FI111879B - Management of user profile information in a telecommunications network - Google Patents

Description

Field of the Invention

The invention relates generally to the provision of services in a telecommunications network. More particularly, the invention relates to a system that provides user-specific information in a network that provides personalized services.

Technology background

The enormous growth of Internet users and the services they provide 10 has been one of the most significant phenomena in telecommunications in recent years. The popularity of the Internet shows that people are eager to apply technology in their lives. However, as the services offered online expand and become more complex, it will also become much more difficult to maximize the benefits of the services. For example, if you submit a simple query to a search engine that is available to you, you will typically end up with thousands of pages of irrelevant information that you will have to go through manually. Another example can be taken from the telecommunications world. In an emerging open telecommunications market, customers will have the opportunity to purchase low-cost services that are tailored to their needs and tastes. This may involve difficult decisions related to the quality of the customized services and the choice of service provider, especially when the customer is • '·· out of their home network. In order to reap the maximum benefits, users need to know many service providers and negotiate with them. All too often, this requires tremendous effort; there are too many options and too much information available to users. This growing. ···. The complexity is partly due to the transformation of traditional search engines into web portals that provide services in many different fields.

In both of the above examples, quite intelligent technology can be utilized to automate the selection process. However, you need to get some information about the user in order to achieve the desired goals. This: Y information is provided by the User Profile. What a profile contains depends on the service, but the decisive goal could be to create a high quality user profile. Service Providers can thus utilize this description to provide a tailor-made service to each user. In other words, '··· * 35 these profiles allow service providers to tailor the application to 2 111879 users. This process of creating user profiles, or user access, is called profiling. .

Profiling has become an important part of solving the above-mentioned problems associated with the complexity of services and the huge information infiltration. This is because profiling enables the personalization of services, which in turn provides tailor-made assistance to users in overcoming the above problems. Personalization is the process of applying user profile information to produce results that are tailored to the needs of the individual user. Nowadays, many web portals are going in these 10 directions, offering ways to filter information content based on user interests.

Although personalization has been seen as a way to solve the problems mentioned above, current technology is not yet able to do so and there are many problems with existing systems. These are briefly outlined in the following 15.

Currently, users are required to provide their profile information to each individual service provider. As a result, creating accurate profiles requires a great deal of resources from both service providers and users. From the moment users sign up for the service, they will need to fill out unreadable forms regarding their personal characteristics and, to an increasing extent, their preferences. Services provide users with a sense of: * ·· the original information and perceptions they have gained while interacting with users. For each new service provider: ··: Teaching a driver to zero is time consuming and safe for users; ···. 25 funeral jobs. Because the user must enter profile information for each service ··. • service provider, individual user information is scattered across the network, and different service providers have different user information. The disadvantage here is that the service provider at least cannot directly access the profile of the other service provider. Managing profiles can also cause problems. For example, upgrading "·" 30 email addresses for each service can easily become an unavailable task: V: inaccessible. Even if the services provide equipment for updating, it is difficult to inform all the services concerned. Therefore, the user 's ability and motivation to maintain profiles:. #; 'Are weak, and the accuracy of the profiles is deteriorating.

'· · · * 35 Another problem with maintaining individual user profiles for each service is that the service view of users for a single service is very limited. As a result, the user is unable to make the most of the service.

Another important issue related to the current situation is the privacy of users. It is clear that storing personal information such as user profiles in an open and shared system such as the Internet requires careful consideration of the user's privacy. As users currently have no control over the content and use of their profiles, their privacy is easily compromised. For example, the user does not have any methods to prevent malicious party access to 10 individual service profile data or the data on different servers reunification.

Some recently implemented systems that use a user model operate locally in the user terminal (e.g., a personal computer). One such is described, for example, in U.S. Patent No. 5,913,030, which describes a communication system between 15 client workstations and a server attached thereto. The user information is stored in the client system (i.e., the client terminal). The user information comprises a plurality of attributes, each containing user-related information and an acceptance indicator that indicates the user's willingness to disclose information relating to that attribute. The terminal may also comprise a plurality of person modules, each of which contains information defining a particular personality of the user. The user's private: * ·· reason can also be protected by sending information about the user to a trusted third party that discloses to the service provider ·: ··: Only general demographic information about all users. The person module may also be provided with a camouflage function that generates false information about the user.

