EP1208503A1 - Procede et appareil permettant de favoriser des transactions anonymes - Google Patents

Procede et appareil permettant de favoriser des transactions anonymes

Info

Publication number
EP1208503A1
EP1208503A1 EP00944626A EP00944626A EP1208503A1 EP 1208503 A1 EP1208503 A1 EP 1208503A1 EP 00944626 A EP00944626 A EP 00944626A EP 00944626 A EP00944626 A EP 00944626A EP 1208503 A1 EP1208503 A1 EP 1208503A1
Authority
EP
European Patent Office
Prior art keywords
customer
merchant
privacy
payment
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00944626A
Other languages
German (de)
English (en)
Inventor
Tara Chand Singhal
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP1208503A1 publication Critical patent/EP1208503A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes

Definitions

  • Provisional Application Serial Nos. 60/139,101 and 60/144,737 are incorporated herein by reference.
  • the present invention is directed to a method and apparatus for facilitating anonymous transactions. More specifically, the present invention is directed to a method and apparatus for protecting the privacy of a customer during transactions performed on the Internet.
  • a typical Internet transaction involves (i) the customer browsing the virtual store of a particular merchant, (ii) the customer selecting one or more item(s) for purchase, (iii) the customer providing personnel information to the merchant, and (iv) the merchant arranging for shipment of the item(s) to the customer.
  • the personal information provided by the customer typically includes at least the name, address and credit card information of the customer. With this information, the merchant charges the credit card of the customer and ships the item(s) to the customer.
  • an object of the present invention to provide an apparatus and method for protecting the privacy of a customer during an online transaction. Another object of the present invention is to provide an apparatus and method for facilitating anonymous transactions on the Internet. Still another object of the present invention is to provide an apparatus and method for minimizing the likelihood of the improper dissemination of the personal information of a customer.
  • a method and apparatus for facilitating anonymous transactions between a customer and a merchant on the Internet includes the steps of (i) transferring to a privacy system a purchase request by the customer to purchase an item from the merchant, (ii) providing a privacy payment to the merchant to pay for the item, and (iii) making a privacy delivery of the item from the merchant to the customer.
  • the privacy payment and the privacy delivery are in a form that does not identify the customer to the merchant.
  • the customer can purchase the item from the merchant without the merchant knowing the identity, address, electronic mail address, credit information and/or other personal information of the customer.
  • the method can also include one or more of the following steps: (i) outputting a request by the privacy system for a fund institution to provide the privacy payment, (ii) providing a purchase request for the item from the privacy system to the merchant,
  • the apparatus can include a storage device, a program stored in the storage device, and a processor connected to the storage device.
  • the processor is operative with the program to receive a purchase request by the customer to purchase an item from the merchant and instruct a fund institution to pay the merchant for the item.
  • the processor can be operative with the program (i) to provide shipping information of the customer directly to a shipper, (ii) to instruct a fund institution to pay the shipper for shipping the item, (iii) to instruct the fund institution to provide a payment for taxes to an entity, (iv) to collect a payment from the customer, (v) to receive electronic mail directed to the customer from a merchant interface of the merchant, (vi) to transfer a customer uniform bill of sale to the customer, (vii) to transfer a merchant uniform bill of sale to the merchant, (viii) to provide an anonymous customer identifier for the customer, (ix) to provide a merchant identifier for the merchant, (x) to receive a credit card number of the customer and store the credit card number in a first data base, (xi) to receive a name of the customer and store the name in a second data base, and/or (xii) to receive a shipping address of the customer and store the shipping address in a third data base.
  • the present invention facilitates anonymous transactions globally between the customer and the merchant.
  • the present invention allows the customer to purchase one or more items from the merchant without the merchant knowing the identity, credit card information and/or location of the customer. This minimizes the likelihood of the improper dissemination of the personal information of the customer.
  • FIG. 1 is a block diagram that illustrates an apparatus and method having features of the present invention
  • Figure 2 is a block diagram that illustrates a privacy main system having features of the present invention
  • FIGS. 3A-3C are block diagrams that illustrate databases having features of the present invention.
  • Figure 4 is a block diagram that illustrates the functions of a privacy system processor having features of the present invention
  • Figure 5 is a block diagram that illustrates some of the functions of a privacy system having features of the present invention
  • Figures 6A-6F are simplified examples of web pages that can be generated by the privacy system
  • Figure 6G is a simplified block diagram of how electronic mail can be routed through the privacy system
  • Figure 6H is a simplified example of another web pages that can be generated by the privacy system.
  • Figure 7 is simplified illustration of a customer interface having features of the present invention
  • Figure 8A is a simplified illustration of a fund institution having features of the present invention
  • Figure 8B is a simplified block diagram that illustrates some of the functions of a processor for the fund institution;
  • Figure 9A is a simplified illustration of a merchant interface having features of the present invention
  • Figure 9B is a simplified block diagram that illustrates some of the functions of the merchant interface
  • Figure 9C is a simplified illustration of a web page that can be generated by the merchant interface
  • Figure 10A is a simplified illustration of a shipper interface having features of the present invention.
  • Figure 10B is a simplified block diagram that illustrates some of the functions of the shipper interface
  • Figure 10C is a simplified illustration of a package and a scanner/printer having features of the present invention
  • Figure 11 is a simplified flow chart that illustrates order exception processing
  • Figure 12 is a simplified illustration of a customer uniform bill of sale
  • Figure 13 is a simplified illustration of a merchant uniform bill of sale
  • Figures 14A-14C illustrate a merchant/customer identifier having features of the present invention.
  • Figure 15 is a block diagram that outlines the operation of a method and apparatus having features of the present invention.
  • a method and apparatus 10 having features of the present invention includes a privacy system 12, at least one customer interface 14, one or more merchant interfaces 16 (two are illustrated), at least one shipper interface 18, and a government entity 19 that are preferably connected on a global computer network 24.
  • the present invention facilitates anonymous transactions globally between a customer 20 and a merchant 22.
  • the present invention allows the customer 20 to purchase one or more items 60 (illustrated in Figure 9C) from the merchant 22 without the merchant 22 knowing the identity, credit card information and/or location of the customer 20
  • the privacy system 12 allows the customer 20 to purchase one or more items 60 from the merchant 22 without disclosing the name, physical address, electronic mail address, and credit card information of the customer 20 to the merchant 22
  • the privacy system 12 allows the ⁇ tem(s) 60 to be shipped to the customer 20 with a shipper 25, without the merchant 22 having access to the shipping information of the customer 20
  • the privacy system 12 minimizes the number of people, businesses and institutions that have access to the personal information of the customer 20 This minimizes the opportunity for the personal information of the customer 20 to be improperly disseminated
  • the privacy system 12 can include a privacy main system 12A, a privacy network interface 12B and a fund institution 12C
  • the privacy main system 12A manages all operations preformed by the privacy system 12 and the fund institution 12C collects, holds and disburses funds under the direction of the privacy main system 12A
  • the fund institution 12C can be a separate entity from the privacy system 12
  • the privacy main system 12A includes (i) a privacy storage device 26, (n) a privacy operating system 27 stored in the privacy storage device 26, (in) a privacy system manager program 28 stored in the privacy storage device 26, (iv) a privacy processor 30 connected to the privacy storage device 26, and (v) a fund system interface 31
  • the privacy processor 30 can include one or more conventional CPU's
  • the privacy processor 30 is preferably capable of high volume processing and database searches
  • the privacy storage device 26 can include one or more magnetic disk drives, magnetic tape drives, optical storage units, CD-ROM drives and/or flash memory.
  • the privacy storage device 26 also contains a plurality of databases used in the processing of transactions pursuant to the present invention.
  • the privacy storage device 26 can include a customer database 38, a merchant database 40, and a transaction history database 36.
  • the customer database 38 contains relevant, personal data specifically related to the customer 20.
  • Personal data related to the customer 20 can be divided into three categories, namely, (i) identification data 38A of each customer 20, (ii) payment data 38B of each customer 20, and (iii) shipping data 38C of each customer 20.
  • Identification data 38A can include the name, address, phone number, facsimile number, and electronic mail address of the customer 20.
  • Payment data 38B can include information identifying one or more credit cards or debit cards used by the customer 20.
  • the payment data 38B can include information, such as the card number and the expiration date of each credit or debit card. Additionally, payment data 38B could include the one or more bank accounts of the customer 20.
  • Shipping data 38C can include one or more desired shipping addresses of the customer 20 and any special shipping instructions of the customer 20.
  • the customer database 38 is organized and maintained in multiple, separate sub-databases, namely (i) an identification sub-database 38SD1 containing the identification data 38A of each of the customers 20 (ii) a payment sub-database 38SD2 containing the payment data 38B of each of the customers 20, and (iii) a shipping sub-database 38SD3 containing the shipping data 38C of each of the customers 20.
  • each sub-database 38SD1 , 38SD2, 38SD3 contains only a portion of the information about each of the customers 20.
  • the data of each customer 20, in each sub-database 38SD1 , 38SD2, 38SD3 is anchored by a unique customer identifier 50.
  • the customer identifier 50 can be any number of characters that can be used to anonymously identify each customer 20.
  • the customer identifier 50 can be created and selected by the customer 20 and/or assigned by the privacy system 12.
  • the customer identifier 50 allows the customer 20 to communicate with the privacy system 12 without continuously providing any data that will personally identify the customer 20 to third parties.
  • the privacy system 12 maintains the customer identifiers 50 in the privacy storage device 26 and validates only unique customer identifiers 50 for customers 20.
  • the privacy system 12 can access the information of a particular customer 20 by searching for the customer identifier 50 in each sub- database 38SD. Further, by having the identification data 38A of the customer 20 in a separate sub-database 38SD from the payment data 38B and the shipping data 38C, the present design provides another level of security to the customer 20.
  • the personal data of the customer 20 retained in the customer database 38 can be separated into more than three or less than three sub- databases.
  • Figure 3A illustrates that the personal data of each of the customers 20 in the customer database 38 can be maintained in six separate sub-databases.
