The invention disclosed herein relates to transactions over a communications network between first and second parties, including ordering of a good and/or delivery of the good and/or payment for the good while securing private and personal information specific to the first party or the network device used by the first party with respect to the second party and unauthorized parties, i.e., others who may or may not be parties to the transaction. Such information may include the first party's identity, financial information (where a purchase is involved) and address. The first party may be a consumer or retail customer and the second party may be a merchant or retailer. The good may be delivered to a physical address or electronic address designated by the first party or to a physical depot for pick-up by the first party, while providing complete anonymity of the first party with respect to the second party.
“Communications network” is meant in a broad sense, and may include any suitable technology for information transmission, including electrical, electromagnetic and optical technologies. Such a network may include a computer or computers associated with the first party, a computer or computers associated with the second party and/or a computer or computers associated with the network. Such a communications network may link computers, e.g., a LAN or WAN. Although the invention has particular application to an open network such as the Internet, it may also be used in other networks, internets and intranets. Therefore, while much of the following description makes specific reference to the Internet, it is to be understood that there is no intention to limit application of the invention to the Internet and that the invention has application to any suitable network. Further, while the invention is primarily directed to the ordering and/or purchase and physical delivery of goods from retailers selling electronically over a network, it also applies to the ordering and/or purchase of goods that may be delivered electronically and to the purchase and delivery of services that result in a deliverable.
The growth of electronic commerce (e-commerce) over the Internet has been explosive, and expectations are that such growth will continue. However, the Internet as an open network provides opportunities to legally and illegally collect and use vast amounts of information which people consider private and personal, and concerns over privacy, fraud and security online could inhibit the continued explosive growth of business-to-consumer electronic commerce. Currently, shopping, browsing or other information-sharing activities on the Internet exposes users to unwanted collection of their private and personal information, from which their identities, activities, behaviors and preferences can be ascertained. Many people are fearful that someone may be watching their every move when they interact on the Internet, and that somehow information collected by such persons will be used to their disadvantage, from outright theft using credit card information to unwanted intrusions from marketers in the form of “spam” email, and other intrusive activities. (See, e.g., 1999 National Consumer League: Consumers and the 21st Century, New York: Louis Harris & Associates, Inc., 1999).
In fact, information on the Internet is currently being captured from mouse clicks made on a Web browser by a user, and from information transmitted by a user to a Web site. This information can be processed, for example, to electronically profile users, and used or sold, depending upon the data collector's privacy policy. Internet users are becoming aware of the relative ease with which parties may obtain their private and personal information and are concerned about the gathering of such information and the potential for its distribution. They are also concerned about interception of credit card numbers and other financially related data.
As a result, many people, fearful of providing their private and personal information, are restricting their use of the World Wide Web. This may be manifested by potential users seldomly accessing the Internet, by users cautiously not submitting or clicking anything of a private or personal nature, and by users not entering into e-commerce transactions, any of which of course inhibits e-commerce and development of the full potential of the e-commerce marketplace.
Since most business-to-consumer transactions conducted over the Internet involve the use of credit or debit cards, and consumers are protected by the legal limits on liability for the unauthorized use by third parties of their cards, the parties most concerned about security and fraud prevention have naturally been the banks, credit card companies and merchants which must bear the cost of fraudulent transactions for which their card holders are not legally liable. Encryption of credit card and other data transmitted over the Internet helps banks and credit card companies protect against unauthorized use of credit cards.
Nonetheless, despite the limitations on their legal liability described above, a great number of consumers remain hesitant about electronic commerce. Their concerns include questions about whether the merchants doing business in electronic commerce actually exist outside of “cyberspace,” whether they will misuse credit card, private and personal information provided to them, whether they will correctly and honestly fulfill orders, honor product warranties and return-for-credit guarantees, and the like. (See G. Gray and R. Debreceny, The Electronic Frontier, 185 Journal of Accountancy 32-37, May 1998.)
