1. Field of the Invention
The present invention relates to systems and methods for storing, accessing and exchanging information, and in particular to a system and method for providing users with granular control over arbitrary information that allows for selective, real-time information sharing in a communications network such as the Internet.
2. Description of Related Art
Information exchange is a common facet of everyday life. For many years, individuals have manually distributed their personal information, such as by passing out business cards, filling out forms, surveys and warranty cards with their names and addresses, providing career and educational information on their resumes and reciting their credit card numbers over the telephone while making purchases. In addition, individuals have manually collected the personal information of others, such as by collecting business cards, maintaining an address book or Rolodex(trademark) and storing telephone books and catalogs. As the amount of exchanged information has grown, the drawbacks and limitations of manual information exchange have become more glaringxe2x80x94i.e., manual information exchange is disorganized, error-prone, repetitive and time-consuming.
In the last decade the amount of exchanged information has exploded, in large part due to the widespread use of computer systems and other electronic devices. Many individuals now have several home and work telephone numbers (used for different purposes such as fax or modem access, pagers, and mobile communication), web site addresses, electronic mail (xe2x80x9ce-mailxe2x80x9d) addresses, electronic bank account numbers, and a variety of other personal identification information. This information is typically stored electronically in databases tied to applications such as personal calendars and personal contact managers, and is typically exchanged through electronic systems such as e-mail and voicemail. Businesses, organizations and other entities have faced even greater growth in the amount of information that is stored and exchanged.
To exchange information, a copy of the information is typically transmitted to the intended recipient. The recipient may desire the information for a transient purpose (e.g., a credit card number for a one-time purchase), in which case the information copy may be discarded after use, or the recipient may desire the information for a continuing use, in which case the information copy may be stored by the recipient in a database. Each time the individual transmits the information to a new recipient, a new copy of the information is generated, and potentially stored in an additional database. This approach to information exchange is characterized with certain drawbacks, such as the lack of control over the copy of the information once it is transmitted and the excessive redundancy that results each time the copied information is stored in another database. Another problem is that copies of the data often become out-of-synchronization, and thus obsolete, as information such as telephone numbers and addresses change.
The tasks of managing, protecting and updating information has grown increasingly burdensome, especially in cases where the information is accessed by a plurality of applications and systems and the stored information is copied to many databases located in different locations. For example, an individual may provide personal address information to hundreds of recipients, such as creditors, subscription, delivery and repair services, friends, family, business associates, etc. Each of these recipients may then store this personal address information in their own databases, such as address books and customer lists. If this personal address information changes (e.g., when the individual changes residence), updating the information requires the individual to transmit a copy of the new information to every individual, business and organization that has a copy of the personal address information. Each recipient must then update each of its databases that have this personal address information. Information such as telephone numbers, home addresses, e-mail addresses and credit card numbers change frequently, making the process of synchronizing information extremely time consuming, burdensome and prone to error. The accuracy and timeliness of this information is important for business communications, interpersonal communications, purchases and various other purposes. Thus, there exists a need in the art for information exchange that is simple, efficient, timely, and is not error-prone.
Certain modern applications provide electronic solutions to some of these problems by synchronizing data in limited contexts. For example, personal digital assistants (xe2x80x9cPDAsxe2x80x9d) are handheld devices that include an internal memory for storing a copy of the user""s personal calendar, address and e-mail information. Another copy of the information is typically stored on a personal computer through applications such as Microsoft Outlook(trademark) and CorelCENTRAL(trademark). When the user adds or updates stored information on either the personal computer or the PDA, the stored information on the other system will be temporarily out of date. A typical PDA includes a cradle that may be connected to the personal computer to provide a communications link between the two systems. When the PDA is inserted into the cradle, the user can press a button on the PDA to synchronize the stored information in the two devices. While this solution is adequate for some personal information, it is characterized with much of the same drawbacks discussed above. The data will be untimely until the PDA is physically placed into the cradle and the synchronization function is performed. Further, stored information that has been exchanged with third parties will not be updated through this synchronization procedure. The third parties will need to be individually contacted with the new information and the third party will then need to update each of its databases.
