SYSTEM AND METHOD FOR INCREMENTAL DISCLOSURE OF
PERSONAL INFORMATION TO CONTENT PROVIDERS
FIELD AND BACKGROUND OF THE INVENTION The present invention relates to a system and method for incremental disclosure of personal information to content providers, and in particular, to such a system and method in which the user is able to select which personal information is disclosed through the Internet, for example while viewing a Web page, as well as the circumstances under which that information is to be disclosed. Web pages are popular for both Web page viewers, who may wish to receive information and/or to be entertained, and for Web page providers, who can reach a wide audience through the Internet. In order to tailor the content of the Web pages to the interests of the Web page viewers, and hence to attract more viewers and/or to attract viewers which fit a particular profile, Web page providers attempt to gather as much information as possible concerning the interests of the Web page viewers.
One mechanism for gathering such information is the provision of "cookies", which can be used to create a stateful session with HTTP (HyperText Transfer Protocol) requests and responses, as described in RFC 2109 (RFC 2109: HTTP Slate Management Mechanism, D. Kxistol and L. Montulli, February 1997; http://www.cis.ohio-state.edu/htbin/rfc/rfc2109.html as of December 28, 1999). Cookies enable client Web browsers and Web servers to exchange state information across Web pages, for example in order to tailor content for individual Web page viewers, or to create ''shopping carts" for online visitors to a Web site. The Web server of a content provider can initiate the creation of a cookie by sending state information to the client Web browser at any time. If the client Web browser accepts the cookie, the information is stored locally at the computer operating the client Web browser, and must be returned to the Web server with every subsequent request.
HTTP cookies enable Web page providers to create and manage private databases for storing information about Web page viewers who visit the Web pages of the provider. When the Web page viewer returns to the Web pages of the provider, the Web server requests the cookies from the Web browser of that viewer, and retrieves the information stored inside the cookies as a key to search through the private database for information about the Web page viewer. The Web page content which is to be displayed by that Web page viewer is then tailored according to the information stored in the database.
Another common mechanism for identifying Web page viewers uses regular HTML to store hidden keys which uniquely identify the viewer, such that the Web server generates Web pages containing these keys on the fly.
HTTP cookies and HTML with hidden keys have the advantage of being part of the standard for communication through the World Wide Web. Most widely available Web browsers, such as Netscape™ Navigator™ and Microsoft™ Internet Explorer™, support cookies. Indeed, cookies have become a common mechanism for tracking the behavior of Web page viewers, and for identifying return visitors to a Web site, thereby enabling the content provider to tailor the content of the Web site to the personal preferences of the viewers. On the other hand, the identification of such personal preferences, and the storage of the associated information in a remote database over which the Web page viewer has no control, raises a number of privacy-related issues.
First, personal information which identifies the Web page viewer, such as the name, home address and credit card number, may be stored in such databases, thereby threatening end-user privacy. Such identifying information is not necessary to identify a return visitor to a Web site for the purpose of tailoring content for that user. Furthermore, the fact that such information is stored may cause Web page viewers to feel uncomfortable with the entire process of gathering information, such that the viewers may wish to limit any information which is gathered, for example by rejecting all cookies, or by providing only limited personal information to the content provider. This in turn may result in the provision of Web page content which is less tailored to the needs of the viewer, and hence to a less satisfying Web page experience.
On the other hand, many viewers are not aware of the ability to accept or reject cookies by their Web browser, or of the privacy implications of such cookies. Indeed, the default behavior of most Web browsers is to accept all requests for cookies. Therefore, these Web page viewers may experience implicit unauthorized infringement of their privacy.
These local, private databases are also disadvantageous for the content provider, since the collected user information is based solely on the experience of the Web page viewer within the Web site of that particular content provider, thereby reflecting only part of the personality and interests of the user. Furthermore, the content provider may overestimate the importance of such information to the Web page viewer, even if the Web browsing experience from which the information was gathered represents only a transient phase of the life of the Web page viewer. A more preferred solution would enable the content provider to also receive a personal profile of the Web page viewer, containing user information about a plurality of characteristics
of the user. The content provider could then integrate this profile-derived information with information derived from observing the actions of the Web page viewer when browsing through the Web site of the content provider, for a more complete picture of the interests of the user. Currently, users might be wary of providing such personal information, as previously described. However, the preferred solution would also include privacy protection, such that the user could determine when and how the information is released. Such a solution would thus combine privacy protection with more accurate information gathering, thereby benefiting both the Web page viewer and the content provider. Unfortunately, such a solution does not currently exist. There is thus a need for, and it would be useful to have, a system and a method for both providing a personal profile to a content provider when a user is operating a Web browser, and for enabling the user to select when and how the information contained in the personal profile is released to the content provider.