  • the customer database 38 includes a first identification sub-database 38SDi, a second identification sub-database 38SDi ⁇ , a third identification sub-database 38SDiii, a payment sub-database 38SDiv, a shipping sub-database 38SDv, and a personal sub-database 38SDvi.
  • the data of each customer 20 in each sub-database 38SD is preferably anchored with the customer identifier 50.
  • the first identification sub-database 38SDi contains the name 38D of each of the customers 20
  • the second identification sub-database 38SDii contains the phone number 38E and/or the facsimile number 38F of each of the customers 20
  • the third identification sub-database 38SDiii contains the electronic mail address 38G of each of the customers 20
  • the payment database 38SDiv contains the payment data 38B of each of the customers
  • the shipping sub-database 38SDv contains the shipping data 38C of each of the customers 20
  • the personal sub-database 38SDv ⁇ contains the personal data 38H of each of the customers 20 including the drivers license number, the social security number, and the maiden name of the mother of each of the customers 20.
  • the privacy system 12 accesses the information of a particular customer 20 by searching for the customer identifier 50 in each sub-database 38SD. Further, by having portions of the data of each the customers 20 in a separate sub-databases 38SD, the present design provides another level of security to the customer 20.
  • the sub-databases 38SD may be located in the same storage device 26 as illustrated in Figure 2A. Alternately, for example, as illustrated in Figure 3A, each sub-database 38SD can be located in a separate storage devices. With this design, the data between the sub-databases 38SD and the privacy processor 30 may travel over secure internal communication lines, external private telephone lines and/or over the Internet.
  • the complete set of data required for a credit card authorization for a particular customer 20 may be assembled for a specific transaction during the transaction by accessing the various pieces of data from the dispersed sub-databases 38SD.
  • the merchant database 40 contains merchant related information and data 40A on each of the merchants 22.
  • Merchant data 40A can include the name, the address, the phone number, facsimile number, web page URL, pager number, electronic mail address, and/or bank accounts of each merchant 22.
  • each merchant 22 is provided with a unique merchant identifier
  • the merchant identifier 51 can be any number of characters that can be used to identify the merchant 22 to the privacy system 12.
  • the merchant identifier 51 can be created and selected by the merchant 22 and/or assigned by the privacy system 12.
  • a unique merchant/customer identifier 52 can be created for a transaction with each merchant performed with the privacy system 12.
  • the merchant/customer identifier 52 can be any number of characters that can be used to anonymously identify the customer 20 to the merchant 22.
  • the merchant/customer identifier 52 can be created and selected by the privacy system 12.
  • the merchant/customer identifier 52 allows the privacy system 12 to anonymously identify the customer 20 to merchant 22 and/or to third parties (not shown).
  • the privacy system 12 preferably maintains the merchant identifiers 51 and the merchant/customer identifiers 52 in the merchant database 40 of the privacy storage device 26.
  • the transaction history database 36 maintains data on all of the information that flows from each transaction that is performed using the privacy system 12. This data may be segregated and maintained in an active transactions sub-database 36SD1 , an archived transactions database 36SD2 and payment history sub-database 36SD3.
  • information in the active transaction sub-database 36SD1 can include a copy of a customer uniform bill of sale 1200 (illustrated in Figure 12), and the data records 36B exchanged between (i) the privacy system 12 and (ii) the merchant 22, and the customer 22 related to the particular transaction.
  • the data records 36B can include the item(s) 60 purchased, the purchase price, the type of payment.
  • the data regarding each transaction can be anchored with (i) a unique transaction identifier 54 created for each transaction performed with the privacy system 12, (ii) the merchant identifier 51 , (iii) the date/time of the transaction 36A, and (iv) the customer identifier 50 for easy retrieval and search.
  • the unique transaction identifier 54 can be any number of characters that can be used to anonymously identify the transaction.
  • the transaction identifier 54 can be created and selected by the privacy system 12.
  • Information in the archived transaction history sub-database 36SD2 includes the same data as for active transactions sub-database 36SD1 for those transactions that are completed.
  • information in the payment history sub-database 36SD3 can include and be divided into: (i) funds collected data 36C-1 , (ii) merchant funds data 36C-2, (iii) shipper funds data 36C-3, (iv) sales/use tax fund data 36C-4 and (v) and privacy manager funds data 36C-5.
  • the funds collected data 36C-1 includes information relating to the money that is collected from each of the customers 20 for each transaction.
  • the funds collected data 36C-1 can be anchored and identified with the customer identifier 50, the merchant identifier 51 and the transaction identifier 54.
  • the merchant fund data 36C-2 includes information relating to the money that is payable/paid to merchant 22 for the items 60 purchased by the customer
  • the merchant fund data 36C-2 is preferably anchored and identified by the merchant identifier 51 , the transaction identifier 54 and the merchant/customer identifier 52.
  • the shipper fund data 36C-3 includes information relating to the money that is payable/paid to the shipper 25 for shipping the item(s) 60 to the customer 20.
  • the shipper fund data 36C-3 is anchored and identified by a shipper identifier 55, the merchant identifier 51 , the transaction identifier 54, and merchant/customer identifier 52.
  • the shipper identifier 55 can be any number of characters that can be used to identify the shipper 25 to the privacy system 12.
  • the shipper identifier 55 can be created and selected by the shipper 25 and/or assigned by the privacy system 12.
  • the sales/use tax fund data 36C-4 includes information relating to the money that is payable/paid for sales/use tax to the government entity 19 for the purchase of the item(s) 60 by the customer 20.
  • the sales/use tax funds data 36C-4 is preferably anchored and identified by the merchant identifier 51 , the transaction identifier 54 and the customer identifier 50.
  • the privacy manager funds data 36C-5 includes information relating to money that is payable/paid to the privacy system 12 for use of the privacy system 12 for the purchase of the item(s).
  • the privacy manager funds data 36C-5 is preferably anchored and identified by the customer identifier 50, the merchant identifier 51 , and the transaction identifier 54.
  • the privacy system manager program 28 is operative with the privacy processor 30 to (i) open new accounts 400 for the customer 20, the merchant 22 and shipper 25, (ii) conduct anonymous transaction 402 by interfacing with the customer 20, the merchant 22, the shipper 25 and the fund institution 12C and (iii) route electronic mail and information items 404 from the merchant 22 and other third parties to the customer 22.
  • the program 28 and the processor 30 interface with customer 20 via the customer interface 14, the shipper 25 via the shipper interface 18, the merchant 22 via the merchant interface 16 and the fund institution 12C.
  • the privacy system manager program 28 is also operative with the privacy processor 30 to (i) generate one or more privacy web pages 500, (ii) receive and store personal information about the customer 502, (iii) receive a purchase offer from the customer to purchase one or more item(s) from the merchant 504, (iv) receive an instruction from the customer to pay the merchant 506, (v) collect a payment from the customer for the item(s) purchased 508, for shipping of the item(s) 510, for sales/use tax on the item(s) purchased 512 and for the use of the privacy system 514, (vi) provide a payment of privacy funds 100 to the merchant 516, (vii) arrange for pick-up and delivery of the item(s) by contacting the shipper and providing shipping information to the shipper 518, (VIII) provide a payment of funds to the shipper 520, (ix) provide payment of privacy funds 100 to local, state or federal government entity for use/sales tax on the purchase of the ⁇ tem(s) 522, (x) modify and/
  • the privacy system 12 maintains the transaction status for each transaction within the transaction history database 36
  • This database 36 maintains records of each step of the transaction from order entry by the customer 20 to the actual delivery to the customer 20
  • the transaction steps can include (i) order entry by the customer, (n) order confirmation by the customer, (in) collection of funds from the customer, (iv) forwarding the order to the merchant, (v) receiving merchant order confirmation, (vi) receiving order pick-up date from the merchant, (vn) receiving actual pick-up date from the shipper, (vm) receiving estimated delivery date/time from the shipper, (ix) receiving actual delivery date/time from the shipper
  • the status of the transaction is accessible to the customer 20 via the customer interface 14 from the privacy system 12 by contacting the privacy system 12
  • Figure 6H shows a transaction status web page that can be used by the customer
  • the privacy system 12 may contact the customer via telephone, e-mail or mail to the customer with information regarding the status of the transaction
  • the privacy network interface 12B allows the privacy system 12 to communicate with the customer 20 via the customer interface 14, the merchant 22 via the merchant interface 16, the shipper 25 via the shipper interface 18, and the government entity 19 via the government network interface 19A Conventional internal or external modems may serve as the privacy network interface 12B In a preferred embodiment, the privacy network interface 12B is connected to the merchant interface 16, the customer interface 14 and the shipper interface 18 with the Internet
  • the privacy network interface 12B can be connected by other electronic, voice and/or traditional communication systems that allow the privacy system 12 to interact with the merchant interface 16, the customer interface 14, the shipper interface 18 and the government entity 19.
  • the privacy system 12 can be connected to the merchant interface 16, the customer interface 14 and the shipper interface 18 via one or more phone lines.
  • the privacy network interface 12B can include an input device, such as a keyboard, mouse or voice recognition software that allows the information from the merchant interface 16, the customer interface 14 and/or the shipper interface 18 to be entered to the privacy system 12.
  • the fund interface 31 allows the privacy system manager program 28 to interact with the fund institution 12C. Stated another way, fund interface 31 (i) allows the privacy system manager program 28 to request data from and forward data to the fund institution 12C and (ii) allows the fund institution 12C to request data from and forward data to the privacy main system 12A.
  • the fund interface 31 can be connected to the fund institution 12C with a phone line 31 A or some other type of connection. In this embodiment, the fund interface 31 transmits credit card numbers and/or other payment information electronically over the Internet or phone line 31 A to the fund institution 12C where card verification and processing of the credit cards, debit cards or other forms of payment are handled.
  • the privacy system 12 can subtract a fee from the customer 20 when the privacy system 12 pays the shipper 25, pays the merchant 22 and/or pays the government entity 19.
  • the amount of fee charged by the privacy system 12 can be varied. For example, the fees may be subtracted for each transaction as a percent of the transaction or a flat fee or a combination thereof.
  • Privacy Web Pages As provided herein, the privacy system manager program 28 is operative with the privacy system processor 30 to generate one or more web pages on the world wide web. The web pages allow each customer 20 to provide information through the customer interface 14 to the privacy system 12. Alternately, instead of the world wide web, the customer 20 can provide some or all of the information to the privacy system 12 via electronic mail, voice mail, facsimile, or postal mail transmissions.
