(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2009/0254971 A1
`(43) Pub. Date:
`Oct. 8, 2009
`Herz et al.
`
`US 20090254971A1
`
`(54) SECURE DATA INTERCHANGE
`
`(75) Inventors:
`
`Frederick S. M. Herz, Warrington,
`PA (US); Walter Paul Labys, Salt
`Lake City, UT (US); David C.
`Parkes, Philadelphia, PA (US);
`Sampath Kannan, Philadelphia,
`PA (US); Jason M. Eisner,
`Baltimore, MD (US)
`
`Correspondence Address:
`WOLF GREENFIELD & SACKS, PC.
`6OO ATLANTIC AVENUE
`BOSTON, MA 02210-2206 (US)
`
`(73) Assignee:
`
`Pinpoint, Incorporated. Fort
`Worth, TX (US)
`
`(21) Appl. No.:
`
`12/417,747
`
`(22) Filed:
`
`Apr. 3, 2009
`
`Related U.S. Application Data
`(63) Continuation of application No. 09/699,098, filed on
`Oct. 27, 2000.
`(60) Provisional application No. 60/161,640, filed on Oct.
`27, 1999, provisional application No. 60/206,538,
`filed on May 23, 2000.
`Publication Classification
`
`(51) Int. Cl.
`(2006.01)
`G06F 7700
`(2006.01)
`G06Q 10/00
`(52) U.S. Cl. .................................... 726/1; 705/1; 726/26
`(57)
`ABSTRACT
`A secure data interchange system enables information about
`bilateral and multilateral interactions between multiple per
`sistent parties to be exchanged and leveraged within an envi
`ronment that uses a combination of techniques to control
`access to information, release of information, and matching
`of information back to parties. Access to data records can be
`controlled using an associated price rule. A data owner can
`specify a price for different types and amounts of information
`aCCCSS,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Rule
`templates
`
`
`
`Profile
`
`Client-side
`Personalization.
`
`
`
`
`
`information &
`Methods
`
`Interpreter
`
`
`
`
`
`Program
`Query
`execution
`module
`
`
`
`Processed
`information
`
`Twitter Exhibit 1009
`Page 00001
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 1 of 12
`
`US 2009/0254971 A1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Figure 1. Top-level SDI architecture,
`
`Warehouse
`
`Price Module
`
`Messages
`
`Data Repository:
`(Data, Rules)
`
`Persistent Queries
`
`SD Methods
`
`
`
`
`
`Figure 2. Core SDI Modules
`
`Page 00002
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 2 of 12
`
`US 2009/0254971 A1
`
`DATA RECORDS
`
`QUERY PROGRAM.
`
`TABLE OF POINTERS
`
`Cost: S.
`Cost $2
`
`SELECT COMMANDS
`
`Newpointers...
`SELECT with Property X
`
`PROCESS COMMANDS
`
`
`
`
`
`Get cheapest
`data records
`(internal market)
`
`Request information
`War A.
`1 Pointers 1, 3, 4
`i
`
`information
`
`
`
`Final
`Result
`
`Request information
`War B.
`24 -
`information
`
`
`
`Pointers 2. N
`
`Figure 3: Query Execution
`
`Page 00003
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 3 of 12
`
`US 2009/0254971 A1
`
`
`
`Data
`Repository
`
`
`
`
`
`
`
`
`
`
`
`Persistent
`Queries
`
`
`
`Pending
`Queries
`
`Figure 4. Communication
`Module
`
`To Agents
`Result
`Messages in
`
`Communication
`Module
`
`
`
`Request
`To Query Execution
`
`
`
`2. Request informatic
`from SD data ware
`
`Agent 2
`SD proxy agent
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`SD Data
`Warehouse
`
`
`
`3. Receive
`ification
`
`Provide P)
`for Sol data
`Warehouse
`
`4. Provide
`personalized
`information,
`services
`
`
`
`Agent 1
`SD1 proxy agent
`
`Figure 5: Data in the central SDI data
`Warehouse.