BRIEF DESCRIPTION OF THE DRAWINGS The foregoing and other objects, aspects and advantages will be better understood from the following detailed description of a preferred embodiment of the invention with reference to the drawings, wherein:
FIG. 1 is a flowchart of an exemplary method for determining a personal profile and disclosure policy according to the present invention; and FIGS. 2A and 2B are flowcharts of exemplary methods according to the present invention for handling HTTP cookies;
FIG. 3 is a schematic block diagram of an exemplary system according to the present invention;
FIG. 4 is a flowchart of an exemplary method according to the present invention for creation and matching of profiles for users and content providers; and
FIG. 5 is a schematic block diagram of a second exemplary but preferred embodiment of the system of the present invention.
SUMMARY OF THE INVENTION The present invention is of a method and a system for protecting the privacy of the user, while enabling the user to predetermine the disclosure of selected items of information to particular Web sites, for example according to the type of Web site and/or the type of information. Preferably, the user may optionally select a mode in which the permission of the
user is requested each time that a particular type of information is requested by the Web site content provider. These items of information are preferably collected into a user profile, for which disclosure is controlled according to a disclosure policy. Also preferably, the user is able to control the overall disclosure of items of information by first selecting a browsing mode, such that the disclosure of a plurality of items of information is determined according to the browsing mode. Alternatively, the browsing mode may optionally be determined automatically or by the content provider.
According to preferred embodiments of the present invention, the distribution of cookies is also controlled according to the disclosure policy. Preferably, the distribution is generally controlled according to whether the browsing mode is anonymous, such that the identity of the user is not provided; or involves the identification of the user.
According to the present invention, there is provided a method for controlling disclosure of a plurality of items of information to a content provider by a user, the method comprising the steps of: (a) associating each item of information with a type of disclosure, such that the disclosure of the item of information to the content provider is determined according to the type of disclosure; (b) examining the type of disclosure to determine if disclosure of the item of information to the content provider is permitted; and (c) if disclosure is permitted, disclosing the item of information to the content provider.
According to another embodiment of the present invention, there is provided a system for controlling disclosure of a plurality of items of information by a user, the system comprising: (a) a Web site content provider for requesting an item of information from the user in a request; (b) a proxy server for intercepting the request; (c) a user personal profile for containing the plurality of items of information, including at least one type of disclosure for determining whether the item of information is disclosed to the Web site content provider by the proxy server. According to yet another embodiment of the present invention, there is provided a method for controlling disclosure of a plurality of items of information to a content provider by a user, the content provider having an associated Web site, the method comprising the steps of: (a) associating each item of information with a type of disclosure, such that the disclosure of the item of information to the content provider is determined according to the type of disclosure; (b) accessing the Web site by the user; (c) requesting disclosure of an item of information by the content provider; (d) automatically examining the type of disclosure to determine if disclosure of the item of information to the content provider is permitted; and (e) if disclosure is permitted,
disclosing the item of information to the content provider. According to an alternative embodiment, steps (b) and (c) are reversed in the order of execution.
According to still another embodiment of the present invention, there is provided a method for controlling disclosure of a plurality of items of information to a content provider by a user, the method comprising the steps of: (a) receiving the plurality of items of information from the user; (b) associating each item of information with a type of disclosure according to a request of the user, such that the disclosure of the item of information to the content provider is determined according to the type of disclosure; (c) storing the plurality of items of information in a database; and (d) accessing the database by the user to alter an item in the database. Hereinafter, the term "computer" includes, but is not limited to, personal computers (PC) having an operating system such as DOS, Windows™, OS/2™ or Linux; Macintosh™ computers; computers having JAVA™-OS as the operating system; and graphical workstations such as the computers of Sun Microsystems™ and Silicon Graphics™, and other computers having some version of the UNIX operating system such as AIX™ or SOLARIS™ of Sun Microsystems™; the Palm OS; embedded operating systems for mobile telephones, as well as WAP-enabled devices and other cellular telephone devices which are able to receive content through the Internet, or any cellular telephone device which communicates according to the I-mode protocol (Japanese packet-based cellular telephone communication protocol) or UMTS (Universal Mobile Telecommunications System; also a mobile device communication protocol); or any other known and available operating system. Hereinafter, the term "Windows™" includes but is not limited to Windows95™, Windows NT™, Windows98™, Windows CE™ and any upgraded versions of these operating systems by Microsoft Corp. (USA).
