It is known to order products or to request information on certain products in the internet, whereby the ordered products or the information on the products are delivered to the purchaser by mail. Hereby, it is necessary for the purchaser to indicate his personal data, for example, the mailing address, during the ordering process. In case the personal data required for delivering the products or information on the products are already stored in the system, the purchaser has to log into the system in order to authenticate himself to the system. After a successful login, the purchaser, however, has to run through the entire ordering process, in order to be able to complete the order for the product or for the information on the product. This is particularly disadvantageous, if the products or information on the products concerned are gratuitous products or information, for which, besides a valid address for delivery, no further personal data of the purchaser is necessary.
Moreover, it is known to dispatch a newsletter or c-mails to customers or potential customers, by means of which the customers may be informed, for example, about current offers. The newsletter or e-mails may comprise so-called hyperlinks, by means of which the customer is transferred to a specific landing page prepared for that offer, where the customer may initiate an ordering process, as described in the following. Also here, the customer has to run through the entire ordering process, in order to be able to order a product or information on the product.
For both methods mentioned above, it is necessary that a customer also for gratuitous products or information has to run through the entire order process, even if the data required for the delivery to the customer is already stored in the system. Further, the personal data are usually transmitted to the system unsecured such that these data may be picked up by attackers and may be misused.
U.S. Pat. No. 5,960,411 describes a method, according to which a customer may request products via the internet. There it is indeed mentioned that the personal data to be transmitted, as credit card numbers, can be protected from misuse by encrypting the data. However, it is also mentioned there that even the encrypted transmission of the data is not secure, because these may possibly be picked up and decoded by an attacker. For avoiding this problem, U.S. Pat. No. 5,960,411 proposes to transmit as little data as possible. Hereby, however, it is disadvantageous that also these few personal data may be picked up by attackers and—as far as they are encrypted—may be decrypted and misused. The provider of the products, thereby, is not able to find out, whether the order is from the “true” purchaser or from an attacker.