`
`Page 00004
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 4 of 12
`
`US 2009/0254971 A1
`
`2, Request Info
`from SDI data
`
`SDI proxy agent
`
`i. Provide P)
`of SD data
`Warehouse
`
`4. Request more
`information
`
`6, Provide
`personalized
`Service
`
`SDData
`Warehouse
`
`3, Receive
`infortatio
`
`Agent 1
`SD proxy agent
`
`5. Frovide
`inforTiation
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Figure 8: Data Stored Client Side and in
`the SD data warehouse
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Rule
`templates
`
`
`
`Profile
`
`Figure 7. Client-side
`Personalization.
`
`
`
`
`
`
`
`
`
`information &
`Methods
`
`Interpreter
`
`
`
`
`
`
`
`Program
`Query
`execution
`nodule
`
`
`
`Processed
`information
`
`Page 00005
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 5 of 12
`
`US 2009/0254971 A1
`
`eScriptors
`Agent 1 Profile 1
`
`User
`
`
`
`NS Communication
`Agent 2 Profile 2 y - Y --> module
`N1
`
`User
`Messages in
`
`Messages out
`
`Agent n Profile n
`
`information
`
`Control module
`
`Rules
`database
`
`.
`
`. . .
`
`Processor
`
`Figure 8: Agent SDI
`architecture: Personalization
`agent
`
`Page 00006
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 6 of 12
`
`US 2009/0254971 A1
`
`request from
`comm module
`
`Figure 9. Control module,
`personalization agents
`
`
`
`forward info to
`Comm module
`
`information
`database
`
`Fetch
`information
`
`
`
`
`
`rule from
`processor
`
`
`
`information
`database
`
`Check
`
`profile
`database
`
`
`
`
`
`Fetch profile
`information
`
`forward
`request to
`processor
`(Figure 9 above)
`
`
`
`
`
`
`
`Figure 10. Processor
`in Personalization
`agent
`Figure 10
`
`Profile, info request
`
`Decision
`Module
`
`
`
`
`
`Threshold
`Test
`
`Rule
`
`Page 00007
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 7 of 12
`
`US 2009/0254971 A1
`
`Figure 11. Client-side lodentity
`Management
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`4, Request
`into finatio
`
`3, Provide PD for
`agent
`
`Agent 2
`SD proxy agent
`
`S) Profile
`Management
`Server
`
`
`
`5. Provide
`information
`
`
`
`2. Pass S)
`UUID, request
`new Session
`
`information personalized
`informatio,
`services
`
`SD cent
`
`Figure 12. Web-Centric Profile
`
`Page 00008
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 8 of 12
`
`US 2009/0254971 A1
`
`Figure 13: Protecting Privacy:
`Pricing the value of information.
`
`S100
`
`Price
`
`SO
`
`High
`LOW
`Protection level
`
`FeWData records
`
`Many Data records
`
`OO
`
`Noise
`
`O%
`
`100%
`
`Noise
`
`O
`
`Figure 14, Selecting a
`level of noise to provide a
`particular protection level.
`
`High
`LOW
`Protection level
`
`High
`LOW
`Protection level
`
`Page 00009
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 9 of 12
`
`US 2009/0254971 A1
`
`
`
`
`
`
`
`
`
`User views advert
`Push advert to
`relevant users
`
`Centra SD
`data
`Warehouse
`
`Client
`
`Figure15. System for push of
`targeted ads to users in
`iamWorthit.
`
`
`
`
`
`Bit String to identify a Community Dollar.
`
`Public Key,
`Wendor 1, SSValue
`
`
`
`
`
`Public Key, PD-1
`
`
`
`Value & Wendor signature
`Figure 6. E-cash method to
`deliver community dollars.
`
`Psuedonuym signature
`
`Page 00010
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 10 of 12
`
`US 2009/0254971 A1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Agent.
`Local profile
`information and
`profile
`eet
`
`Customized content & offers, Personaliztion
`fictlofs, etc.
`
`Content, etc.
`
`Request for time-of.
`purchase competition
`
`Submit new profile
`infortatio.
`
`Request tire of
`purchase competition.
`
`Central SD data
`Warehouse
`(contains profile
`information about agents)
`
`Time-of-Purchase
`Se:Wer.
`
`Request infor(Ilation to
`enable requests for
`competition
`Push a choice of adverts
`Figure 17, Time-of-Purchase/lamworthit system
`
`Advertising
`NetWork Server.