The major disadvantages of systems with user profiles on the workstation are that the utilization of user models is limited to that terminal only, e.g., usually at a fixed location, and the dissemination of information contained in the user models is limited.

: Y: Nowadays, there are also server-based systems that allow the user to have personalized web services that provide information security. One such service is ProxyMate (formerly Lucent Personalized Web) at www.proxymate.com. ProxyMate focuses on providing users with ways to communicate with multiple servers such that a single server providing a particular service cannot determine the identity of the user, even though the user can be authenticated and authenticated repeatedly while on the server. This is possible because safe and secure aliases have been created for web users and because traffic to web servers is anonymised. ProxyMate can also be used to forward emails. One of the most important design criteria for ProxyMate has been that it works without space. It does not maintain any long-lived modes, such as user-pseudonym definitions. On the contrary, all pseudonyms are generated on request by a one-way function. ProxyMate acts as a proxy for web traffic. Because of this, it can be 10 locations and can be used on any network. Server-based systems require the user to trust them. Although their structure is theoretically such that they do not need to maintain space outside of the service session, the implementation can, for example, collect a log of user actions. Another disadvantage in such server-based systems is that the user's connection to the service-providing server always goes through these proxy servers. This limits the ways in which the desired information can be accessed. In addition, continuous routing through certain proxies results in inefficient use of network communication resources, and these proxy servers can become bottlenecks that adversely affect service response times.

Some agent systems are further described in GB-2335761-A, GB-2328110-A and WO-96/23265. One system profile information '. -. t control is further disclosed in EP-0944002-A1.

It is an object of the present invention to provide a solution that can mitigate or eliminate the drawbacks described above and to provide a system that allows network users to comprehensively control their profiles.

BRIEF SUMMARY OF THE INVENTION This and other objects of the invention are accomplished, in accordance with the principles of the present invention, by providing a system in which a single I ·:! the user's profile information will be placed in a profile agent reserved for that user only. Thus, each user is given a profile agent which; *, *. allows the user to control their digital identities, i.e., identities that service applications see as users. In this way, it is possible to provide applicable profile information 5111879 with a single profile agent to a significant number of services that require different types of profile information.

Each user-specific profile agent has a multi-layer structure such that user profile information is accessed only through the top layer 5, which includes agreements that form interfaces between user-specific information and the network. The user-specific profile agents are located on special servers, referred to herein as hostels, and the network further comprises a search engine to query the location of a particular contract. Service applications access user-specific information 10 only through an agreement entered into for this purpose. The agreement defines the information items that the service application sees from the user-specific data and also how the service can process said items. Each agreement constitutes a user-specific data interface for a service or service group. The agreements thus associate certain views or profiles with certain services. However, a single service may also use more than one contract to access user-specific data. In this case, the service cannot recognize that two contracts are related to the same user.

In a preferred embodiment of the invention, the user profile information 20 is disseminated only through the user-defined digital identities. These identities form an intermediate layer, which is between the agreements that form the outer layer of the user profile agent, and the basic profile data, which in turn forms the inner layer of the user profile agent. None of the services can access basic data. The identities, * ''> · 25 referred to herein as Persons, represent permanent views of * · '··' data in the user's basic profile. Services only see these views: they do not distinguish whether two different views belong to the same user or not.

; User privacy thus plays a central role in the system, 30 since the User Profile is centralized in an agent that can be controlled by the user or a user authorized by the user. In addition, the consistency of the two contracts is difficult to demonstrate and the agent behind the contracts is * · *: · 'difficult to disclose.

In addition, since the profile agents can be mobile, they are not tied to specific providers and thus the profile has an unlimited lifetime.