To complete an electronic transaction in current and emerging e-commerce, one or more of the parties to the transaction must pass private and/or personal information to another party. For example, in the transaction represented in FIG. 1, a first party customer (consumer) submits an order for a good in step 1.1 to a second party merchant (retailer) using a WWW form. The second party merchant in step 1.2 requests credit authorization for the transaction with a respective credit card clearing entity. Upon authorization of the transaction by the credit card clearing entity (step 3), the merchant confirms the transaction with the customer (step 1.4) and then provides for transfer of the good to a shipper (step 1.5) who delivers it to the customer (step 1.6). These different steps involve transfer of private and/or personal information among the parties. The customer provides credit card information and a shipping address to the merchant. The merchant passes the credit card information and the sum of the transaction to the credit card clearing entity. The merchant may also pass identification of the purchased good or service to the credit card clearing entity, at least in cases where the credit card clearing entity provides or extends product warranties or another service which require an identification of the good. The merchant provides for transfer of the good to a first party's shipping address usually in the name of the first party which are both provided to the shipper.
Additionally, underlying communication protocols and systems may provide additional private and/or personal information. The customer's computer has an identifying IP address used to route data packets to the merchant computers or servers. This IP address is often monitored by unknown parties and merchant systems, and incorporated in databases to enable the merchant and others to identify the customer as soon as the customer accesses services in the future. Over time, merchants (and others) collect such private information and share it with various entities compromising consumer privacy.
These databases are provided or bought and sold among organizations and companies who may then correlate this information along with other information producing larger databases that store very detailed history of the user's activities and behaviors, often without user's being aware of this activity. Users' histories are thus correlated over time often using their transactions that are linked to their true identity.
Tools have been developed to address privacy and security concerns of Internet users. (See, for example, the February,1999 issue of communications of the ACM, Vol. 42. No. 2.) One approach developed to help protect the identity of Internet users which allows them to surf the Web anonymously utilizes anonymizing agents, which prevents a user's IP address from reaching a Web site. This approach requires that the users trust the anonymizing agent. Some of these tools enable Internet users to insert pseudonyms into Web forms, so that users can anonymously return to the same site as the same user. Different pseudonyms can be provided for different Web sites. Examples of anonymizing (and pseudonym) agents include: “Anonymizer”(www dot anonymizer dot com) ; “Lucent Personalized Web Assistant”(LPWA) (www dot bell-labs dot com); Novell Directory Services (NDS) “digitalme”; Zero Knowledge System's “Freedom”( www dot zeroknowledge dot com); and PrivaSeek's “PersonaXpress” ( www dot privaseek dot corn and www dot personaxpress dot com.) Another approach, which does not require an anonymizing agent, randomly routes requests to a Web site through numerous users without shielding the IP address of any of the users so that neither the destination Web site nor any user (or intermediate node) through which the request was routed can determine the IP address of the originating user. Examples of tools which provide anonymity in this way include: “Crowds” ( www dot research dot att dot com/projects/crowds); and “Onion Routing”( www dot onion-router dot net).
In addition, a privacy seal program has been instituted by a non-profit organization, TRUSTe. Display of the TRUSTe “trustmark” by member Web sites requires that they adhere to established privacy principles and agree to comply with ongoing TRUSTe oversight and consumer resolution procedures, including: adoption and implementation of a privacy policy that takes into account consumer anxiety over sharing personal information online; notice and disclosure of the Web site's information collection and use practices; and the opportunity for users to exercise control over their information.
European Patent Application Publication EP 0 855 659 A1 of Lucent Technologies Inc. describes a proxy system that allows anonymous browsing on the Internet. The proxy system substitutes identifiers in browsing commands received from a user which would identify the user, and filters other information (e.g., HTTP Header fields) associated with browsing commands that would allow server sites to determine the true identity of users. The substitute identifiers are site specific, and are consistently used so that a server site recognizes a returning user and may provide personalized service, and so that the proxy system is transparent to server sites. The proxy system may perform all functions within a central proxy system, or some functions in a peripheral proxy system (e.g., at a user site) and some in a central proxy system. The proxy system may provide its own credit card number or an alias credit card number to a requesting site and collect money from its users.