`
`
`
`
`
`
`
`
`
`Request
`counteroffers
`
`Fitial Offer,
`pseudonymous ID
`to use in Collecting
`profile informatio
`
`
`
`
`
`
`
`
`
`
`
`Time-of-purchase
`SeWe
`
`Figure18,Time of
`purchase competition
`
`Page 00011
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 11 of 12
`
`US 2009/0254971 A1
`
`
`
`Ciet
`
`Personalized
`Cortet
`
`(a) Traditional Method
`Request for Web page
`Evaluation function
`Selection of informator
`
`Personalized
`Conte?t
`
`(b) lamworthit/SDI Method
`
`Weldor
`
`w
`
`Figure 19,
`Customization of
`information to users.
`
`
`
`
`
`2. Push personalized Content
`
`1. Hit Wendor Site
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`4. PuS Choice
`of adverts
`
`3. Request targeted ad
`
`Ad-server
`
`5. Request
`advert
`
`Figure20, System for targeted
`advertising within iamworthit.
`
`Page 00012
`
`

`

`Patent Application Publication
`
`Oct. 8, 2009 Sheet 12 of 12
`
`US 2009/0254971 A1
`
`Profile of local user
`
`local user
`Profile of
`
`Original
`Space of
`data points
`Figure21. Concise Cilent-Side Method
`Descriptions.
`
`Reduced
`Space of
`data points
`
`Page 00013
`
`

`

`US 2009/0254971 A1
`
`Oct. 8, 2009
`
`SECURE DATA INTERCHANGE
`
`RELATED APPLICATIONS
`0001. This application is a continuation of and claims
`priority under 35 U.S.C. S 120 to U.S. application Ser. No.
`09/699,098 entitled “Secure Data Interchange.” filed on Oct.
`27, 2000, which claims the benefit of U.S. Provisional Appli
`cation No. 60/161,640, filed Oct. 29, 1999, titled Secure Data
`Interchange, and Provisional Application No. 60/206,538,
`filed May 23, 2000, titled Secure Data Interchange, all of
`which are incorporated herein by reference in their entirety.
`
`BACKGROUND OF THE INVENTION
`0002 1. Field of the Invention
`0003. The Secure Data Interchange invention describes a
`system to allow a privacy-protected market for data exchange
`between multiple self-interested parties. The system presents
`a general infrastructure for the exchange of information
`within a safe privacy-protected environment, between mul
`tiple self-interested parties. We propose a central data ware
`house that maintains data submitted by different users, and
`executes queries and programs on the data. Rules are associ
`ated with data that define how the data can be used and
`queried, to allow agents that Submit data to maintain absolute
`control over its use. SDI acts as a trusted-intermediary to all
`parties, and implements an internal market for queries on the
`information, allowing agents to specify prices for data access.
`Furthermore, SDI supports complex queries such as collabo
`rative filtering, that can provide a querying agent with a
`one-time benefit of data access but without long-term access
`to the data that was used to compute valuable results.
`0004. The invention relates to systems that provide per
`Sonalized information, profiling, automated matchmaking
`and information exchange, providing a framework that pro
`tects privacy and allows information collection and profiling
`within a carefully controlled environment. Although the mar
`ginal cost of data duplication is Small, there are hidden costs
`associated with data, for example because of privacy con
`cerns, and data can be a valuable resource in many problems.
`In business-to-consumer (B2C) applications Secure Data
`Interchange addresses the direct conflict between the goal of
`personalization and the need for privacy, preventing the
`exchange and collection of information without knowledge
`and consent. In business-to-business e-commerce applica
`tions (B2B) SDI allows vendors to provide sensitive and
`valuable information, for example about business needs and
`customer bases, in a secure environment that controls access
`and leverages value.
`0005 2. Description of the Prior Art
`0006. The invention of Secure Data Interchange relates to
`a wide-range of application domains, all of which are char
`acterized by a need to exchange information in a privacy
`protected and carefully controlled market-based environ
`ment.