Hereinafter, the term '"computing platform" refers to any particular operating system and/or hardware device, as previously described, according to which the format for data communication is determined.
Hereinafter, the term "Web browser" refers to any software program which can display text, graphics, or both, from Web pages on World Wide Web sites. Hereinafter, the term "Web page" refers to any document written in a mark-up language including, but not limited to. HTML (hypertext mark-up language) or VRML (virtual reality modeling language), dynamic HTML. XML (extended mark-up language), WML (wireless mark-up language) or related computer languages thereof, as well as to any collection of such documents reachable through one specific Internet address or at one specific World Wide Web site, or any document obtainable through a particular URL (Uniform Resource Locator). Hereinafter, the term "Web site" refers to content
which is provided through a mark-up language or an equivalent thereof. Hereinafter, the term "Web server" refers to a server for providing one or more Web pages to a Web browser upon request.
Hereinafter, the phrase "display a Web page" includes all actions necessary to render at least a portion of the information on the Web page available to the computer user. As such, the phrase includes, but is not limited to, the static visual display of static graphical information, the audible production of audio information, the animated visual display of animation and the visual display of video stream data.
Hereinafter, the term "Web session" is defined as a continuous sequence of HTTP requests and replies, WAP requests and replies, or any other request and reply combination according to a communication protocol between a Web browser and a specific Web site, such that communication between the Web browser and the Web site is performed according to the particular protocol.
Hereinafter, the term "user" refers to an individual who interacts with, or "uses", a Web browser.
Hereinafter, the term "content provider" refers to an entity which makes a wide range of content available through a network, including but not limited to, information, commercial content, video data, and audio data. In addition, the network through which such content is provided could be any of a number of different infrastructures, including but not limited to. WAP (wireless application protocol). SMS (short message system), voice channels and the Internet.
The method of the present invention could be described as a series of steps performed by a data processor, and as such could optionally be implemented as software, hardware or firmware, or a combination thereof. For the present invention, a software application could be written in substantially any suitable programming language, which could easily be selected by one of ordinary skill in the art. The programming language chosen should be compatible with the computer hardware and operating system according to which the software application is executed. Examples of suitable programming languages include, but are not limited to, C. C++ and Java.
DETAILED DESCRIPTION OF THE INVENTION
The present invention is of a method and a system for protecting the privacy of the user, while enabling the user to predetermine the disclosure of selected items of information to
particular Web sites, for example according to the type of Web site and/or the type of information.
The conceptual model behind the method and system of the present invention involves an extension to Web sessions through the Internet, which allows the content provider to receive at least a portion of the information from the personal profile of the user who initiated the session. The personal profile preferably contains a plurality of items of information which can be used by content providers for tailoring the Web page content to the needs and interests of the user. Optionally, content providers may be interested in only certain items of information in the personal profile, such that only these items are relevant to the tailoring of content from that particular Web site. More preferably, the user is able to add and remove information, and to otherwise modify the personal profile.
This personal profile information is preferably available to the content provider as soon as the Web server for the Web site receives an HTTP or WAP request from the Web browser of the user. Optionally and more preferably, the content provider could then immediately tailor the provided Web page content to the interests of the user, such that the HTTP or WAP reply would contain content which is more closely suited to the user.
However, the personal profile also contains a disclosure policy, which enables the user to control the dissemination of the personal profile information. The disclosure policy preferably determines how, to which Web content provider(s) and under which circumstances the information from the personal profile is disclosed. More preferably, the disclosure policy also includes specific rules for the disclosure of items of personal profile information. Optionally, general rules for the release of items from the personal profile are also included in the disclosure policy.
