1. Field of the Invention
The present invention relates to methods for users to communicate securely and anonymously with information providers by electronic messages transported via a public network, and to methods of secure response to such messages.
2. Description of the Related Art
Communications by electronic messages sent over a public network such as the Internet in clear text are vulnerable to being examined by an eavesdropper monitoring the network. Consequently, there is the risk that an electronic message which contains an inquiry and/or response of private information in the clear could fall into the hands of a malicious person. This is particularly worrisome where the inquiry relates to a disease affected with a substantial social stigma, such as AIDS, in which case even just the knowledge of who has made an inquiry to an AIDS testing and/or counseling service could produce great harm.
It is known from U.S. Pat. No. 5,509,064 that a person after anonymously mailing a physical specimen produced with an at-home test kit to a medical test facility can obtain a test result by accessing an automated call handling and routing system and entering a unique personal identification code which came with the test kit.
Such a method is limited to actual mailing of physical material in a sealed envelope or package without a return address, which is assumed to be both secure and anonymous. Further, the call handling and routing system is not amenable to detailed responses to submitted queries.
With regard to communication by secure messages over the Internet, the Internet community has established a standard for Internet Privacy-Enhanced Mail (PEM) (RFCs 1421 through 1424, obtainable at ftp://ftp.rsa.com/pub/). However, this standard does not deal in general with the possibility of secure messages being anonymous, and more importantly, with provisions for reply to anonymous secure messages.
Also, anonymous remailers for electronic mail are known for the purpose of forwarding messages from a message originator to a recipient, with all message header information which could be used to trace the message back to its source replaced by information which just points back to the anonymous remailer. It is possible that the message sent to the remailer for forwarding could be an encrypted one, but the destination address would be in the clear because such remailers are generally not set up to receive and decrypt an encrypted destination address. Consequently, an eavesdropper monitoring electronic mail messages sent to a remailer could determine both actual source and destination addresses. Also, because the remailer must necessarily retain the source addresses of message originators in order to enable replies to be forwarded, there is the risk that the source addresses could be obtained if the remailer were compromised.
There is a need to communicate securely and anonymously by transport of electronic messages over a public network such as the Internet to make inquiries and obtain responses thereto, particularly in relation to obtaining information pertaining to health.