`0007 As a key application we suggest a system for per
`Sonalized information delivery in a networked environment,
`in which the SDI-proxy can fact as a local filter on informa
`tion, based on what it knows about a user's preferences and
`methods for filtering pushed by the provider of content. The
`system allows collaborative filtering through information that
`is provided to the central data warehouse, but never released
`directly to other agents; collaborative filtering methods are
`computed in the central SDI data warehouse. Further moti
`
`vation is provided with reference to some electronic com
`merce applications, that we describe in (A) business-to-con
`Sumer and (B)
`business-to-business e-commerce
`applications.
`0008. In addition to applications within commerce, the
`system of Secure Data Interchanges is central to developing
`many other new products. Examples include the formation of
`“self-help' groups between a set of individuals with common
`interests, and applications to personal information delivery
`systems, e.g. for educational and informational purposes.
`
`A. Business-to-Consumer (B2C) Electronic Commerce.
`0009. The recent explosion of electronic commerce, in
`particular Internet-based individual-to-business electronic
`commerce, presents new opportunities for automated person
`alized information delivery and the automated customization
`of products and services. This type of personalization is very
`valuable to Vendors because it can increase sales Volumes,
`enable cross-selling and up-selling of goods and services, and
`allows vendors to price products dynamically based on infor
`mation about the preferences and goals of customers. Person
`alization is also useful to customers when it correctly identi
`fies the requirements and preferences of a customer, because
`it can reduce search cost and enhance the “shopping experi
`ence'. Perhaps a customer can find the good or service (i.e.
`desirable price/quality/feature tradeoff) that he/she wants
`more quickly than without personalization, or receive infor
`mation about an interesting new productor service that he/she
`did not know about.
`0010. The basis for these new services is that Internet
`based “shop fronts’ can be individualized on a per-customer
`basis, dynamically and in real-time. Traditional main-street
`shops must offer the same store layout to every customer,
`because the layout is physical, although some level of per
`Sonalized service can be achieved through well-trained sales
`assistants, that act as a 'guide' for a customer within a store.
`On-line “shop fronts' are virtual, and configurable at negli
`gible cost to the customer or the vendor, assuming that com
`putation is cheap and fast.
`0011. Furthermore, Internet-based electronic commerce
`can allow business to collect vast amounts of consumer infor
`mation, because customers interact through a computer
`based interface. Customers can be monitored as they browse
`a Web site for products and services. Information such as the
`search-terms that users enter into a search engine, the links
`that users follow, and the length of time spent on each page,
`can all provide an insight into the current goal of a customer,
`i.e. the type of product that he/she wants. When combined
`across different sessions, and with similar information about
`the browsing and purchasing habits of other customers, the
`information can be folded into a long-term view of the pref
`erences and needs of a customer.
`0012 Moreover, new network connectivity enables differ
`ent vendors to exchange profiles for common customers,
`either statically or dynamically, in order to build broad and
`detailed profiles across vendor domains. There exist many
`potentially powerful synergies between the data sets that are
`collected by different vendors, that can be leveraged to pro
`vide appropriate services and products to customers. When
`analyzed with the proper statistical tools these data sets can
`reveal fundamental patterns in the behavior of users, and
`enable a vendor to provide appropriate information to a user.
`Furthermore, access to user-profiles collected by other ven
`dors can enable vendors to provide focused information
`
`Page 00014
`
`

`

`US 2009/0254971 A1
`
`Oct. 8, 2009
`
`delivery to first-time users, and also cross-market services
`with other appropriate vendors.
`0013 Providing user profile information within a care
`fully controlled environment can benefit vendors and users:
`0014 Vendors would find benefit in sharing data with
`other vendors; this would deepen their understanding of
`their customers behaviors and preferences, especially if
`Some customers were traceable across several data sets.
`0015 Users would benefit from sharing data with other
`users. This is already evident in the popularity of news
`groups and web discussion pages catering to individuals
`with shared interests. By learning what other people
`with similar tastes and preferences have discovered and
`enjoyed, a user can sidestep information overload in the
`search for personally satisfying information.
`0016 Vendors can benefit from receiving data about
`users. An obvious example would be in the use of col
`laborative filtering for the marketing of targeted promo
`tions; rather than being deluged with coupons and adver
`tisements that are of absolutely no interest, a user would
`benefit by being presented with advertising that is highly
`relevant. In the process, the vendor would increase
`advertising response rates, boosting overall efficiency.