According to a preferred embodiment of the present invention, the item of information as disclosed may be different than the stored item of information in the user profile. For example, if the age of the user is 27 years, then the age is optionally disclosed as "25-30 years" as a range, rather than as an exact numerical value. The item of information is also optionally disclosed as a range for non-quantitative values, in which the non-quantitative value is characterized according to a text description. For example, if the user enjoys fishing and hiking, then the non-quantitative value disclosed could be "enjoys outdoor activities". An exemplary disclosure policy is shown in Table 1 below.
Table 1.
In this example, whenever a content provider requests a certain item of information, such as the gender of the user, which is marked as "Always", the content provider always receives this item of information.
However, if the content provider requests an item which is marked as "Ask", such as the age of the user, then permission is first requested from the user. For example, an explicit confirmation window could be displayed through the GUI (graphical user interface) of the display screen of the user, requesting confirmation for the disclosure of the age of the user. The item of information is then provided to the content provider only if the user confirms that such a disclosure is permitted. Preferably, information which is considered to be particularly sensitive or private, such as the address of the user or the credit card number of the user, is only provided upon receipt of the approval of the user, such that these types of information are preferably marked as "Ask". Other items of information are optionally automatically provided only to certain Web page providers, such as the nutrition preferences of the user in this example, which are only provided to "www.food.com". but which are always provided to this Web site.
Optionally and more preferably, as described in greater detail below, the user is able to simultaneously determine the behavior of a plurality of information items with a single attribute. Most preferably, this attribute is expressed as a "browsing mode", in which the behavior of the selected information items corresponds to the type of Web browsing session and corresponding Web browser behavior which have been selected by the user. This preferred embodiment enables the user to control the behavior of these information items in a more efficient manner, without the requirement for the user to determine the level of disclosure for each information item individually.
Preferably, the content provider is able to retrieve user information from the personal profile of the user through a personalization API (Application Programming Interface).
According to preferred embodiments of the present invention, the content provider which controls a Web site also creates a content provider profile, of information which the content provider wishes to receive from the user. Preferably, the content provider profile is created from a set of keywords or other disclosure items, from which the content provider may select the most relevant keyword(s) in order to describe the desired information. The same set of keywords is also used to create the personal profile of the user. More preferably, the set of keywords is dynamically created according to requests of the content providers. Optionally and most preferably, the general request of the content provider is performed before information is requested from any specific user. The request for a particular Web site by a user then more preferably triggers a process of negotiation, in which the content provider profile is compared to the personal profile of the user. If the disclosure policy of the user matches the requested information of the content provider, then the information of the user is disclosed to the content provider. Otherwise, specific questions may optionally be given to the user, in an effort to gather more information, for example, as part of the negotiation process.
According to other preferred embodiments of the present invention, the personal profile of the user is built dynamically, more preferably from a plurality of sources of information. These sources may optionally include, but are not limited to, any one or more of the following sources of information: information disclosed by the user in response to direct interactions with the system of the present invention, for example in response to direct questions from the system of the present invention; information disclosed by the user upon interacting with a Web site which has been registered with the system of the present invention; information disclosed by the user to a Web site which has not been so registered; and information gathered from examining user behavior at a Web site, regardless of whether that Web site is registered with the system of the present invention. However, preferably, only Web sites for content providers which are registered with the system of the present invention would trigger the process of profile matching between the content provider and the user.
The present invention increases the efficiency of interactions between a user and a content provider, while preserving the privacy of the user, by first disclosing only information which is mutually requested by the content provider and by the user for disclosure. Such restricted disclosure both preserves the privacy of the user at a level which is specifically desired by the user, and also prevents the content provider from being flooded with irrelevant information. In addition, the process of negotiating the level of disclosure is automatic, thereby
reducing the level of bandwidth which is required to handle the process of disclosure. At the very worst, the number of required exchanges of information would be the same as without the system of the present invention. However, more typically the system of the present invention would significantly reduce the number of required interactions between the user and the content provider in order to negotiate the process of disclosure, thus increasing the efficiency of interactions between the user and the content provider. This increased efficiency is particularly useful for WAP (Wireless Application Protocol)-enabled devices, such as cellular telephones which receive Web pages for example.