»· · 6 111879

List of figures

In the following, the invention and its preferred embodiments will be described in more detail with reference to the examples of Figures 1-14 in the accompanying drawings, in which Figure 5 shows the architecture of a system according to the present invention, Figure 2 shows the overall structure of a single user profile agent; Figure 4b illustrates the typical structure and content of a single item within a user profile agent bottom layer; Figure 5b is an example of a user profile agent bottom layer content; Figures 6 and 7 are examples of two different profiles of a user profile agent middle layer , Figures 8 and 9 are examples of two different agreements within the outer layer 20 of a user profile agent Figure 10 is an example of a system-to-service message transfer when a user creates his own profile agent for himself, Figure 11 is an example of a system-to-service message transfer when creating a contract for a service application, ···. FIG. 12 is an example of a system-to-element message transfer in connection with a general information request received by a user profile agent, FIG. 13 is an example of a system-to-element message transfer when a user profile agent moves through the network, and FIG.

• »«. ***. DETAILED DESCRIPTION OF THE INVENTION

Figure 1 illustrates the architecture of a general system according to the present invention. The system comprises a plurality of servers (S1 to S3) that provide a wide variety of resources and services to network users. In this example, all servers are Internet or Intranet nodes (or equivalent 7111879 via TCP / IP networks). As used herein, the term "service" refers to a service application on a server.

User terminals (UT1 and UT2) have access to servers providing services in a manner known per se. The terminals may be fixed terminals 5 as shown in connection with UT1 or mobile terminals having a wireless connection to the system or network as shown in connection with UT2. The wireless interface may be implemented through multiple access points (AP1) or alternatively through a gateway (GW1) which changes requests from a protocol stack used between the gateway and the terminal, such as the WAP protocol stack, to the protocol stack used between the gateway and the server /P.M).

With respect to the idea of the invention, the types of user terminals and the connections between the user terminals and the servers providing the services are irrelevant. In this context, the only essential feature of the terminals is that they are provided with browsers or other known client programs that allow them to communicate with the servers providing the services. This communication is primarily based on the HTTP protocol, although there may be a transforming gateway between the server and the client as mentioned above.

The system further comprises user-specific profile agents PA, so each user of the system preferably has only one profile agent \ ·. for that user. A profile agent is a program that can perform tasks on behalf of its user and that stores the user's profile ·: ··; data. Thus, a single profile agent is a fixed entity to which the user ···. 25 may have the task of coordinating their profiles. Construction of a single profile agent ···. The web comprising code and data is discussed in more detail below in connection with Figures 2 and 3. Agents are implemented using known technology. utilizing.

Profile agents are located on special servers, • which are referred to herein as hostels. The hostel is simply a system platform: Y: (e.g., a computer program) that provides a platform for profile agents and. * ··. connect to the network. For the sake of simplicity, Figure 1 shows only one hostel, though usually many are hosted online.

• · · ': · * The system also includes agent creation units AC, which allow users to create their own profile agents. The agent creation units can be located, for example, in user terminals or in hostels.

8 111879 The user-specific profile agent is managed only by its user. Thus, in the system of the present invention, the User Profile is centralized to an agent that is supervised by the User. The user-specific profile agent may be stationary or it may be a moving agent, especially if the user is mobile. The mobile profile agent preferably moves so that it is always in the hostel closest to the user's current location.

To promote the mobility of the profile agent, the system further comprises a search system LS, which stores the current location of each individual profile agent and from which the location of the profile agents can be inquired. 10 Details of the structure of the search system will be described in more detail below, which describes how the position of each profile agent is stored in multiple locations, each of which assigns the respective address to a single contract that is part of the profile agent.

Figure 2 shows the structure of a single profile agent from the perspective of its customers. The agent preferably has a three-layer structure, of which the base profile of the user forms the lowest layer. The basic profile usually comprises all data about the user, which data is entered by the user or clients. The middle layer comprises the user's various digital personalities. Each personality is made up of data in the base profile and is a specific user-defined view of the base profile. An individual personality or view can be generated passively, that is, it may contain data j units that form a subset of data units in the core profile, or actively, whereby the desired basic profile data units can be processed to obtain the data units forming the personality.