`0017 Users can receive benefits from providing infor
`mation to Vendors. Personalization of content at ven
`dors web pages, and well-focused banner advertise
`ments at other web sites that they visit.
`0018. The problem is that a user wants controlled person
`alization, in the sense that it might not be desirable for infor
`mation about every on-line transaction that a user performs,
`every on-line document that a user reads, and every web page
`that a user visits, and demographic information, to be avail
`able to every business that the user interacts with, in the
`virtual and physical world.
`
`A.1 Focused Banner Advertising/Content Provision
`0019 Internet-based media sites have followed preceding
`formats in generating revenue from advertising, with content
`to users often provided free-of-charge. The business model is
`similar to that in newspapers, magazines, and television,
`where circulation and audience/readership demographics are
`used to drive revenue. Electronic media presents new oppor
`tunities for media-based business: for example multimedia
`techniques and interactivity, personalized delivery of infor
`mation, and personalized targeting of advertising.
`0020. The problem—as before, is to acquire and leverage
`information about the preferences and interests of a user,
`within a system that protects user privacy (i.e. controls the
`collection and exchange of information about users, and con
`trols the use that is made of that information). A further
`problem is to extrapolate information from a large corpus of
`data about an individual user.
`
`A.2 Mailing Lists
`0021. As another example, suppose that business A
`requests a list of individuals that meet a particular criteria.
`Consumer B meets the criteria, but is only listed for business
`A if A also meets criteria specified by B, for example if A will
`provide information about new products and services that are
`interesting to B. In an application to the profiling of users
`on-line, the problem is that users want to receive the benefits
`
`of targeted products and advertisements, but want to avoid the
`abuse of profile information and control vendors access to
`that information.
`
`B. Business-to-Business (B2B) Electronic Commerce
`0022. The Internet provides businesses with network con
`nectivity with other business, both competitors and partners.
`This connectivity allows businesses to exchange information
`about customers (dynamically or statically), in order to iden
`tify potential new customers, build better profiles for existing
`customers, and up-sell/cross-sell products and services in
`real-time. The problem with this exchange of information
`(that can include Swaps, sells, and rental access) is that busi
`nesses need to (a) protect the privacy of their customers; (b)
`prevent information release to competitors, either directly or
`through third-parties.
`
`B.1 Privacy-Protected Identification of Synergies/Matches
`0023 There are many scenarios where autonomous agents
`would like to be informed of matches under conditions of
`mutual consent, but without information leakage to any agent
`if any one of the agents declines the match. Consider two
`Vendors, A and B, and Suppose the vendors seek strategic
`partnerships with other vendors that have appropriate skills
`and goals. However, Vendor A does not want to broadcast to
`all vendors its need for a business partner or a new alliance,
`instead vendor A wants to be introduced to another vendor
`with the right mix of capabilities; similarly for vendor B.
`What is required is a system that only introduces vendor A to
`Vendor B, and perhaps anonymously at first, if both vendors
`consent to the introduction. The problem is to provide infor
`mation that enables matches, without allowing bad matches
`and abuse of information—i.e. within an environment of
`secure data interchange.
`
`B.2 Credential-based Introductions, Contracting and Mes
`Saging-Systems.
`0024. There are many situations where individual parties,
`for example individuals or businesses, require introductions
`to credentialed individuals and/or businesses, with the aim of
`building a new relationship or making a new contract. Con
`sider for example business associations, where credentials
`about non-bankruptcy, and no previous attempts to defraud
`could be important. Consider Social introductions, where
`individuals might be concerned about past criminal activities
`of new contacts. In the domain of automobiles, we could
`consider a system that identifies other automobiles in the
`physical location of a vehicle that have recently been involved
`in an accident. The problem is to manage certificates within a
`system where users can maintain multiple identities, and to
`protect the release of certificates without suitable provisions
`for terms-of-use and criteria for request.
`
`SUMMARY OF THE INVENTION
`
`0025. The above problems are solved, and a technical
`advance achieved, by the system of Secure Data Interchange.
`The Secure Data Interchange system enables information
`about bilateral and multilateral interactions between multiple
`persistent parties to be exchanged and leveraged within an
`environment that uses a combination of techniques to control
`access to information, release of information, and matching
`of information back to parties.