The present invention has the advantage of comprehensively protecting the privacy of the user, by separating various types of information about the user from the identity of the user. If the user does not provide personal identifying information during a session, such as name, address, credit card number, passport or other identification number, and so forth, then the user remains anonymous to the content provider throughout the session. Furthermore, the user has more complete control over the personal data which is stored in the personal profile of the user. Preferably, the user is able to edit or otherwise alter the data upon request. As described in greater detail below, more preferably the data is actually stored on a personal device of the user, such as a cellular telephone for example, which provides even greater control by the user over access to the data in the user profile.
The principles and operation of a system and a method according to the present invention may be better understood with reference to the drawings and the accompanying description, it being understood that these drawings are given for illustrative purposes only and are not meant to be limiting. Although the present invention is described with regard to Web pages, such as HTML (hyper-text mark-up language) and/or WML (wireless mark-up language) documents for example, it is understood that this is for the purposes of discussion only and is without any intention of being limiting. The present invention is also operative with other protocols for transmitting and/or displaying information, including but not limited to, audio (voice) data and SMS (short message system) messages.
Referring now to the drawings, Figure 1 is a flowchart of an exemplary method for determining a personal profile and disclosure policy according to the present invention. In step 1. the user is preferably presented with a template for entering items of information for the personal profile. More preferably, this template includes various types of entries, such as the name and address of the user, which are assumed to be of general interest to users. In step 2. the user enters the type of information into the "Information Type" field, unless this field has
already been filled as part of the template. In step 3. the user enters a value for the information item in the "value" field, which could be the name of the user for a "user name" information element, for example.
In step 4, the user enters a type of disclosure which is permitted for the item of information. As previously described, such a type of disclosure optionally is limited to a single value, such as "Always", if the content provider is to always receive this item of information; or "Ask", if permission must first be requested from the user for providing the item of information to the content provider. Optionally and preferably, such a type of disclosure may have a plurality of values if the item of information is only to be provided to one or more content providers, but is always to be given to these content providers. Also optionally, the type of disclosure may be to disclose a range of values, whether numerical or non-quantifiable, to the content provider.
Alternatively and preferably, the type of disclosure for the information is selected according to one of a plurality of browsing modes. As previously described, such a browsing mode enables the user to simultaneously determine the behavior of a plurality of information items with a single attribute. The user enters the type of disclosure for the item of information which is to be permitted in each browsing mode. The browsing modes are more preferably selected such that a content provider is not able to easily identify the user, unless such identification is desired by the user. As an illustrative example only, and without any intention of being limiting, most preferably the browsing modes are determined according to the AID A model (P. Kotler, Marketing Management, Prentice Hall International, 1999). In this model, the consumer is assumed to have four behavioral responses: Attention, Interest, Desire and Action, from which the acronym, AIDA, is derived. A browsing mode is optionally and preferably associated with each behavioral response.
In Attention Mode, the purpose of the content provider is to obtain the attention of the user, and then to increase the level of interest of the user. Information disclosed in this browsing mode preferably enables the content provider to determine which content is of interest to the user. The user preferably remains anonymous in this mode, and only reveals general interests and general preferences such as the preferred language of communication, and so forth. In Interest Mode, the user is performing a search and/or an inquiry for additional information. The user is therefore expected to be generally interested in a type of product or service. For example, the user may be interested in receiving more information about features.
availability, prices and so forth. Preferably, information which is disclosed in this mode, such as age and gender for example, is to reduce the amount of searching which must be performed by the user, and to improve the quality of information which is received by the user. This issue is particularly important for displaying information through WAP, since the small screen and keyboard renders performing a search through a wireless device significantly more difficult.
In Desire Mode, the user indicates interest in a specific product or service. The content provider should offer the best possible solution to the user. In turn, the user may optionally choose to disclose useful information about lifestyle, spending behaviors, expected quality and time constraints. The content provider optionally and preferably provides the user with information about decisions made by other users who share the same lifestyle and/or time constraints, for example, in order to better address the needs of the user. More preferably, the user remains anonymous in this mode.
In Action Mode, the user decides to perform a particular transaction with a particular content provider, or at the very least, indicates an interest in receiving a good or a service from the content provider. Information concerning the identity of the user, such as the user name, credit card information or information concerning other modes of payment, and billing and/or shipping addresses may also optionally be revealed at this stage. Preferably, information which is not directly related to the transaction, such as information concerning the interests of the user for example, is preferably not revealed in this mode, for more rapidly and efficiently conducting the transaction.