  • Figure 6A illustrates an initial privacy web page 600 having features of the present invention.
  • the initial privacy web page 600 can be displayed on the customer interface 14 when the customer 20 first registers with the privacy system 12 or immediately prior to making the first purchase from a merchant 22 with the privacy system 12.
  • the initial privacy web page 600 includes areas for (i) new account set up 602, (ii) account updates 604, (iii) begin a new transaction 606 with the privacy system 12, (iv) mail blocker options 608, (v) modify an existing order 610 and (vi) transaction status page 612.
  • the customer 20 via the customer interface 14 selects one of these choices from the initial privacy web page 600.
  • Figure 6B illustrates a new account setup page 602 that is displayed on the customer interface 14 when the customer 20 chooses the new account setup.
  • the customer 20 fills in the customer identifier 50 and clicks the SEND button 614.
  • a number of fields or blanks 616 appear on the setup page 602.
  • the fields or blanks 616 are to be filled out by the customer 20.
  • These fields 616 include the information required to fill the customer database 38 of the privacy system 12.
  • the fields 616 can include the name 618, address 620, phone number 622, facsimile number 624, electronic mail address 626, shipping information 632, identification data 634 and payment methods 628, 630 in one or more forms such as credit card information and/or bank account information.
  • the customer 20 After the customer 20 fills in the blanks 616, the customer 20 transmits the information to the privacy system 12. The customer 20 does this by clicking on a SAVE button 636 located on the setup page 602. This information is subsequently transferred to the customer database 38 in the privacy system 12. The information is preferably transferred using secure means. These secure means may include use of existing encryption means and or any other means of securing the data during transmission.
  • Figure 6C illustrates an account update page 604 that is displayed on the customer interface 14 when the customer 20 chooses to update their account.
  • the account update page 604 includes a number of fields including information that was previously provided by the customer 20.
  • the customer 20 enters their customer identifier 50 and clicks SEND button 640.
  • the privacy system 12 enables the selection of the type of data 642 that could be modified.
  • the customer 20 makes a selection and simply modifies the information in the fields 644 on the account update page 604.
  • the customer 20 transmits the information to the privacy system 12.
  • the customer 20 does this by clicking on a SAVE button 646 located on the setup page.
  • This information is subsequently transferred to the customer database 38.
  • the information is preferably transferred using secure means. These secure means may include use of existing encryption means and or any other means of securing the data during transmission.
  • Figure 6D illustrates a new transaction page 606 that is displayed on the customer interface 14 when the customer 20 chooses to begin a new transaction.
  • the transaction page 606 includes a number of fields 652 including information regarding the upcoming transaction.
  • the customer 20 enters their customer identifier 50 and then clicks SEND button 650.
  • the privacy system 12 enables the display of form fields 652, which customer 50 simply fills in.
  • These fields 652 can include the merchant identifier 51 , an item identifier 654, an amount 656, shipping cost 658, sales tax 660 and total payment 662, and a type of payment 664.
  • the customer 20 can enter the information with the customer interface 14.
  • the customer 20 transfers the information from the transaction page 606 to the privacy system 12 by clicking on the SAVE button 668.
  • FIG. 6E illustrates a modify existing transaction page 610 that is displayed on the customer interface 14 when the customer 20 chooses to modify an existing transaction from the initial web page 600.
  • the customer 20 enters their customer identifier 50 and clicks the SEND button 670.
  • the privacy system 12 in response displays a list of transactions 672.
  • each of the transactions 674 are identified by the date, the transaction identifier 54 and merchant identifier 51.
  • the customer 20 is given an option to select 675 a particular transaction 674.
  • the customer 20 can elect to cancel 676 the transaction 674 or modify 678 the transaction 674.
  • Figure 6F illustrates the mail blocker option page 608 that is displayed on the customer interface 14 when the customer chooses the mail blocker option from the initial web page 600.
  • the customer 20 enters their customer identifier 50 and clicks the send button 680.
  • a list of options 684 to select 682 is provided to the customer 20.
  • the options 684 to the customer 20 can include modify existing e-mail traffic to the customer by selecting and customizing the sources and the quantity of e-mail the customer wishes to receive to the customer interface via the Internet Service Provider (ISP) of the customer.
  • ISP Internet Service Provider
  • the privacy system 12 preferably includes a mail interface 686 that allows the merchant 22 to send correspondence to the customer 20 and allows the privacy system 12 to screen any mail that is sent to the customer 20.
  • a mail interface 686 that allows the merchant 22 to send correspondence to the customer 20 and allows the privacy system 12 to screen any mail that is sent to the customer 20.
  • all communications, including electronic mail directed towards the customer 20 from the merchant 22 is routed through the mail interface 686 in privacy system 12 and subsequently forwarded to the customer interface 14.
  • the customer 20 can customize the program with the mail blocker options 608.
  • the mail blocker options page 608 allows the customer 20 to create a custom list of sources and/or subjects from which the customer 20 is willing to receive the mail or not willing to receive the mail from the merchant 22.
  • the customer 20 enters their customer identifier 50 and clicks SEND button 680.
  • the privacy system 12 generates the options page 608 that enables the customer 20 to select 682 one of the many mail block options 684 to help the customer 20 set up the mail blocker. Some of these options 684 are listed in Figure 6F.
  • the customer 20 may decline all mail from a list of sources, accept all mail from a list of sources, and many precise combinations there from that are intended to eliminate nuisance or junk mail.
  • the mail interface 686 enables the customer 20 to exercise control on the contacts from the merchants 22 and other parties.
  • the mail addressed to customer 20 is directed to the privacy system 12 addressed as a merchant/customer identifier 52 at the privacy system 12.
  • the mail blocker interface 686 is operative within the privacy system 12 to block and/or rout some or all of the mail to customer interface 14.
  • the merchant 22 can send correspondence to the customer 20 without knowing the physical and/or electronic address of the customer 20.
  • the customer 20 can choose to have the correspondence block by the privacy system 12.
  • Figure 6H illustrates a transaction status page 612 that is displayed on the customer interface 14 when the customer 20 chooses to review the status of an existing transaction from the initial web page 600.
  • the customer 20 enters their customer identifier 50 and hits SEND 690.
  • the privacy system 12 generates a list of transactions 692 containing one or more transactions 694.
  • the status 696 of the selected transaction is displayed.
  • the transaction status 696 may include information regarding different stages of the transaction.
  • the customer interface 14 allows the customer 20 to contact and interact with the merchant interface 16 and the privacy system 12.
  • the customer interface 14 preferably includes a computer system 700 having (i) an input device 702, such as a keyboard, mouse or voice recognition software, (ii) a customer display device 704, such as a video monitor, (iii) a processing device 706 such as a central processing unit, (iv) a data storage device 708, and (iv) the customer network interface 14A such as a modem.
  • the customer interface 14 can be some other electronic or voice communication system 720 that allows the customer 20 to interact with the merchant interface 16 and the privacy system 12.
  • the customer interface 14 can include a phone, a facsimile machine, or postal mail.
  • the customer 20 may be an individual, a corporation, a partnership, the government, or any other entity.
  • the customer 20 also has a shipping address 20A where the customer 20 wants to receive the item(s) 60.
  • the customer interface 16 is preferably connected to the privacy system 12 via the Internet connection.
  • the system manager program 28, privacy processor 30, the fund interface 31 and the fund institution 12C support the transfer and exchange of payments from the customer 20 to the privacy system 12 and the payments of privacy funds 100 to the merchant 22, the shipper 25 and the governmental entity 19.
  • the fund interface 31 allows the system manager program 28 and the main system 12A to interact with the fund institution 12C to support the transfer and exchange of payments from the customer 20 to the privacy system 12 and the payments of privacy funds 100 to the merchant 22, the shipper 25 and the governmental entity 19.
  • the fund institution 12C can be an integral part of the privacy system 12 and/or a separate and independent entity.
  • the fund institution 12C preferably includes a computer system having (i) an input device (not shown), such as a keyboard, mouse or voice recognition software, (ii) a display device (not shown), such as a video monitor, (iii) a processing device 802 such as a central processing unit, (iv) a data storage device 804, (iv) a fund program 806, (v) a fund database 808, (vi) a global network interface 810, (vii) an operating system 812, (viii) an electronic fund transfer network interface 814, (ix) a privacy manager interface 816, and a credit card authorization interface 818.
  • an input device such as a keyboard, mouse or voice recognition software
  • a display device such as a video monitor
  • a processing device 802 such as a central processing unit
  • a fund program 806 such as a central processing unit
  • a fund program 806 such as a
  • the network interface 810 can include a modem or other electronic or voice communication systems that allow the fund institution 12C to interact with the merchant interface16, the shipper interface 18 and the government entity 19.
  • the privacy manager interface 816 allows the fund institution 12C to communicate with the privacy system manager program 28 and the privacy main system 12A.
  • the privacy manager interface 816 of the fund institution 12C can be connected to the fund system interface 31 with a telephone line 31 A (illustrated in Figure 1) or an Internet connection.
  • the fund program 806 is operative within the processing device 802 to process the payment from the customer 20 and to generate the funds that are transferred to the merchant 22, the shipper 25 and the government entity 19.
  • the program 806 interfaces with the privacy main system 12A, the bank or financial institution of the customer 20, the shipper 25, the merchant 22, and the government entity 19 in order to receive funds from the customer 20, and disburse funds to the merchant 22, the shipper 25, the government entity 19 and the privacy main system 12A.
  • the fund institution 12C receives the relevant information regarding the payment type (e.g. one or more of the credit cards) of the customer 20 from the privacy main system 12A and processes the payment from the payment type.
  • the payment type e.g. one or more of the credit cards
  • the fund institution 12C generates the funds that are paid to the merchant 22 for the items, the shipper 25 for shipping the items, the government entity 19 for sales/use tax on the items and the privacy main system 12A for use of the privacy system 12 for the purchase.
  • the privacy main system 12A forwards the required information of the customer 20 to the fund institution 12C so that the fund institution 12C can receive payment from the customer 20.
  • the fund institution 12C receives the information from the privacy main system 12A, contacts the customer bank or financial institution 850 and processes the payment from the customer 20.
  • a payment funds reference number is assigned to the transaction by the fund institution 12C.