. ···. 25 The top layer of a profile agent consists of interfaces that: ···. referred to herein as contracts. Contracts are the interfaces through which a user and services can access a profile agent. The user always has access to the profile agent through a special agreement called a host agreement, which is intended solely for your use. Service applications access digital 30 persons through service contracts, that is, services can refer only to: A: contracts, not persons behind contracts. To access the profile-. ···. data should be possible, each service must first contract with a profile agent. Once an agreement has been made, the service can utilize the profile agent: t · * through said agreement (interface). Each agent typically comprises 35 one contract per service provider or service application, although it is possible that one contract is for one service application / service provider group and one service application / service provider can also utilize multiple contracts.

The agreements thus control the user's identity. Although, from an architectural point of view, the agreements mainly represent 5 pseudonymous touchpoints in the profile data, their most important function for users is to limit the information available to customers (i.e. services). The profile agent must allow conversion of basic profile items from views to basic profiles, and vice versa. The conversions required are usually very simple, such as replacing the name with 10 pseudonyms and highlighting the user's various interests. A basic profile transformation is done for a specific context. Usually, the transformation is done in all dimensions of view - who, where, when and what. These dimensions could be modeled independently so that the transform could be the sum of all the transforms in the dimension. In fact, 15 users could represent a basic profile plus a number of variations for each dimension. By choosing the right set for each dimension and layering them on the basic profile, Häiivio 3 shows much more context than the profile agent and the service application. Each agreement on the top floor CT handles access rights by controlling both the entities accessing the profile agent and what these entities are allowed to do if access is allowed. The user personalities, in turn, correspond to the user view available in the service applications. The views are created from the user's basic profile, either directly or through conversions.

. ··. 25 The user has insufficient capacity to maintain a large number of conversions. The other extreme, that is, the complete lack of conversions, is not desirable either. Therefore, the user profile agent is primarily based on a trade-off between the two, that is, the user targets the conversions in some context. In fact, the transformation defines the user's personality, e.g., home or work. In addition, the characters are separated into their own layers so that they can be used in many contracts and that one contract can. allow multiple personalities.

The basic profile comprises the entire profile of the user, arranged in a slightly: · rarely. Figure 4a shows an example of a basic profile arranged in different categories according to the content of the profile. In this example, the first category includes unique identifiers for the user, the second category for biographical and demographic user information, the third category for user addresses, the fourth category for user interests, attitudes, etc., and the last category for user's current location and activity.

Each category of a basic profile consists of many items.

Figure 4b shows an example of the structure of a single item. The content of the title is divided into data units describing the title. In the example of Figure 4b, the first data unit represents the title name, the second represents the title, the third indicates the title type, the fourth indicates how the title is changed to a user personality, and the last one comprises the title value. By making the titles 10 individually identifiable, the user can control access to individual titles. As is evident, the number and type of items in individual categories can vary, depending on e.g. category and user. The number of hierarchical levels in the base profile may also vary.

Figure 5 shows an example of the content of one basic profile which forms the lowest layer of the agent. In the figure, the categories or items on the same hierarchical layer are indicated by boxes that are white on every other layer and black on every other layer. In this example, the user is Joe Doe, nicknamed '' Foobaf ''. The "conversion field" of the base profile represents all the conversions that are possible for this item. For example, the gender of the wearer can be varied from male (M) to female (F) and non-male (N). In the Model / Preference category, different service providers may collect information about user preferences. In this example, The category contains relative values that indicate how often a user accesses the sports, financial, and weather services provided by the service. ···. 25 on www.company1.com. If a particular agreed upon ontology is used for the user's preferences, this information can be used by all service providers for their own purposes.

In practice, the basic profile usually contains much more information than that shown in the example of Figure 5, which only describes what information the basic profile can contain.

Y. Figures 6 and 7 show two examples of the user's personality, ···. the basic user profile of which is shown in Fig. 5. Fig. 6 shows a working person who can be used e.g. The personality mentioned above for this person: www.companyl .com gets more weight than other services, that is, this person is more interested in Financial Services than other services. In addition, the user nickname is masked by services, i.e., the service nickname is not visible to the service provider. Figure 7 shows another person of the person, referred to herein as an online person, which can be used, for example, in home sessions. In this person, the user's gender has been de-gendered, income has been rounded to the nearest 10,000, 5 all titles except the nickname, and all titles below the home address are also hidden.