For ease of implementation, optionally and preferably each browsing mode is implemented with a different communication channel, such as a socket for example, and hence a different connection to the Web server. Therefore, the Web server would perceive a single Web session as up to four different independent connections, for the above model, or more generally as many different independent connections as the number of different browsing modes which are included in the model.
An example of a completed personal profile with disclosure policy according to the preferred embodiment of the present invention is given in Table 2 below. As shown, the type of permitted disclosure is set for each browsing mode separately.
Table 2.
Figures 2A and 2B are flowcharts of exemplary methods according to the present invention for handling HTTP cookies. Although these methods are described with regard to HTTP cookies, it is understood that this is for the purposes of illustration only and is without any intention of being limiting, as these methods could also be used with the equivalent data structures of WAP.
As previously described, cookies are currently used for identifying returning visitors to a Web site. Preferably, these cookies are intercepted before being sent from the Web server to the Web browser, in order to prevent the unauthorized disclosure of information. However, HTTP cookies may still be required in certain situations, for example in order to implement certain features such as shopping carts on Web sites. Therefore, the methods described in Figure 2 enable cookies to be used where necessary, while still blocking the unauthorized disclosure of information. Each browsing mode could be associated with one or more methods for handling cookies. According to the present invention two exemplary methods are provided, described in Figures 2 A and 2B.
Figure 2A describes a method for handling HTTP cookies by cookie mangling, which is preferred for the first three browsing modes of the preferred embodiment of the present invention (Attention, Interest and Desire). The method is generally suitable for any browsing mode in which the user wishes to remain anonymous, although optionally portions of the personal profile could be disclosed to the content provider.
In step 1, a Web server requests the issuing of an HTTP cookie. In step 2, the request is intercepted by a HTTP proxy server according to the present invention. In step 3, the HTTP proxy server preferably compares the requested HTTP cookie to cookies which have been stored at the proxy server. Preferably, only a single instance of each cookie from each Web server is stored at the proxy server, even if multiple users have visited the Web site and the Web site attempts to issue a cookie for each user.
In step 4, if the proxy server accepts the request for the new cookie, then the cookie is stored at the proxy server. Optionally, the information contained in the cookie is modified before the cookie is stored. In step 5, when the cookie is to be sent from the Web browser, the stored cookie is retrieved by the proxy server and sent to the Web server. Thus, the same cookie is preferably used for all users when browsing in one of the Attention, Interest or Desire modes, as previously described.
Figure 2B describes a second exemplary method according to the present invention for handling HTTP cookies by cookie caching. This exemplary method is suitable for Web browsing in the Action mode, or for any mode in which full identification of the user is desirable. This method is particularly preferred for mobile devices, in which the cookies cannot be stored on the mobile device itself.
In step 1 , a Web server issues an HTTP cookie for a particular user. In step 2, the cookie is intercepted by the HTTP proxy server. In step 3, the cookie is temporarily cached at the proxy server for the duration of the Web session between the Web server and the Web browser of the user.
In step 4, the cached cookie is retrieved by the proxy server and sent to the Web server. Optionally and preferably, in step 5, the cookie is persistently stored at the proxy server before the session ends, in order to be able to provide the cookie on behalf of the user in a future session conducted in Action mode, or for any future session in which the user is to be identified to the Web site content provider.
Figure 3 is a schematic block diagram of an exemplary system according to the present invention, for operation with the previously described methods and features of the present invention. A system 10 features a Web browser 12, operated by a user computer 14 as shown. User computer 14 is connected to the Internet 16, which is in turn connected to a content provider 18 for providing Web page content to Web browser 12.
Internet 16 is also connected to a personalization server 20 according to the present invention. Personalization server 20 preferably enables the personal profile information to be provided to content provider 18, as previously described. Personalization server 20 includes a user profile manager 22, for managing the user profile information. Preferably, the user initializes and configures the user profile through user profile manager 22, for example through Web browser 12. User profile manager 22 optionally and preferably generates these configuration Web pages which are sent to Web browser 12 for interaction with the user, for example in order to configure the user profile.
The user profile is more preferably divided into a static profile and a dynamic profile. Optionally, the user profile could also be divided into other profiles. The static profile features items of information which either change infrequently over time or else do not change at all. For example, these items of information may optionally include, but are not limited to, name, address, date of birth, gender, profession, hobbies, travel preferences, taste in food, and payment and shipping information and preferences. The dynamic profile features items of information which change more rapidly over time, and which optionally include, but are not limited to, a search for a particular product and current travel plans.