  • the funds paid to the merchant 22 for the items is considered merchant funds 830
  • the funds paid to the shipper 25 for shipping the items is considered shipper funds 822
  • the funds paid to the government entity 19 for sale/use tax on the items is considered sales tax funds 832
  • the funds forwarded to the privacy main system 12C for use of the privacy system 12 is considered privacy system funds 836.
  • the storage device 804 maintains in the funds database 808 the amount of merchant funds 830 paid to the merchant 22, the amount of shipper funds 832 paid to the shipper 25, the amount of sales tax funds 834 paid to the government entity 19 and the amount of privacy systems funds 836 paid to the privacy main system 12C.
  • the fund institution 12C receives the funds from the customer 20 by processing one or more credit cards, debit cards, bank accounts, purchase orders of the customer 20 with information received by the privacy main system 12A. Subsequently, the fund institution disperses the merchant funds 830 to the merchant 22 for the items purchase, disperses the shipper funds 832 to the shipper 25 for shipping the items, and disperses the sale tax funds 834 to the government entity 19 for sale/use tax on the items.
  • the merchant funds 830, the shipper funds 832, and the sales tax funds 834 are paid with privacy funds 100.
  • the privacy funds 100 are provided to the merchant 22, the shipper 25 and the government entity 19 by the privacy system 12 via the fund institution 12C.
  • the type of privacy fund 100 utilized by the fund institution 12C can be varied.
  • the type of privacy fund 100 may be a credit card, a cashier's check, a company check, an electronic fund transfer, a digital money transfer, and/or a letter of credit provided by the fund institution 12C and/or some other institution.
  • the type of privacy fund 100 provided by the privacy system 12 does not identify the customer 20.
  • the privacy funds 100 do not include and/or disclose the name, physical address, electronic mail address, and credit card information of the customer 20.
  • the fund institution 12C preferably forwards the privacy funds 100 along with the merchant/customer identifier 52, the transaction identifier 54, the customer identifier 50, the shipper identifier 55 and/or some other anonymous identifier.
  • the anonymous identifiers allow the merchant 22 to credit and/or keep track of payment for the item(s) 60 without receiving the name, physical address, electronic mail address, and credit card information of the customer 20.
  • the anonymous identifiers allow the shipper 25 and the government entity 19 to receive the appropriate payment without receiving some or all of the personal information of the customer 20.
  • the fund institution 12C receives payment from the customer 20 via any number of ways including charge card, debit card, physical check, EFT or a purchase order if the customer is an established business entity.
  • the fund institution 12C upon notification from the privacy main system 12A disburses the privacy funds 100 to the merchant 22, to the shipper 25, to the customer 20 on returned items and to the government entity 19 for use/sales tax if levied and collected.
  • the fund institution 12C holds funds that are identified to the customer 20 by the customer identifier 50, to the merchant 22 by the merchant identifier 51 and to the shipper 25 by the shipper identifier 55 and to the government entity 19.
  • the allocation, distribution and/ or re-allocation of the funds at different stages of the transaction is managed by the privacy main system 12A.
  • the fund institution 12C may be an individual, a corporation, a partnership, an escrow company, or a bank.
  • the fund institution 12C may be a separate, independent entity or may be an integral part of the privacy system 12.
  • Merchant Interface 16 Referring initially to Figure 1 , the merchant interface 16 allows the merchant 22 to contact and interact with the privacy system 12.
  • the merchant interface 16 preferably includes (i) an input device (not shown), such as a keyboard, mouse or voice recognition software, (ii) a merchant display device (not shown), such as a video monitor, (iii) a processing device 900 such as a central processing unit, (iv) a data storage device 902, (iv) a network interface 904, (v) an operating system 906, (vi) a merchant web application program 908, (vii) a privacy system merchant program 910, (viii) merchant web page data 912, (ix) merchant inventory data 914, (x) privacy system order data 916, (xi) a printer interface 918 and (xii) a printer 920.
  • an input device such as a keyboard, mouse or voice recognition software
  • a merchant display device such as a video monitor
  • a processing device 900 such as a central processing unit
  • a data storage device 902 such as a video monitor
  • a network interface 904 such as a central processing unit
  • an operating system 906 such
  • the network interface 904 can be a modem or some other electronic or voice communication system that allows the merchant 22 to interact with the privacy system 12.
  • the network interface 904 preferably connects the merchant 22 to the global network.
  • Figure 9B illustrates some of the functions of the merchant interface 16.
  • the merchant interface 16 receives orders for items from the privacy system 930, (ii) processes orders 932 by packaging the items 934, printing and affixing anonymous labels to the packages 936 and tracking the placement in the items in a shipper pick-up area of the merchant location 938.
  • the merchant interface 16 also interfaces with the privacy system 940 by posting status 942, supplying inventory specific data 944 and to collecting privacy funds from the privacy system 946.
  • the merchant interface 16 interfaces with privacy main system 12A. Further, the merchant interface 16 may also interface with fund institution 12C via an EFT or some other communication system.
  • the merchant 22 places the items in a pickup area 948 when the items are ready for shipping.
  • the merchant interface 16 generates one or more merchant web pages 950 that can be accessed by the customer 20.
  • the merchant web pages 950 allow the merchant 22 to provide a virtual store that can be accessed by the customer 20.
  • Figure 9C illustrates a representative example of a merchant web page 950 that is displayed on the customer interface 14.
  • the customer 20 may browse the merchant web page 950 and select one or more item(s) 60 to purchase.
  • the merchant web page 950 illustrated in Figure 9C includes a first item and a second item.
  • Each item 60 preferably includes a picture 952 of the item, a description 954 of the item 60, and a price 956 for the item 60.
  • the merchant web page 950 provides the customer 20 with at least two options for purchasing the item(s) 60.
  • the first option is to buy the item(s) 60 in a traditional, normal process 960.
  • the second option is to buy the item(s) 60 using the privacy system 962.
  • the customer 20 makes a purchase decision and is ready to pay for the item(s) 60, the customer 20 can select the option to buy with the privacy system 962.
  • the transaction page 606, illustrated in Figure 6D appears on the customer interface 14.
  • the printer interface 918 is preferably operational with the printer 920 to print anonymous shipping labels 960.
  • the anonymous shipping labels 960 are affixed to the box(s)/ packages that contain the item(s) ordered by the customer 20.
  • the anonymous shipping label 960 contains information that anonymously identifies the customer 20. Stated another way, the shipping label 960 preferably does not include personal information about the customer, such as the customer name and/or address. Instead, the shipping label 960 includes the merchant/customer identifier 52, the transaction identifier 54 and/or some other anonymous identifier. With this information, the shipper 25 can contact the privacy system 12 to retrieve the shipping address of the customer 20.
  • the merchant interface 918 is preferably operational with the printer 920 to print anonymous shipping labels 960.
  • the anonymous shipping labels 960 are affixed to the box(s)/ packages that contain the item(s) ordered by the customer 20.
  • the anonymous shipping label 960 contains information that anonymously identifies the customer 20. Stated another way, the shipping label 960
  • the merchant 22 receives an order for an item from the privacy system 12 and saves the order in the storage device 902. Next, the merchant 22 reviews/displays the order, processes the order, prints the anonymous shipping label 960, and places the item in the pick-up area 948. Subsequently, the merchant 22 relays the order status to privacy system 942.
  • the merchant 22 receives payment for the item(s) 60 from the privacy system 12 in privacy funds 100.
  • the merchant 22 can track the payment of the privacy funds 100 for the item(s) with the anonymous identifier that is provided with the privacy funds 100.
  • the merchant 22 can match bank statement with a privacy payment identifier and can archive the order.
  • the merchant 22 may contact the customer via electronic mail regarding future sales, through the privacy system 12, using the merchant/customer identifier 52.
  • the merchant 22 may be an individual, a corporation, a partnership, the government, or any other entity.
  • the merchant 22 also has a merchant address 22A where the item(s) 60 are located.
  • the merchant address 22A may be the same or a different location than the pick-up area 948.
  • the merchant interface 16 is preferably connected to the privacy system 12 and the customer interface 14 with an Internet connection. Alternately, the merchant interface 16 can be some other electronic or voice communication system that allows the merchant 22 to interact with the privacy system 12.
  • the privacy system 12 can be used to increase the efficiency of the merchant 22. More specifically, during the fulfilling of an order, the merchant 22 must stock an inventory, advertise the item(s), take orders for the item(s), receive payment for the item(s), process the payment for the ⁇ tem(s), pay a fee to the credit card agency, issue refunds, contact the shipper, arrange pick-up and pay the shipper The merchant 22 also performs the task of determining correct tax rate based upon the residence of the customer's, collecting use/sales tax and remitting the use/sales to the governmental entity 19 A number of these duties can be centralized with the privacy system 12 and can be eliminated from the responsibility of the merchant 22 For example, as provided herein, the privacy system 12 receives payment for the ⁇ tem(s) 60, processes the payment for the ⁇ tem(s) 60, pays a fee to the credit card agency, issues refunds, contacts the shipper 25, arranges for pick-up by the shipper 25 and pays the shipper 25, and pays the government entity 19
  • the merchant 22 addresses each package in the order placing the label 960 that identifies the order by the merchant/customer identifier 52 Next, the merchant 22 places the item 60 in the outgoing area of his pick-up area 948 The merchant 22 does not need to contact the shipper 25 Instead, the merchant 22 notifies the privacy system 12 that the order is ready for pick-up
  • the merchant 22 may also identify to the privacy system 12, physical size and weight of each package in the order along with any applicable shipping information such as perishable and fragile nature of the package
  • the merchant 22 can also enter ready for pick-up date/time (AM or PM), in the privacy system 12, in advance of the actual date of pick-up, specifying a future date/time of pickup
  • the time could be AM or PM or a specific 2 hour or a 4 hour time window on a 24 hour or a 12 hour day Sales Tax
  • the function of sales tax, more accurately called use tax, because it is levied on the customer 20 and typically collected by the merchant 22, may be centralized by the privacy system 12 and thus handled in a more efficient manner
  • Each county, state or city government entity 19 may have a different use/sales tax
  • the collection of sales tax by merchant 22 is currently under dispute
  • the merchant 22 now has to track and calculate use/sales tax
  • the privacy system 12 maintains the location of the customer 20 and computes the required use/sales tax as a function of the location of the customer
  • the privacy system 12 thus may provide an automated use/sales tax calculation, collection and remittance to the government entity 19 without the merchant 22 having to handle this task.
  • the shipper interface 18 allows the shipper 25 to interact with the merchant 22 and the privacy system 12.