Figures 8 and 9 show the contents of the outer layer agreements of the user profile agent. Figure 8 shows only the host agreement used by the user. To ensure a secure connection with the user, the host-10 agreement stores the client's public key (PKU01) and its own public and secret keys (PKM01 and SKM01). The host agreement client is always the user whose host agreement is in question. Figure 9 illustrates an example of a general service agreement marked in "service01". Through this agreement, the two services access the user's profile information, i.e., the 15 services having the public keys PKS01 and PKS02. The agreement can specify the items in the basic profile that can be accessed through the agreement (cf. access / type = access). In this example, the items in the model / preference category can be read and written, while the items in the tag category and properties / inputs can only be read. The agreement may also specify those sections of the Fri-20 profile that are not accessible through the agreement. In this example, there is no access to postal address categories (access -! ** .. det / type = deny).

The contract can further define the personalities (views) that can be seen through the contract. In this example, only the online personality ···. 25 can be seen through the contract. Thus, even though the user is currently using a work person, the online person is visible to the OI service. The contract may also define different modes of operation for different services. The agreement in Figure 9 involves one approach: if the recipient, i.e. the service provider, is "company01", "'which indicates that the titles are for its exclusive use, then all other 30 unencrypted or non-hidden items are accessible. Below: Y: clarified how the user controls the items that can be viewed with the * *. * ··. agreement and the format in which they can be viewed, using the standard format for P3P (Platform for Privacy Preferences Projects) * · · • · ' • inform the service provider of the privacy practices of the profile agent (· user).

12 111879 In this way, the contract further defines the agent's middle floor views. The agent may also comprise a plurality of middle layers, each of which manipulates the views of the previous layer. Preferably, the determination of the data available to the customer is carried out in such a way that the determination of the data set available to the customer is more accurate and detailed when moving from the basic profile towards the outer layers of the agent.

Each user profile agent is primarily created by that user. Figure 10 illustrates an example of a system-to-system message exchange when a user creates a profile agent for himself. The system of the present invention comprises the above agent creation units for generating an agent. Each agent creation unit is a piece of software that allows a user to create a user profile agent. The agent creation units may be located at user terminals, hostels or on separate websites providing these services to users. Encrypting the messages exchanged salausavai-15 Mella Preferably, whenever the public key of the opposite party is available.

Initially, the user workstation sends a message to the agent creation unit asking the unit to start creating the user profile agent (step 1001). This message comprises the user's public key 20 (P_KEY_U). In response to this message, the agent creation unit creates for the user; blank profile agent. Once this is done, the agent creation unit asks the profile agent to create a host agreement so that the user can modify the agent. * ··. via said agreement (step 1003). This request also contains the public key of · · ·. The user profile agent then generates an identifier (CID) for the 25 host agreements (step 1004) and a key pair for the host agreement. The host agreement now has the keys to encrypted communication with the user, as shown in Figure 8. The user profile agent then informs the agent creation unit of the new agreement by sending an export message to the creation unit containing the identifier and the public key (P_KEY_MC) of the newly created agreement (step 1006). In response to this message, the agent creation unit sends a registration request to the search system (step 1007). . ···. This request contains the host agreement identifier and public key as well as routing information that points to the profile agent's location. However, the routing information in this example is zero (empty) because the user profile agent has not yet been moved to its proper location on the network. Upon receipt of this message, the search system will check that no existing agreement uses the tag.

13 111879

If the tag is not used, the search system registers the agreement and sends an acknowledgment to the agent creation unit (step 1008).

The user profile agent is then moved to its correct location, i.e., the hostel (step 1009). If the agent creation unit and the profile agent 5 are already in the hostel, this step will naturally be skipped. An agent transition typically contains multiple messages, although only one is shown in the graph.

After migration, the contract identifier is re-exported to the search system with proper routing information pointing to the hostel (step 1010). This is done by first activating the agent by the hostel. As a result, the agent requests the host to perform the re-export, and the host sends a message to the lookup system. The agent creation unit then acknowledges the user in step 1011 of the host agreement creation process. This acknowledgment message comprises a host agreement identifier and a public key. The user profile agent is now fully accessible, even though it is still empty.

