1. Technical Field
The present invention relates in general to commercial transactions and in particular to commercial transactions on the Internet. Still more particularly, the present invention relates to a method and system for maintaining confidentiality of personal information on the Internet during commercial transactions on the Internet.
2. Description of the Related Art
Internet commerce or E-commerce, as it is commonly referred to in the industry, is quickly becoming a preferred method of conducting commercial transactions. Many traditional and non-traditional businesses have realized the vast potential of conducting business on the Internet and have established web sites by which potential customers or clients may remotely access their respective information or products. This merging of business with the electronic medium of the Internet has thus resulted in an increase in commercial and personal transactions, which occur in a non-tangible medium.
E-commerce transactions may be either point-to-point/bipartite (i.e., an individual communicating directly with another individual or a business web site) or multi-point (i.e., many individuals transacting with each other, as in a swap room, or with on-line auctions, for example). Typically, a web server provides the background within which these E-commerce transactions take place.
Currently, most E-commerce transactions are bipartite and occur between a merchant and a buyer. The merchant is represented online by a web site located on a web server and accessible via a universal resource locator (URL) or web address. The buyer connects to the Internet via one of several known means of connecting to the Internet and accesses the merchant's web site. The merchant and the buyer enter into a transaction within the web server, which is recorded in electronic form on the web server as an agreement (or contract). Thus, the contract is typically stored in the web server of the merchant. A buyer may be provided with the opportunity to print the contract prior to terminating the connection to the web site.
As in traditional commercial transactions, disputes often arise about the actual terms (price, quantity, freight charges, etc.) of a transaction subsequent to the creation of the contract. In the traditional arena, contracts are typically in written form and at least one party has signed the original contract document verifying its authenticity. The terms, as written in this document are difficult, if not impossible, to manipulate without being noticeable once the signature has been affixed to the page.
In the electronic medium of the Internet, electronic documents are generated, which are typically stored on the merchant's web server and are easily modifiable. The electronic nature of the document allows anyone with access to the web server to modify the terms of the original agreement. There is thus an inherent uncertainty in the validity of electronic documents. It is therefore difficult for the buyer or a third party arbitrator to determine the authenticity of the documents when a dispute arises.
Several prior art patents have taught methods for ensuring authenticity of communications/documents on the Internet with the use of digital signatures. U.S. Pat. No. 5,949,876 discloses a system and method for secure transaction management for insuring that information is accessed and utilized only in an authorized way. U.S. Pat. No. 5,850,442 teaches the use of public key infrastructure (i.e., smart token technology) to secure electronic transactions. A third party is utilized to register an application which is held and made accessible to the recipient after signature verification/authentication using a smart token.
Both of these patents use a digital signature, which may be provided to both the buyer and merchant. Use of digital signatures, however, has not been adopted widely by the Internet community, particularly due to associated costs and other logistical concerns, such as the complexity involved in creating the digital signatures and revoking lost or compromised digital signatures.
Another method, which utilizes a third party, has been proposed by United Parcel Services (UPS) OnLine Courier®. This method essentially allows the delivery of secure e-mail via the UPS as a depository third party. The sender sends a document using UPS OnLine Courier. The document is securely uploaded to the secure UPS OnLine Courier server, which sends an e-mail notification to the recipient that there is a document delivery for him. The recipient uses the URL provided in the e-mail to download the document from the secure UPS OnLine Courier server via a Web browser. As an option, the sender may specify that the recipient may only download the file if he has provided a password to the UPS OnLine Courier server, insuring the sender that only the intended recipient may open the document.
Another problem encountered during E-commerce transactions is the loss of or low levels of privacy with respect to distribution of personal information (name, address, email address, etc.) of a buyer. Buyers are usually required to enter personal information into the merchant's web site when conducting a transaction. E-bay, for example, provides multi-point E-commerce transactions; however, E-bay displays the personal information of each visitor who transacts on the site and does not provide for any anonymity/confidentiality. Occasionally, merchants subject their buyers to unsolicited e-mails (referred to as “junk mail”) or physical mail, which advertise products of the merchant or another entity to which the merchant has forwarded the buyer's personal information. Also, the buyer may wish to withhold his personal information from the merchant for other reasons.
In some instances, a seller may wish to have his personal information kept private. Currently, anyone may access personal information (such as name and address) about the owner of a web site (i.e., find out to whom a web server belongs) by looking up the domain name in one of the several server databases publicly available through issuers of Internet domain names and affiliated groups.
Prior art attempts to handle this problem includes U.S. Pat. Nos. 5,692,982 and 5,553,145, which disclose the use of a third (trusted) party to transmit an encrypted message from one party to a second party, whereby the identity of the communicating parties may be kept secret (from the third party). A receipt is sent to the sending party when the communication is received by the receiving party. The method also uses a digital signature where each party has a secret signing key and matching public verification key for sending and accessing the content of the communication. Other related patents include U.S. Pat. No. 5,666,420 which utilizes a third party to communicate if a first attempt to communicate directly fails. Chat rooms allow use of pseudonyms during internet communications but do not extend into the internet-based commercial transactions in the context of exchange of financial information.
None of the prior art methods discloses an efficient and globally applicable method for ensuring the confidentiality of personal information of parties to an E-commerce transaction. The present invention thus recognizes that it would be desirable to provide a method and system for providing this functionality (i.e., maintaining confidentiality of personal information during E-commerce transactions) in an efficient and globally applicable manner. A method and system by which a person's personal information is preserved away from the other party in an E-commerce transaction would be a welcomed improvement. These and other benefits are provided in the present invention.