U.S. Pat. No. 5,794,221 discloses an Internet billing method in which an ISP through agreement with customers and vendors pays vendors and collects from customers for products and services purchased by the customer over the Internet without the need for the customer to transmit credit information to the vendor. While the method improves security of the financial aspect of a transaction, the customer browses in the usual way and the method does not provide for customer anonymity.
Examples of systems and methods for anonymous and/or secure Internet communications and transactions are disclosed in U.S. Pat. Nos. 5,420,926, 5,557,518, 5,729,594 and 5,815,665, Japanese Patent Application Publication 1-320646 dated Apr. 12, 1998, and WIPO International Publication No. WO 97/26612.
As shown in FIG. 1 and discussed above, purchase of a good over the Internet requires delivery of the good, which in turn requires a postal address. Postal addresses today are maintained on numerous databases, many of which are available from a number of commercial sources. Address matching software is likewise commercially available. Hence, a first party's postal address can be sufficiently revealing of personal identity that without some means of hiding address information from a second party, any effort by a first party to remain anonymous or unknown to the second party cannot be guaranteed. Although this problem has been recognized, to the knowledge of the inventors it has not been addressed, and there is no e-commerce system which allows a first party to electronically purchase a good from a second party while not only securing the identity of the first party, but also the first party's postal address. The use of post office boxes, discussed below, is an improvement, but not a solution.
As represented in FIG. 2, shipping involves at least three participating entities: a sender—an entity that wishes to deliver a good, who can be a merchant, vendor, retailer or provider of the good; a recipient—a target entity to receive the good—who can be a customer or purchaser or orderer of the good; and a shipper—an entity that transports the good from the sender to the recipient. In a typical Internet transaction involving shipping, the sender provides identification of the recipient and the recipient's address to the shipper in order for the shipper to deliver the good to the recipient. The recipient must initially provide data on his, her or its identity and address to the sender or the shipper or both. This data may be collected, analyzed and correlated with other data to compromise the privacy of the recipient.
The need for private shipping has been known for a long time and is currently addressed through the use of a post-office box (POB), or its variants. A recipient can use a POB to hide his, her or its identity from a sender. A recipient must however disclose his, her or its identity to the POB operator (e.g., the post-office (shipper), or private operators)—which functions as a trusted entity—once, and then uses the POB to protect the recipient's identity from the sender.
There are several drawbacks to the use of POB techniques in providing privacy-protected shipping for electronic commerce.                1. Pre-arranged relationship: a POB requires the recipient to first arrange for a mailbox with the POB provider. This restrictive requirement discourages use by persons or entities who occasionally desire privacy. POB is typically used for other reasons and for mass market privacy-protected distribution applications.        2. Pre-allocated space: the provider of a POB service pre-allocates storage space for the mailbox owner and charges each mailbox owner a storage fee. This restrictive requirement also discourages use by persons or entities who occasionally want privacy.        3. Inability to handle returns: a POB provides one-way privacy protection. If the recipient wishes to return the good in a verifiable way, the recipient must disclose his, her or its identity and association with the POB.        4. Non-provability of delivery: in a dispute concerning a lost package, the shipper cannot prove that a package was actually delivered to the recipient.        5. Coordinated comprehensive privacy protection: shipping is only part of a commerce transaction through which a purchaser exchanges information with a vendor to purchase and obtain the good. To protect privacy, one needs to assure that no private data is transmitted through the entire transaction. POB shipping does not accommodate simple or obvious mechanisms that may be coordinated with other elements of the transaction to assure privacy.        6. Single-failure compromisability: the privacy of a POB owner can be compromised through a single incident of correlating the identity of the owner with the mailbox number.        
There is thus a need to protect private and personal information, particularly of first party users (purchasers, consumers, etc.) and provide security in e-commerce transactions, particularly where delivery and/or purchase of a good is involved.