  • the privacy system 12 aggregates the order pick-up data/messages from many merchants 22 and sorts them by the shipper identifier 55, geographic region, and day/time of pick-up and any other attributes that facilitate the shipper tasks.
  • the Privacy system 12 then, via the shipper interface 18, forwards to each shipper 25 the aggregated pick-up data.
  • the shipper 25, using this data plans the pick-up and truck routing without any contact with the merchant 22.
  • the shipper 25 can be authorized to contact the privacy system 12 and retrieve the data by identifying himself to the privacy system 12 by the shipper identifier 55.
  • the shipper interface 18 allows the shipper 25 to contact and interact with the privacy system 12.
  • the shipper interface 18 preferably includes (i) an input device (not shown), such as a keyboard, mouse or voice recognition software, (ii) a display device (not shown), such as a video monitor, (iii) a processing device 1002 such as a central processing unit, (iv) a data storage device 1004, (iv) a network interface 1006, (v) an operating system 1008, (vi) a shipper application program 1010, (vii) a privacy system shipper program 1012, (viii) system shipper data 1014, (ix) a printer interface 1016 and (xii) a printer 1018.
  • an input device such as a keyboard, mouse or voice recognition software
  • a display device such as a video monitor
  • a processing device 1002 such as a central processing unit
  • a data storage device 1004 such as a central processing unit
  • a network interface 1006 such as a central processing unit
  • the network interface 1006 can be a modem or some other electronic or voice communication system that allows the shipper 25 to interact with the privacy system 12.
  • the network interface 1006 preferably connects the shipper 25 to the global network.
  • the network interface 1006 can be some other electronic, voice or traditional communication system that allows the shipper 25 to interact with the privacy system 12 and the merchant 22.
  • Figure 10B illustrates some of the functions of the shipper interface 18.
  • the shipper interface 18 receives shipper data files from the privacy system 1020, (ii) processes shipper data files 1022 by tracking package pick-up data 1024, printing affixing privacy system labels 1026 and/or destination code delivery tracking labels 1028, (iii) interface with privacy main system 1030 to provide pick-up status 1032, delivery status 1034 and accounting and collecting privacy funds 1036 for the cost of shipping.
  • the system shipper data 1014 maintained by the shipper 25 can include the shipper identifier 55, the pick-up date, the time slot, the merchant identifier 51 and location, the customer identifier 50, the destination code, and number and size and weight of packages.
  • the printer Interface 1016 and the printer 1018 allow the shipper 25 to print shipping labels 1040.
  • the shipper 25 is provided access to the privacy system 12 via the shipper interface 18 for the tasks it needs to perform in the act of shipping the items 60 ordered by the customer 20.
  • the shipper 25 can contact the privacy system 12 and use the merchant/customer identifier 52 from the anonymous shipping label 960 printed by the merchant 22.
  • the privacy system 12 provides to the shipper 25 the information required for shipping the items 60 to the customer 20.
  • the shipper interface 18 can create the shipping label 1040 that includes the merchant information 1050 and the customer information 1052.
  • the merchant information 1050 can include the name, address, and any special pickup information.
  • the customer information 1052 can include the name, shipping address and any special shipping instructions of the customer 20.
  • a portion of the shipping labels 1040 can be printed in advance from the aggregated pick-up data provided to the shipper 25.
  • the merchant 22 is not provided with the specific information required for shipping the items 60 to the customer 20. Instead, the privacy system 12 provides this information directly to the shipper 25.
  • the shipper 25 can use a hand-held web-enabled scanner/printer 1060 to obtain the customer information 1052.
  • the scanner/printer 1060 scans the anonymous shipping label 960 placed on the package 1090 that contains the items (not shown in Figure 10C).
  • a display 1092 on the scanner/printer 1060 displays the merchant information 1050 and the customer information 1052.
  • the shipper 25 is not required to print a shipping label. This further protects the privacy of the customer 20.
  • each transaction has shipping cost as a separate field.
  • the shipper 25 is preferably paid directly by the fund institution 12C with privacy funds
  • the fund institution 12C can reference the payment of the privacy funds to the merchant/customer identifier 52 or some other anonymous identifier so that the shipper 25 can account for the payment of the shipping of the item(s).
  • This method of shipping from the merchant 22 to the customer 20 provided herein not only maintains customer privacy but it also reduces the shipper's overhead costs.
  • the merchant 22 does not contact the shipper 25 for pick-up times and the shipper 25 does not have to maintain an account receivable function for each merchant.
  • the shipper interface 18 receives shipping information directly from the privacy system 12 and uses it to schedule a pickup of the package 1090 of item(s) from the merchant 22. Additionally, the shipper interface 18 retrieves information to create a shipping label 1040 from the privacy system 12. The shipping label 1040 is either physically affixed to the package 1090 and/or the shipper 25 maintains the shipping address of the customer 20 in a shipping database, along with a parcel tracking number and the customer identifier 50.
  • the shipper interface 18 preferably creates and sends to the privacy system 12 a delivery notification record when the shipper 25 is ready to deliver the item(s).
  • the delivery notification record can be sent with the shipper interface 18 directly interacting with the privacy main system 12A.
  • the shipper interface 18 can send electronic mail, voice mail, a facsimile, U.S. mail or some other notification means to the privacy system 12 regarding the status of shipping.
  • the privacy system 12 can forward this information to the customer 20.
  • the shipper 25 may be an individual, a corporation, a partnership, the government or any other entity.
  • the shipper 25 can also be an integral part of the privacy system 12.
  • the privacy system 12 preferably enables the customer 20, the merchant 22, and/or the fund institution 12C to change or cancel any transaction.
  • the merchant 22 may want to cancel or modify the transaction if the item(s) 60 are out of stock, back ordered, and/or an alternate item is available.
  • the customer 20 may want to cancel or modify the transaction if shipment of the item(s) 60 is delayed.
  • the fund institution 12C may want to cancel or modify the transaction if insufficient credit of the customer 20 is available, and/or the credit card of the customer is expired or over the limit.
  • the privacy system 12 processes any request to alter or cancel a transaction. For example, if the merchant 22 is out of a particular item, the information is forwarded to the customer 20 and a response in terms of cancel order or change order is processed. If the customer 20 cancels the order, the merchant 22 is sent cancellation notice, the privacy system 12 receives notice to cancel the credit card transaction and the customer 20 is sent a confirmation that the order is cancelled. If the fund institution 12C determines that the credit card of the customer 20 is not approved, the customer 20 is forwarded an advisory notice and the customer 20 is requested to provide an alternate form of card payment.
  • the customer 20 can change or cancel a transaction by accessing the modify existing transaction exception web page (illustrated in Figure 6E) of the privacy system 12. After the customer 20 enters the customer identifier 50, the transactions of the customer 20 are retrieved from the transaction history database 36 and are displayed on the customer interface 14. From here, the customer 20 can select a transaction and change or cancel the transaction.
  • the transaction can be changed or cancelled by the customer 20 or the merchant 22 with an electronic mail sent to the privacy system 12.
  • the electronic mail information is sufficient to identify who wants to cancel or modify the transaction and why the transaction should be cancelled or modified.
  • Figure 11 illustrates a flow chart of how Order Exception Processing 1 102 is handled.
  • the privacy system 12 determines the source of the exception 1104. If it is the merchant 22, the privacy system 12 determines the reason for the exception 1106.
  • the privacy system 12 contacts the customer 20 allows the customer 20 to decide how to proceed 1108.
  • the privacy system 12 again determines the reason for the exception 1110.
  • the privacy system 12 contacts the merchant 22 and the fund institution 25, as necessary, in view of the actions by the customer 20.
  • the privacy system 12 again determines the reason for the exception 1114.
  • the privacy system 12 contacts the customer 20 to determine if alternate forms of payment are available.
  • the privacy system 12 generates a customer uniform bill of sale 1200 that is transferred to the customer 20 via the customer interface 14.
  • the customer uniform bill of sale 1200 is preferably displayed upon the display 704 of the customer interface 14.
  • the customer uniform bill of sale 1200 is the same for each merchant 22.
  • each merchant 22 has a different way or form of showing and/or recording a transaction.
  • the privacy system 12 generates a standard customer uniform bill of sale 1200 irregardless of the merchant 22.
  • the customer uniform bill of sale 1200 is preferably transferred from the privacy system 12 to the customer interface 14 over the Internet.
  • the customer uniform bill of sale 1200 can include fields or areas for (i) sale terms and conditions 1202, (ii) merchant identifier 1204, (iii) transaction identifier 1206, (iv) date/time 1208, (v) item identification 1210, (vi) item description 1212, (vii) price/item 1214, (viii) quantity 1216, (ix) weight 1218, (x) product total 1220, (xi) cancel item 1222, (xii) product status 1224, (xiii) sales tax 1226, (xiv) method of shipping 1228, (xv) shipping cost 1230, (xvi) total cost of order 1232, (xvii) customer id 1234 and/or (xviii) payment type 1236.
  • the customer 20 enters the customer identifier 50, and the payment type (payment type identifies the sequence number of customer's pre-stored payment types of credit card, debit card or bank account) for this transaction into the customer bill of sale 1200.
  • the customer uniform bill of sale 1200 includes action buttons of SUBMIT 1250, CLEAR 1252, HOLD 1254, REPROCESS 1256, and REFUND 1258 buttons. These action buttons allow the customer 20 to bring up the customer uniform bill of sale 1200 at any time, from the time of submitting the transaction, to after the transaction is submitted and the item is purchased to seek a refund and make changes.
  • the HOLD 1254 button permits a customer 20 to enter the transaction in the privacy system 12 and allows it not to be submitted to the merchant 22. This allows the customer 20 time to compare, process, and/or make further decisions.
  • the weight and availability information on the customer uniform bill of sale 1200 are retrieved from the merchant interface 16 by the privacy system 12.
  • the field for cancel items 1222 allows the customer 20 to cancel an item 60 from the customer uniform bill of sale1200, if the customer 20 decides not to buy this particular item 60.
  • This cancel item feature may be used before the transaction is submitted by engaging the SUBMIT button 1250.
  • the customer uniform bill of sale 1200 may also be retrieved from the privacy system 12 by the customer interface 14 after the transaction is submitted and before the merchant 22 has acted on the transaction.
  • the customer uniform bill of sale 1200 may also be used after the item 60 is shipped by the merchant 22 and is returned by the customer by using a REFUND button 1258.
  • the privacy system 12 can also generate a merchant bill of sale 1300 that is transferred to the merchant 22 via the merchant interface 16.
  • the merchant uniform bill of sale 1300 is the same for each merchant 22.
  • the merchant uniform bill of sale 1300 is preferably transferred from the privacy system 12 to the merchant interface 16 over the Internet.