In addition, user profile manager 22 optionally and preferably supports the display of audit trail log information, and other user application tasks, such as logging into personalization server 20. changing the user password, and so forth. User profile manager 22 also provides personal profile information to a session manager
24 during a session between Web browser 12 and content provider 18. Session manager 24 is responsible for controlling and managing these sessions, for example in order to intercept cookies, and to provide certain items of user profile information as requested by content provider 18 and as permitted by the disclosure policy of the user profile. Session manager 24 preferably implements the type of browsing mode for Web browser 12, as previously described. Optionally and more preferably, Web browser 12 could be in a first browsing mode for a session with a first content provider 18. and simultaneously in a second browsing mode for a session with a second content provider 18. These simultaneous sessions and browsing mode designations are also preferably managed by session manager 24. Session manager 24 therefore preferably acts as an HTTP or WAP proxy, for monitoring all HTTP or WAP traffic between Web browser 12 and content provider 18. Also more preferably, session manager 24 closes any session which remains idle for greater than a predetermined period of time.
According to preferred embodiments of the present invention, session manager 24 communicates with content provider 18 through a secure channel, such as SSL (secure socket layer) for example. Content provider 18 preferably must be registered with session manager 24 before any personal profile information can be received by content provider 18. In addition, the request from content provider 18 must preferably match a particular currently active session between Web browser 12 and content provider 18.
According to preferred embodiments of the present invention, personalization server 20 is connected to a database 26. The previously described user profile information, and other information, is preferably stored at database 26. Also preferably, a plurality of interfaces is provided for connecting personalization server 20 to the other components of system 10. In particular, preferably an Internet interface 28 connects session manager 24 and user profile manager 22 to Internet 16. Also preferably, a database interface 30 connects database 26 to user profile manager 22.
According to preferred embodiments of the present invention, support is also provided by personalization server 20 for communication with a WAP (wireless application protocol)-enabled device 32, such as a cellular telephone for example. WAP-enabled device 32 receives WML (wireless mark-up language) documents, written in a specially adapted version of HTML, from a WAP gateway 34, through which communication is performed with personalization server 20. Preferably, personalization server 20 features a WAP interface 36 for communication with WAP gateway 34. Thus, personalization server 20 is preferably able to support WAP-enabled devices 32 for operation with the present invention.
Figure 4 is a flowchart of an exemplary method for profile creation for both content providers and users, and for matching these profiles during the process of disclosure of personal information of the user to the content provider. As shown, in step 1. a shared set of keywords or other disclosure items for creating the profile of the user and of the content provider is created. This set of keywords describes items of data which the content provider wishes to receive from the user. The set of keywords is preferably at least partially dynamically created according to requests for information of the content providers. In step 2, the content provider which controls a Web site creates a content provider profile, of information which the content provider wishes to receive from the user. Preferably, the content provider profile is created from the previously described set of keywords or other disclosure items, from which the content provider may select the most relevant keyword(s) in
order to describe the desired information. The content provider profile also optionally and more preferably includes general information about the content provider, such as contact information (name, address, telephone number, etc.) for example.
As part of this process, optionally and most preferably the shared set of keywords is matched against the content provider profile parameters, if these parameters are not identical to the shared set of keywords. Such a matching step is optionally performed manually, in order to make certain that the types of information requested by the content provider match the shared set of such types of information.
In addition, in step 3, optionally and more preferably, the parameters/keywords of the content provider profile are grouped into "phases" or marketing segments of interest to the content provider. These marketing segments enable the content provider to immediately identify the interests of the user according to a predefined set of characteristics, based on market research for example.
In step 4, the same set of keywords is also preferably used to create the personal profile of the user. The personal profile of the user is most preferably built dynamically. As previously described, the personal information for the user is more preferably derived from a plurality of sources, the data for which is then matched to the correct data fields, as represented by the set of keywords. These sources may optionally include, but are not limited to, any one or more of the following sources of information: information disclosed by the user in response to direct interactions with the system of the present invention, for example in response to direct questions from the system of the present invention; information disclosed by the user upon interacting with a Web site which has been registered with the system of the present invention; information disclosed by the user to a Web site which has not been so registered; and information gathered from examining user behavior at a Web site, regardless of whether that Web site is registered with the system of the present invention. The personal profile of the user also optionally and more preferably includes general information about the user, such as contact information for example.