Another solution in the prior art is to provide a centralized database that multiple individuals may access. For example, a university may keep its alumni information in a centralized database that is accessible to its alumni through the Internet. Individual alumni may edit their information profiles and view the profiles of other alumni through a university web site. Because the same copy of the stored personal information is used for both updating and viewing, there is no need to transmit copies of the personal information to other alumni when the information is updated. Although the centralized database simplifies information exchange between alumni, there are still many drawbacks. For example, the user would still need to notify non-alumni (e.g., creditors, family, friends, business contacts) of the changed information. Further, the data may not be gathered in a manner that is useful for the user. Many individuals would prefer to maintain their own database of contacts that are relevant to the individual, and this database would likely include non-alumni (e.g., creditor information, family, friends), and exclude many alumni. As a result, information stored in centralized databases is still copied to individuals"" personal address books and other databases.
Another problem in the prior art is controlling access to stored information. For example, an individual may want to provide broad access to personal contact information such as address and telephone number, but may not wish to publicly share credit card information that is stored in the same database. While making an online purchase, the individual may need to provide the public address information as well as the personal credit card information. Thus, it would be desirable for a secure system and method that would provide individuals with control over their stored information so that the individual can control who and for how long that information is accessible.
In view of these problems with the prior art, there exists a need for a system and method for information exchange that provides control over the content of stored information, as well as control over the access to the stored information. Individuals, businesses, and other entities should be able to group and customize the stored information in a useful manner. The system and method should be easy to use, efficient and allow for timely sharing of information with selected individuals on a granular level and provide security against unwanted disclosures and edits to the stored information.
The present invention provides a system and method for information exchange that provides control over the content of stored information, as well as control over the access to the stored information. Each user of the system and method has granular control over its own user profile information, and can control access to each stored data element of its user profile information on a user-by-user basis.
In accordance with a preferred embodiment of the present invention, an information exchange system includes a storage system adapted to store profile data for a plurality of users. The information exchange system is connected to one or more registered users through a communications network, such as the Internet, to allow each respective registered user to access, edit and manage the registered user""s profile data through a network device. The network device may be any device that is adapted to communicate with the information exchange system through the network, such as a personal computer running a standard Internet web browser application, a personal digital assistant (xe2x80x9cPDAxe2x80x9d), a wireless application protocol telephone (xe2x80x9cWAP phonexe2x80x9d), a pager or a network appliance. The information exchange system includes a plurality of online applications that are accessible to the registered user and generate or make use of profile data having attributes that are proprietary to the registered user. In the preferred embodiment, the applications available to the registered user include personal e-mail, chat rooms, personal calendars, contact management and document management applications.
The registered user""s attributes may be stored in pre-defined data fields created by the information exchange system and its applications, or in user-defined data fields created by each respective registered user. One or more of these attributes (both pre-defined and user-defined) may be logically grouped into views that also may be either pre-defined or user-defined. The registered user may selectively grant access to each view to one or more third parties, such as friends or family members. Preferably the registered user""s profile data is kept private by the information exchange system until the registered user provides access to a view of the stored data.
In addition to profile data generated through applications such as e-mail and personal calendar, the information exchange system may be used to track the registered user""s use of the network, including places visited, pages read, items purchased online, etc. This data, along with the other profile data, is valuable to both the registered user and vendors who may wish to direct advertisements or product offers to the registered user. In a preferred embodiment of the present invention, the vendors will not receive this information unless and until the registered user provides access to the vendor. Further, the registered user may selectively xe2x80x9cpushxe2x80x9d certain subsets of profile data to one or more vendors, or to a centralized recommendation engine. Each vendor may use the pushed profile information to direct advertisements, product offers and other information to the registered user, as well as to automatically fill in data entry forms with relevant profile information. If the profile information is pushed to a centralized recommendation engine, then the profile information is processed and appropriate vendor information from one or more vendors (such as a product offer) may be selectively provided to the registered user. The registered user may have control over which vendors have access to its profile data, and which subsets of the profile data are provided to those vendors.
The information exchange system and its storage system may be distributed across a plurality of devices, which may be physically located in one or more geographic locations. Further, one or more affiliated entities, including its own storage system for storing profile data, may also be connected to the network. The affiliated entity may be any entity that desires to maintain control over its internal information, such as a corporation running an intranet. The affiliated entity may include e-mail, document management, calendaring, internal contact databases and other applications, and the data from these various applications may be stored on the data storage system.