  • the merchant uniform bill of sale 1300 can include fields or areas for (i) sale terms and conditions 1302, (ii) a merchant identifier 1304, (iii) transaction identifier 1306, (iv) date/time 1308, (v) item identification 1310, (vi) item description 1312, (vii) price/item 1314, (viii) quantity 1316, (ix) weight 1318, (x) product total 1320, (xi) product status 1322, (xii) sales tax 1324, (xiii) method of shipping 1326, (xiv) shipping cost 1326, (xv) total cost of order 1328, (xvi) merchant/ customer id 1330 and/or (xvii) payment reference 1332.
  • the merchant bill of sale 1300 is presented to the merchant 22 as an order.
  • the merchant/customer identifier 52 is a merchant unique identification and is explained below.
  • the merchant bill of sale 1300 also includes the privacy funds 100 to be paid to the merchant 22.
  • the merchant bill of sale 1300 includes an area 1334 that allows the merchant 22 to Select and Enter order fulfillment status. This area includes select buttons of ORDER RECEIVED 1336, ORDER PROCESSED 1338. This area 1334 also includes fields for PICKUP DATE 1340 and SHIPPER identifier 1342. The merchant 22 must fill in the areas for pickup date 1340 and shipper identifier 1342.
  • Figures 14A-14C illustrate an optional merchant/customer identifier 52 that can be created to further shield the identity of the customer 20 from the merchant 22.
  • the privacy system 12 there are many merchants 22 and each merchant 22 has many customers 20. It is preferable to not identify the customer 20 to the merchant 22, the shipper 25 and other parties that may interface with the privacy system 12 with the same customer identifier 50 that the customer 20 uses with the privacy system 12. Therefore, preferably, the privacy system 12 creates a unique merchant/customer identifier 52 by which the customer 20 is identified to the merchant 22 and the others. The merchant/customer identifier 52 is unique for each customer 20 of each of the merchants 22.
  • Figure 14A illustrates a table 1400 mapping the merchant identifier 51 to the merchant/customer identifier 52. The merchant/customer identifier 52 is different from the customer identifier 50 described above.
  • the privacy system 12 uses a scramble code formula. The steps of the process as illustrated in Figures 14B and 14C that allow the customer identifier 50, the merchant identifier 51 to be embedded in the merchant/customer identifier 52 in a scrambled form.
  • the privacy system unscrambles the merchant/customer identifier 52 to find the merchant identifier 51 and the customer identifier 50
  • Figure 14B illustrates a scramble code table 1440 with the scramble code numbers 1442 and the scramble code 1444 or the formula for each scramble code number 1442.
  • These scramble codes 1444 or formulas are used to scramble the customer identifier 50 to arrive at a merchant/customer identifier 52 as illustrated in Figure 14C.
  • a structure within the scramble code numbers 1442 may be created. This structure consists of the first letter of scramble code numbers 1442 being a letter that may designate a month or some other repeatable representation.
  • the second letter of scramble code numbers 1442 may represent some other repeatable representation such as a week or day and the rest of the scramble code numbers 1442 is a sequence representation. This structure of scramble code numbers 1442 allows a small number of scramble code formulas 1444 to be repeated with minor variations and thus create a large number of different scramble code formulas.
  • Figure 14C illustrates a flow chart 1450 of how the merchant/customer identifier 52 is derived from the customer identifier 50 by using the scramble code formula 1442.
  • the customer identifier 50 is read.
  • the scramble code that would be used for this merchant 22 is determined in a two-step process.
  • the first two digits of the scramble code number 1442 are determined by the calendar when this merchant/customer identifier 52 is created.
  • a four digit bounded random number generator is run to determine the remainder of the digits of the scramble code numbers 1442.
  • the complete scramble code numbers 1442 is determined by combining the results of the two steps.
  • This scramble code number 1442 is then used to read a scramble code formula from the scramble code table to use for scrambling 1458.
  • the customer identifier 50 is scrambled 1462.
  • the scramble code number 1442 used is then appended to the scrambled customer identifier 50 to arrive at the merchant/customer identifier 1464.
  • This merchant/customer identifier 52 is used to uniquely identify the customer 20 to the merchant 22 and is saved in a table as part of the Merchant database 1466.
  • the merchant/customer identifier 52 is then comprised of a scrambled customer identifier element and a SCODE element.
  • the merchant identifier 51 may be any identification system currently used such as a tax identification number. Referring back to Figure 14A, the merchant identifier 51 may also be a structured identification made of different structure elements such as the state 1402 where the merchant 22 is located, the merchant class 1404, identifying the merchant by the type of business, and/or a merchant number 1406 within that state and class.
  • the operation of the apparatus 10 and privacy system 12 can be further understood with reference to Figure 15. Importantly, the order of some or all of the steps can be varied. Further, not all of the steps outlined below are necessary to perform an anonymous transaction pursuant to the present invention.
  • the customer 20 contacts the privacy system 12 with the customer interface 14.
  • the customer 20 provides personal information to the p ⁇ vacy system 12.
  • the customer 20 is assigned a unique customer identifier 50. The customer identifier 50 can be selected by the customer 20 or the privacy system 12 based upon input from the customer 20.
  • the privacy system 12 stores the personal information about the customer 20 in the privacy storage device 26. This information includes the identification information of the customer 20, the payment data of the customer 20 and the shipping data of the customer 20.
  • the customer identifier 50 is also stored in the storage device 26.
  • the customer 20 contacts the merchant interface 16 and reviews one or more items 60 offered for sale by the merchant 22.
  • the merchant interface 16 includes a picture and description of each item 60.
  • the customer 20 decides upon one or more item(s) 60 for purchase from the merchant 22.
  • the customer 20 contacts the privacy system 12.
  • the customer 20 can contact the privacy system 12 by way of the merchant interface 16. Alternately, the customer 20 can contact the privacy system 12 independently of the merchant interface 16.
  • the privacy system 12 receives information regarding a pending transaction between the customer 20 and the merchant 22. At this time, the privacy system 12 receives the customer identifier 50, the merchant identifier 51 , and information regarding the item(s) 60 to be purchased. The customer 20 can input the information. Alternately, some of the information can be provided by or obtained from the merchant interface 16.
  • the privacy system 12 sends an order list to the merchant interface 16.
  • the privacy system 12 receives item weight, price and stock status from the merchant interface 16.
  • the privacy system 12 prepares a customer uniform bill of sale 1200.
  • the privacy system 12 sends the customer uniform bill of sale 1200 to the customer 20 via the customer interface 14.
  • the customer 20 reviews the customer uniform bill of sale 1200 and makes changes, if necessary.
  • the customer 20 initiates a purchase transaction by indicating to the privacy system 12 the desired method of payment for this transaction.
  • the privacy system 12 receives the customer order in the form of the customer uniform bill of sale 1300, and initiates a transaction history file and posts the order.
  • the privacy system 12 sends information to the fund institution 12C to process the payment of the customer 20.
  • the transaction record sent to the fund institution 12C can include the customer identifier 50, the customer name, the payment type, the merchant identifier 51 , and the amount.
  • the fund institution 12C determines if the customer 20 has sufficient credit available to cover the price of the item(s) 60. If sufficient funds are not available to cover the price of the item(s) 60, then alternate credit card information is requested.
  • the privacy system 12 reviews the databases to determine if a merchant/customer identifier 52 already exists for the merchant 22. If the merchant/customer identifier 52 exists, the privacy system 12 retrieves the merchant/customer identifier 52 from the merchant data 40. If the merchant/customer identifier 52 does not exist, the privacy system 12 creates a unique merchant/customer identifier 52 as described above. At step 1536, the privacy system 12 generates a merchant bill of sale
  • the privacy system 12 sends the merchant bill of sale 1300 to the merchant interface 16. Importantly, the privacy funds 100 can be provided in the merchant bill of sale 1300.
  • the merchant interface 16 processes the merchant bill of sale 1300.
  • the merchant 22 picks a shipper 25 to deliver the item(s) 60.
  • the merchant 22 provides the date of order pick-up and an assigned shipper identifier 55 to the privacy system 12.
  • the privacy system 12 unscrambles the merchant/customer identifier 52 to find the true customer identifier 50 and posts the order fulfillment status in the transaction history database.
  • the merchant packages item(s) 60 and imprints or places machine readable merchant/customer identifier 52 on the anonymous shipping label 960.
  • the privacy system 12 aggregates shipping from all the transactions into a shipper identifier file.
  • the shipper file has a shipper identifier field, a pick-up date with a time slot field, a Merchant identifier and a merchant location field, and a number of packages tied to the merchant/customer identifier 52.
  • the privacy system 12 sends the shipper file data for each shipper 25 to the shipper interface 18.
  • the shipper interface 18 receives the shipper file and plans pick-up routes to move item(s) 60 to a shipper sorting office.
  • the shipper sorting office scans the shipping label 960 on the package and sends the merchant/customer identifier 52 to the privacy system 12.
  • the privacy system 12 unscrambles the merchant/customer identifier 52 to identify the customer identifier 50.
  • the privacy system 12 sends shipping instructions of the customer 20 to the shipper interface 18.
  • the shipper interface 18 prints address labels and affixes them to the package or delivers without affixing the shipping labels 1040 to the packages, preferring it to maintain as a data file.
  • the shipper interface 18 preferably creates and sends to the privacy system 12 a delivery notification record when the shipper 25 is ready to deliver the items 60.
  • the delivery notification record includes the merchant/customer identifier 52, the list of item(s), and the delivery date.
  • the privacy system 12 creates and sends a customer status record and a shipper sent record.
  • the customer status record includes the merchant identifier, the customer identifier, merchant order number, the item identifier, the transaction identification, the amount, the shipper identifier, and the shipping date.
  • the shipper sent record includes the merchant identifier, item identifier, list, shipper identifier, ship date, and parcel tracking number.
  • the fund institution 12C collects the payment from the customer 20.
  • the fund institution 12C sends a payment of privacy funds 100 with the anonymous identifier (i) to the merchant 22 for the item(s) 60 purchased, (ii) to the shipper 25 for shipping the item(s) 60 and (iii) to the government entity 19 for the taxes on the purchase on the items 60.
  • the fund institution 12C sends a payment to the privacy main system 12A for the use of the privacy system 12.
  • the privacy system 12 allows the customer 20 to purchase one or more item(s) 60 from the merchant 22 without disclosing the name, address, and credit card information of the customer 20 to the merchant 22. Further, the p ⁇ vacy system 12 allows the item(s) 60 to be shipped to the customer 20 with a shipper 25, without the merchant 22 having access to the shipping information of the customer 20. Basically, the privacy system 12 minimizes the number of people, businesses and institutions that have access to the personal information of the customer 20. This minimizes the opportunity for the personal information of the customer 20 to be improperly disseminated.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Medical Informatics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

