`

`WO 01/13275
`
`PCmJSOO/21901
`
`purchase confirmations while making on-line purchases from the merchant
`
`site 132 utilizing the user computer 122.
`
`Specifically, the user computer 122 is capable of running a client
`
`5
`
`application, e.g., a browser, which can initiate connections with one or more
`
`host machines (not shown) that contain desired sites, e.g., the merchant site
`
`132 and the proxy agent site 142, p a ss data back and forth between the
`
`user computer 122 and the host machines, and then close the connections.
`
`Accordingly, the host machines are capable of running server applications
`
`10
`
`that can accept the connections initiated by the client application through
`
`the Internet 110. Again, details of how the host machines, the client
`
`applications, and the server applications operate are not critical to the
`
`present invention, and may take different forms.
`
`15
`
`The proxy agent 140 may be a b a nk or other institution that routes
`
`purchase authorization requests and replies between merchants [e.g., the
`
`merchant 130) and card issuers [e.g., the card issuer 170). Further, the
`
`proxy agent site 142 can communicate with the user computer 122, the
`
`merchant site 132, the delivery computer 152, and the card issuer computer
`
`2 0
`
`172, and pass data back and forth during the purchase and delivery
`
`transactions. Although FIG. 1 shows only one proxy agent 140 and only one
`
`proxy agent site 142, it should be understood that the system 100 may
`
`include a plurality of such proxy agents and sites. For example, different
`
`proxy agents and sites might be provided to serve users residing in different
`
`2 5
`
`geographical areas.
`
`As mentioned above, the system 100 allows a user to make purchases
`and take delivery of goods or services while keeping some or all of the user's
`personal information confidential and secure throughout the p u r c h a se and
`
`3 0
`
`delivery transactions. To this end, the proxy agent site 142 includes at least
`
`one user database 144 for storing not only the user's personal information
`such as his or her real name, real shipping address, real e-mail address,
`and real credit or debit card account number, but also corresponding proxy
`data such as a proxy name, a proxy shipping address, a proxy e-mail
`address, and a proxy credit or debit card account number. In accordance
`with one preferred embodiment of the present invention that provides the
`highest level of security and confidentiality, the user 120 makes purchases
`
`3 5
`
`10
`
`

`

`WO 01/13275
`
`PCT/USOO/21901
`
`from the merchant 130 and takes delivery of tangible goods from the
`
`delivery provider 150 using only the proxy user data stored in the user
`
`database 144, thereby preventing the merchant 130 and others from
`
`tracking the user's buying habits and substantially reducing the risk that
`
`5
`
`u n s c r u p u l o us individuals or entities will intercept, e.g., the user's real credit
`
`or debit card account number, and charge unauthorized purchases to his or
`
`her account.
`
`For this illustrative embodiment, a procedure will now be described
`for making purchases and taking delivery of goods or services using the
`system 100. First, the user 120 registers with the proxy agent 140 for
`obtaining proxy user data that he or she can use when making p u r c h a s es
`and taking delivery of goods or services. The proxy agent 140 then provides
`the proxy user data to the user 120.
`
`10
`
`15
`
`For example, the user 120 registers with the proxy agent 140
`
`according to the procedure shown in FIG. 2. Specifically, the user 120 visits
`
`the proxy agent site 142, in block 200, in any conventional manner. For
`
`example, the user 120 may utilize an appropriate uniform resource locator
`
`2 0
`
`(URL) for instructing the web browser running on the user computer 122 to
`
`u se a particular protocol, e.g., http, to retrieve the home page (not shown) of
`
`the proxy agent site 142, e.g., proxy_home.html, located on a particular host
`
`machine (not shown), e.g., www.your_bank.com.
`
`2 5
`
`Next, the user 120 requests, in block 202, proxy user data from the
`
`proxy agent 140. In this illustrative embodiment, the user 120 h as a credit
`
`or debit card for which he or she requests proxy user data. In a preferred
`
`embodiment, the user 120 holds a credit or debit card issued by the proxy
`
`agent 140. Accordingly, the user 120 utilizes the home page of the proxy
`
`3 0
`
`agent 140 to access, e.g., a proxy data request form (not shown). Next, the
`
`user 120 fills out the request form including his or her real user data, e.g.,
`
`real name, real shipping address, and real e-mail address, and then sends
`
`the filled-out request form to the proxy agent site 142. It should be
`
`understood that the user 120 might alternatively register with the proxy
`
`3 5
`
`agent 140 without using the u s er computer 122. For example, the user 120
`
`may utilize the telephone network or regular mail service for providing his or
`
`her real user data to the proxy agent 140 during the registration procedure.
`
`11
`
`

`

`WO 01/13275
`
`PCT/USOO/21901
`
`5
`
`10
`
`15
`
`2 0
`
`In the embodiment wherein the proxy agent 140 has issued the credit
`or debit card held by the user 120, the user's real credit or debit card
`account n u m b er is already available to the proxy agent 140, and may
`therefore be easily accessed by the proxy agent 140 for providing a
`
`corresponding proxy credit or debit card account n u m b er to the u s er 120.
`Accordingly, in this preferred embodiment, there is no need for the user 120
`to send his or her real credit or debit card account number to the proxy
`agent 140 over the Internet 110. The software running on the proxy agent
`site 142 simply utilizes the user's real name, real shipping address, a n d / or
`real e-mail address provided on the request form for verifying the existence
`of the account and determining whether the purchase amount may be
`charged against the account.
`
`If it is determined, for example, that the user 120 is the holder of a
`credit or debit card issued by the proxy agent 140, payments have been
`timely made, and there are funds available on the credit or debit card, then
`the software on the proxy agent site 142 generates, in block 204, unique
`proxy user data corresponding with the user's real name, real shipping
`
`address, real credit or debit card account number, and real e-mail address,
`and then provides the generated proxy user data to the user 120 for
`subsequent use. The user 120 may also be provided with, e.g., an
`identification n u m b er a n d / or a password for use in making subsequent
`requests for proxy data. Further, the user 120 may be provided with
`
`2 5 multiple sets of proxy data, each set corresponding with the user's real data.
`The proxy user data and the user's identification n u m b e r / p a s s w o rd may be
`sent to the user computer 122 over the Internet 110 via e-mail or via the
`client/ server applications running on the user computer 122 and the host
`machine of the proxy agent site 142. It also should be understood that the
`
`3 0
`
`proxy agent 140 may alternatively utilize the telephone network or regular
`
`mail service for providing the proxy user data to the user 120.
`
`3 5
`
`In the embodiment of the present invention wherein the credit or
`debit card held by the user 120 was not issued by the proxy agent 140, the
`user 120 would also include his or her real credit or debit card account
`number with the other real user data on the proxy data request form.
`However, in this embodiment, the server application running on the host
`
`12
`
`

`

`WO 01/13275
`
`PCT/US00/21901
`
`machine of the proxy agent site 142 preferably encrypts all of the real user
`data provided on the proxy data request form before the form is sen