`
`Page 00015
`
`

`

`US 2009/0254971 A1
`
`Oct. 8, 2009
`
`0026. The system of Secure Data Interchange (SDI) pro
`vides a trusted server containing a large database of informa
`tion that is owned by its providers. Each data record has an
`associated price rule, that controls access to data. The pricing
`model allows a data owner to specify a price for different
`types and amounts of information access, and whether the
`identity of the information owner is required, and the system
`of SDI computes a composite price for a query based on
`aggregated prices for a query over a number of different data
`owners, with an internal market that favors low priced data.
`The pricing model allows discounts based on certificates of a
`requesting agent, and as a special case implements the stan
`dard capability-based access control systems, where informa
`tion is provided to users with appropriate permissions (i.e.
`with zero and infinite prices). In addition, the system of
`Secure Data Interchange allows data to be submitted with a
`level of random perturbation (noise), to provide added pri
`vacy protection, or alternatively allow an agent to specify in
`conditions under which additional noise should be added to
`data. A query is priced before execution, to allow an agent to
`decide whether or not to execute a query, and select between
`alternative types of queries. Binding price quotes are pro
`vided to querying agents, and queries can be scaled to meet a
`budget.
`0027. Data owners can submit data to the central data
`warehouse with different degrees of identification, for
`example anonymously, pseudonymously, or with a true iden
`tity. For example, in the case of data that represents a user's
`profile information, for example information about the inter
`ests of a user, a user might prefer to use a number of different
`pseudonyms for different types of activities that he/she likes
`to engage in online. A user might maintain a number of
`differentaliases within the database, for example to represent
`different types of things he/she likes to do which have little
`bearing on each other.
`0028. Various types of queries can be executed on the
`server, ranging from traditional SQL style queries to collabo
`rative-filtering style queries. The inventions of SDI is not
`predicated on the type of queries Supported, describing
`instead a general system to execute those queries within a
`secure data-controlled environment. We leave the algorithms
`that implements the semantics of a query undefined, but
`define the interface between that algorithm and the data in the
`database, which is protected with price rules.
`0029. A query can perform a considerable amount of com
`putation on records in the database before any information is
`provided in response to a query. We allow general purpose
`programs to run on the server, that might for example perform
`collaborative filtering or other data mining techniques before
`returning aggregate information, for example a new model of
`the profiles of users of a particular interest to a vendor. How
`ever, the total charge for a complete query session is com
`puted as the Sum payment charged by all record pointers that
`are used in computing the final response.
`0030. Furthermore, queries can also take an action on
`behalf of a querying agent, for example asking another agent
`to provide more information about something. We allow que
`ries to be priced, based on a model of “revenue collection', in
`which the SDI server sells the right to access to data on behalf
`of the agents that submit data into the database. We also
`propose to allow “persistent queries', which reside on the
`server for a fixed period of time and return a response to the
`querying agent whenever conditions are met in the data.
`
`Interesting variations of SDI place data in different
`0031
`distributed locations, and move the control of information
`access between a central SDI server and distributed client
`side SDI proxy agents. This allows different tradeoffs
`between privacy and information sharing. It also has impli
`cations for bandwidth and computational requirements
`within SDI. One role of a client-side SDI data warehouse is to
`provide the same functionality as the central shared SDI
`database, but with processing only performed on information
`provided by that agent. This can allow greater privacy by
`allowing a user to retain absolute control over his/her data on
`his/her local machine without even releasing data to the
`shared database.
`0032. In an application to personalized on-line interac
`tions, we describe a client-side SDI proxy which manages a
`user's interactions with the on-line sites of vendors and also
`manages a user's interactions with the central SDI data ware
`house, i.e. providing profile information and controlling pro
`file access. The client-side SDI proxy for an agent that rep
`resents an individual browsing the Internet can manage that
`user's profiles in interactions with other agents, for example
`representing vendors and content providers. The client-side
`SDI proxy can also handle decisions about what types of
`information to Submit to the server, and manages query
`execution on behalf of the agent. The client-side SDI proxy
`agent can also push information about a user's on-line activi
`ties to the central SDI data-warehouse in real time. This
`enables a system of “time-of-purchase-competition' system,
`in which a user can request competitive counteroffers from
`other vendors before making a purchase.