La présente invention concerne un procédé et un appareil (10) permettant d'effectuer des transactions anonymes et sécurisées sur l'Internet. Plus spécifiquement, cette invention comprend un système (12) de protection de la vie privée qui favorise les transactions anonymes d'une façon générale entre un client (20) et un commerçant (22). Ce système (12) de protection permet au client (20) d'acheter un ou plusieurs articles (60) vendus par le commerçant (22) sur l'Internet sans que ce commerçant (22) connaisse l'identité, les informations relatives à la carte de crédit et/ou le lieu de résidence du client (20). Aux fins de favoriser une transaction anonyme, c'est le système (12) de protection de la vie privée qui paye le commerçant (22) en règlement de l'article (60). Ce système de protection fournit en outre directement les instructions relatives à l'expédition de cet article (60) à un expéditeur (25) sans les fournir au commerçant (22). De plus, ce système (12) de protection peut par exemple payer les taxes sur les ventes requises, envoyer des remboursements concernant des articles (60) achetés, contrôler la correspondance envoyée par le commerçant (22) au client (22), générer une facture d'achat (1200) uniforme et générer une facture de vente (1300).
EP00944626A 1999-06-12 2000-06-08 Procede et appareil permettant de favoriser des transactions anonymes Withdrawn EP1208503A1 (fr)