In step 5, the user requests a particular Web site of a content provider which is registered with the system of the present invention. In step 6, a process of negotiation is preferably started, in which the content provider profile is compared to the personal profile of the user.
In step 7, if the disclosure policy of the user matches the requested information of the content provider, then the information of the user is disclosed to the content provider.
Otherwise, in step 8, specific questions may optionally be given to the user, in an effort to gather more information, for example, as part of the negotiation process.
In step 9, the behavior of the user is preferably observed as the user interacts with the Web site, regardless of whether the content provider for the Web site has registered with the system of the present invention.
More preferably, in step 10. if the content provider for the Web site has not registered with the system of the present invention, then a shadow profile for the content provider is created by the system of the present invention. The data which is derived from the behavior of the user is then stored according to the shadow profile. The information from the Web site which has not been registered is preferably analyzed in a partially manual procedure, in which fields for entering user information are identified, and the user is prompted to determine if such information should be added to the personal profile of the user.
The information from the shadow profile is optionally and more preferably stored separately in step 1 1 , in order for such information to be made available to competitors which have registered with the system of the present invention.
Figure 5 is a schematic block diagram of a second exemplary but preferred embodiment of the system of the present invention, in which the present invention is implemented for use with WAP. As shown, a system 40 features a user device 42, which could be a WAP-capable cellular telephone for example. User device 42 is in communication with a WAP gateway 44. WAP gateway 44 in turn is connected to a proxy server 46 according to the present invention, with an associated user profile database 48 for storing the information in the personal profile of the user. Proxy server 46 is more preferably an HTTP (HyperText Transfer Protocol) server, or Web server, which is connected to the Internet 50. Internet 50 in turn is connected to a content provider server 52, which is controlled by the content provider. Content provider server 52 is also optionally and preferably a Web server, such as an HTTP server and/or WTP server for example.
When the user requests a particular Web page through user device 42, this request is passed through proxy server 46, which therefore preferably sees all such HTTP requests. More preferably, proxy server 46 receives a signal from user device 42 that the information being requested is of interest to proxy server 46, by including a command in the link itself for proxy server 46. For example, the link could optionally be configured as "http://www.example.com/?proxy_server_name=name_of_Web_page", in which
"?proxy_server_name" is a signal to proxy server 46, and "name_of_Web_page" is the identifier for the Web page being requested through user device 42.
Proxy server 46 then attempts to perform a process of profile matching, by comparing the personal profile of the user to the profile of the content provider, as previously described in greater detail. Optionally, the process of profile matching begins by first examining the phase to which the user belongs. Once the phase is determined, preferably the parameters of the content provider profile are divided into two groups: mandatory and optional. More preferably, the parameters are assigned a priority according to importance to the content provider for each group. A maximum number of questions which can be sent to the user is also determined. Proxy server 46 then determines which user information may be freely given to content provider server 52. Next, proxy server 46 sends questions to user device 42 for the user, up to the maximum number of questions, in order to obtain permission to give additional information to content provider server 52. More preferably, proxy server 46 first sends questions to the user from the mandatory category, before any questions are sent from the optional category. According to preferred embodiments of system 40, proxy server 46 has three components: a WAP gateway plug-in interface 54. which is adjusted for WAP gateway 44; a proxy interface 56; and a proxy process 58. Proxy interface 56 preferably transfers information from WAP gateway plug-in interface 54 to proxy process 58, which then more preferably performs the previously described profile matching process.
According to optional but preferred embodiments of the present invention, the profile information for the personal profile of the user could be stored in a distributed computing environment. For example, the user profile information is optionally stored on a device of the user, such as a cellular telephone. Such an implementation would have the advantage of giving the user additional control over access to the data of the user in the personal profile, since the data could only be accessed from the device of the user. Furthermore, the data would only be accessible when the device of the user is "on-line", or connected to a network such as the Internet.
In addition, more preferably the system of the present invention operates in the background of the user computational environment, such that the actions of the user trigger the operation of the present invention in a transparent manner, without the active intervention of the user.
It will be appreciated that the above descriptions are intended only to serve as examples, and that many other embodiments are possible within the spirit and the scope of the present invention.