`0033. The system addresses the fundamental conflict that
`exists between rights of privacy and efficiency gains from
`better bilateral exchange of profile/preference information.
`SDI as applied to B2C e-commerce allows consumers to
`receive targeted information about products and services, but
`without the loss-of-privacy that can easily occur in the current
`on-line profiling “free-for-all’. The cookie technology pro
`vided by Netscape to Supported personalized sessions with a
`single vendor on-line has been used by advertising network
`providers such as DoubleClick to track users across multiple
`sites, often without either the consent or knowledge of that
`individual New York Times, Feb. 7, 2000.
`0034. In describing the system of secure data interchange
`we claim the following novel technical ideas:
`0035 (a) Agents can associate price-rules with informa
`tion that is placed in the central database, and retain
`absolute control and ownership overall uses of that data.
`As a special case of price rules, the system supports
`access based on certified properties of querying agents
`(with zero and infinite prices). The pricing model allows
`information providing agents to receive direct value for
`data, and allows agents that request access to informa
`tion to receive a price before a query is executed, and
`make appropriate decisions about what type of queries
`tO eXecute.
`0.036
`(b) A number of novel techniques are proposed to
`allow data processing within the data warehouse without
`releasing too much information to an agent. General
`programs, for example collaborative filtering tech
`niques, can be executed in situ within the data ware
`house, so that agents can receive the aggregate benefits
`of information, without receiving details about the infor
`mation. We might also allow an agent to receive anony
`
`Page 00016
`
`

`

`US 2009/0254971 A1
`
`Oct. 8, 2009
`
`mous or randomized information, and control the
`amount of information that can be received from a par
`ticular record.
`0037 (c) The system of SDI can act as a trusted inter
`mediary between agents, notifying agents about infor
`mation of a particular type, and for example sending
`messages between agents withoutbreaking the identity
`of agents except by consent. A special type of query that
`we call a persistent query allows an agent to maintain a
`permanent "searching presence in the central database,
`always on the lookout for useful information.
`0038 (d) In a key variation we push a small version of
`the SDI data warehouse onto an user's client computer,
`where it acts as a proxy agent, and further proxies an
`agent's interaction with other agents in real time. The
`local SDI data warehouse, called the client-side SDI
`database, is a trusted party to the client, trusted to main
`tain information that it is valuable to the client and use
`that information is appropriate ways. The advantage of
`this method is that an individual never needs to release
`sensitive profile information, it is always heldon its local
`computer but can still receive the benefits of person
`alization.
`0039 (e) We also suggest a client-side SDI proxy that
`can collect information about a user, for example within
`an Internet browsing application, and periodically push
`the collected information to the SDI data warehouse in a
`controlled way. The client-side SDI proxy can also be
`responsible for certain data certification functions, and
`can manage a user's interactions with other agents to
`protect its privacy in non-SDI mediated transactions.
`As an application to B2C e-commerce, the system of SDI
`allows client-side personalization instead of provider-side
`personalization. Instead of passing profile information to a
`provider and receiving personalized information in return,
`providers can provide personalization methods that are used
`interactively with local profile information about consumers
`to target products and services without receiving explicit
`information about a user's profile. In a simple form, the ven
`dor provides complete information about its services, and a
`method to display them to the user based on his/her local
`profile. When describing the application of SDI to electronic
`commerce we also describe methods to implement necessary
`ancillary systems that are essential to Supporting full e-com
`merce functionality within an identity-protected system, Such
`as systems for pseudonymous payments and physical mailing
`of products.
`0040 Collaborative filtering based on profiling informa
`tion from multiple users is supported within the central SDI
`data warehouse, but within a system of economic incentives,
`where users provide profile information in return for receiv
`ing payments from Vendors for that information. This allows
`broad network-wide information to be used for profiling, in
`addition to deep vendor-specific information.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`0041. The novel features believed characteristic of the
`invention are set forth in the appended claims. The invention
`itself however, as well as a preferred mode of use, further
`objects and advantages thereof, will best be understood by
`reference to the following detailed description of an illustra
`tive embodiment when read in conjunction with the accom
`panying drawings, wherein:
`
`0042 FIGS. 1 through 21 illustrate