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
US13910199P 1999-06-12 1999-06-12
US139101P 1999-06-12
US14473799P 1999-07-21 1999-07-21
US144737P 1999-07-21
US53170500A 2000-03-20 2000-03-20
US531705 2000-03-20
PCT/US2000/015786 WO2000077701A1 (fr) 1999-06-12 2000-06-08 Procede et appareil permettant de favoriser des transactions anonymes

Publications (1)

Publication Number Publication Date
EP1208503A1 true EP1208503A1 (fr) 2002-05-29

Family

ID=27385287

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00944626A Withdrawn EP1208503A1 (fr) 1999-06-12 2000-06-08 Procede et appareil permettant de favoriser des transactions anonymes

Country Status (3)

Country Link
EP (1) EP1208503A1 (fr)
AU (1) AU5869600A (fr)
WO (1) WO2000077701A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020161694A1 (en) * 2001-04-30 2002-10-31 Yuan Kung Shao Electronic business using a broker web site in the internet to negotiate transactions between inquirer and answer provider
US6892201B2 (en) 2001-09-05 2005-05-10 International Business Machines Corporation Apparatus and method for providing access rights information in a portion of a file
US7171562B2 (en) 2001-09-05 2007-01-30 International Business Machines Corporation Apparatus and method for providing a user interface based on access rights information

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5794207A (en) * 1996-09-04 1998-08-11 Walker Asset Management Limited Partnership Method and apparatus for a cryptographically assisted commercial network system designed to facilitate buyer-driven conditional purchase offers
US5768391A (en) * 1995-12-22 1998-06-16 Mci Corporation System and method for ensuring user privacy in network communications
US5790665A (en) * 1996-01-17 1998-08-04 Micali; Silvio Anonymous information retrieval system (ARS)
US6006200A (en) * 1998-05-22 1999-12-21 International Business Machines Corporation Method of providing an identifier for transactions

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0077701A1 *

Also Published As

Publication number Publication date
AU5869600A (en) 2001-01-02
WO2000077701A1 (fr) 2000-12-21

Similar Documents

Publication Publication Date Title
US6490567B1 (en) System and method for distributed content electronic commerce
US8849683B2 (en) Receipt insurance systems and methods
US7949600B1 (en) Method for facilitating payment of a computerized transaction
US5434394A (en) Automated order and delivery system
US9275410B2 (en) Internet payment system and method
US6505171B1 (en) System and method for handling purchasing transactions over a computer network
US8301511B2 (en) Buyer-initiated shipping system
CN101755245B (zh) 用于向商家提供出口服务的系统和方法
US8447658B2 (en) Electronic bearer bond online transaction system
US20070124216A1 (en) Systems and methods for locating and purchasing proximal inventory items
US20060122899A1 (en) Comprehensive online shopping management system
US7366684B1 (en) Blind-supply open commerce business system
US20040225573A1 (en) Methods and apparatus for anonymously transacting internet shopping and shipping
US20020107777A1 (en) System and method for auctioning goods seized or recovered by local, county, state, or federal law enforcement agencies
WO2001016768A1 (fr) Systeme et procede d'achat en ligne
JP4212785B2 (ja) 決済仲介システム及び決済仲介方法
US20020103766A1 (en) Controlled purchase systems
EP1208503A1 (fr) Procede et appareil permettant de favoriser des transactions anonymes
JP2002265058A (ja) 商品流通支援システム、商品流通支援装置、商品流通支援方法、これらを実行するプログラム並びに記録媒体
JP2003122946A (ja) 受託購入方式での仲介取引を成立させる電子商取引装置
GB2345775A (en) Analyzing transaction information
US7243076B1 (en) Computer network system for shopping and method therefor
JP5122715B2 (ja) 決済仲介方法
JP2002024652A (ja) 特定範囲内販売方法及び範囲限定販売システム
JP2002007920A (ja) 課金処理システム及び課金処理方法

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020110

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20040103