In operation, the registered user may access profile data located on any information exchange system or affiliated entity that is connected to the network, provided access has been granted to the registered user. The registered user logs onto either an affiliated entity or an information exchange system, preferably through a World Wide Web address. When the registered user requests profile data, the profile data is automatically retrieved from the various locations and made available to the registered user. In a preferred embodiment, the affiliate includes a software firewall that can prevent external access to a subset of the profile data stored on its affiliate storage system. Through the software firewall, the affiliate, on a field-by-field and person-by-person basis, may prevent a certain subset of information from being accessed through the network, while allowing the remainder of the information to be freely accessed through the network if its associated registered user has granted access thereto.
The information exchange system may also be used with unaffiliated data storage sites such as an external e-mail system including an e-mail data storage, an external personal calendar database or an external file system. The information from such sites may be centrally accessed through the information exchange system.
In a preferred embodiment, intelligent synchronization software is loaded onto the network device of certain registered users. The intelligent synchronization software operates in the background to detect network activity, and then automatically pulls newly updated information from the information exchange system, such as new addresses, e-mail addresses and messages, meeting invitations, and new files stored on the information exchange system, onto the network device and updates any local databases with the new information. The intelligent synchronization software may be used to provide Internet capabilities to standalone database applications and systems.
A preferred embodiment of the information exchange system includes a secure hardware configuration to protect the registered user""s stored profile information from hackers. The information exchange system includes a main server and a plurality of secondary servers, connected through a first network. Each server is also connected directly to the network. The secondary servers are further connected, through a second network, to a storage system, a database management system and an e-mail system. The database management system stores user profile information and is additionally connected to a key management system.
When a user first registers with the information exchange system, a unique user identification (xe2x80x9cIDxe2x80x9d) is generated, as well as a random public/private key pair which is generated by the key management system. In order to store information on the information exchange system, the key management system generates a secret key for each separately stored data element. Each data element is encrypted with its secret key, and then stored in a database table, along with a universal identifier (xe2x80x9cIDxe2x80x9d) for the data element. The secret key is encrypted using the user""s public key, and the encrypted secret key is then stored in a key chain database, along with the user""s unique ID and the universal ID. Because all of the data is encrypted, other users of the information exchange system cannot view the content of any stored data element of user profile information unless access is provided to that content""s secret key.
To grant access to stored data, the registered user first selects a data element from the user""s stored profile information. The registered user then selects one or more third party users to which access to the selected data element is to be granted. The information exchange system then retrieves the third party""s public key from its user profile. The registered user""s copy of the encrypted secret key for the selected data element is located, and it is decrypted using the registered user""s private key. The secret key is then encrypted using the third party""s public key, and stored in the key chain database, along with the third party""s user ID and the universal ID for the data element. The registered user may create a view of one or more data elements, and access to one or more views may be granted to one or more groups of users created by the registered user. In the preferred embodiment, pre-defined views and groups are also provided.
After access has been granted, it can be denied on an element-by-element and person-by-person basis. First, the registered user selects one or more users and one or more data elements. For each user, the key chain database is searched for every record including the associated user ID and a universal ID of a selected data element. Each record, which includes the encrypted secret key generated by the registered user when access was first granted to the user, is then deleted.
In the preferred embodiment, if the registered user forgets his password, then the registered user""s private key cannot be recovered from the key management system due to the system""s security features. Without the proper private key, the registered user""s encrypted secret keys cannot be decrypted, and consequently, none of the encrypted data elements can be decrypted. As a result, the registered user cannot access its own user profile. To solve this lost password problem, a preferred embodiment includes a key escrow feature that tracks a virtual registered user. The virtual registered user includes many of the same features as an actual registered user, including a public/private key pair. Every time a data element is stored on the information exchange system, the virtual registered user is automatically granted access to the data. In other words, a copy of the secret key for the new data element is encrypted using the public key of the virtual registered user and stored in the key chain database.
A preferred embodiment of a password recovery process includes the steps of, generating a new password; creating a new public/private key pair; generating a temporary password; searching the key chain database for every instance of the registered user""s ID, and for each record found decrypting an associated secret key with the virtual registered user""s private key; encrypting the secret key using the new public key; and storing the new encrypted secret key in the key chain database.
A more complete understanding of the SYSTEM AND METHOD FOR SELECTIVE INFORMATION EXCHANGE will be afforded to those skilled in the art, as well as a realization of additional advantages and objects thereof, by a consideration of the following detailed description of the preferred embodiment. Reference will be made to the appended sheets of drawings which will first be described briefly.