15 The user must then enter data into the profile agent. For this purpose, the user workstation first requests the profile agent routing information from the lookup system by sending a request comprising the host agreement identifier (step 1012). Upon receipt of the routing information pointing to the host where the user profile agent is located, an update message is sent to the host 20 in step 1014. This message includes the host agreement identifier, the operations to be performed, and the data used in them. The host will forward the message profile -! * · .. to the agent. For example, if the user has created a basic profile as shown in Figure 5, the message may include the following write operations and data: · · update ("tags / name / first name", '' john '') ···, 25 update ('tags / name / middle name ',' 'Bar') • · .'l. refresh ('tags / name / last name', 'Doe') '···' update ('tags / name / nickname', '' Foobar ') , and so on.

Thus, the user places the desired data on the profile agent via a host agreement. The host agreement address is first fetched from the search engine.

* · · 30 This may require sending multiple updates to the hostel.

After the profile agent has completed the desired operations,. * ··. it acknowledges them (step 1017) to the hostel, which forwards the acknowledgment to the user terminal (step 1018).

: V The user profile agent is now ready for service applications. If the user subsequently wishes to update his existing profile agent, the update is performed as shown in Figure 10, as shown in steps 1012 to 1018, i.e..

14 The routing information pointing 111179 to the correct host will be requested from the lookup system and then one or more update messages will be sent to the host where the profile agent is located.

When a user contacts a service that wants to take advantage of pro-5 mood data, an agreement must first be made for the service. Figure 11 shows an example of system-to-system messaging when a new agreement is created between a profile agent and a client (i.e., a service provider / service application). First, the user sends a standard service request to the web server providing the services (step 1101). In response to the request, the user typically receives a registration form from the server (step 1102). After that, the user must visit their own profile agent. For this purpose, the user sends an import message to the paging system asking the paging system for a host agreement address (step 1103). In response to this message, the retrieval system returns the routing information to the user. The routing information shows the current location of the 15 host contracts. This example assumes that the user profile agent is currently in host A.

The user then sends a message to host A (step 1105) and asks for a service agreement. This message contains at least the host agreement identifier and the public key of the service (P_KEY_S) obtained earlier than 20 on the registration page. The host searches for the user's profile agent, which matches the host agreement identifier received and delivers the message • «· ·: ·. to the aforementioned user profile agent in step 1106. In response to ♦ *, '···, the user profile agent creates a contract ID and «» *] * for the service. the key pair (step 1107) and the agent exports the generated contract ID (CID) and its public key (P_KEY_C) to the hostel (step 1108). The host knows which node of the search system is available and sends a request to this node in step 1109. This request asks the search system to register a new agreement. The message comprises a contract ID, a public key, and routing information pointing to host A *. The routing information provided in this message provides different 30 paths to host A than in step 1104 so that the host agreement and service agreement cannot be linked together through its location.

If the new agreement is successfully registered, the search system I · acknowledges the operation to the hostel (step 1110), which then confirms it to the user profile agent (step 1111).

35 The user is then informed of the ID of the newly created contract. The user profile agent first sends the contract ID and public key 111879 to the host which forwards the message to the user terminal (steps 1112 and 1113).

Upon receipt of this information, the user workstation updates the agreement according to its preferences in step 1114. That is, in this step 5, the user determines the views that are visible through this agreement by defining at least the outermost layer of the profile agent. This step defines the titles that the service provider / service application can see, the format in which they are displayed, and what the service provider may contract.

Thereafter, the user workstation sends a response to the registration page received in step 1102 to the service provider server. This message of step 1115 may be a standard HTTP-POST message comprising a contract ID and a public key.

As described above, in this basic operating model, the user initiates the relationship between the service and the user profile agent by sending a new contract identifier to the service providing server. In response to this message, the server requests routing information to the agent host from the lookup system (step 1116). When the server receives this information in step 1117, it knows that an agreement exists, that is, the user is not trying to cheat. The server then requests information about the user's profile agent by sending an information request to the host which forwards the request to the profile agent (steps 1118 and 1119). J · * / The request contains the contract ID, the operations and the parameters associated with the operations. For example, if a server requests data that is in a user's profile in the "" name "subcategory, the operation is" "read" and the parameters include "" tags / name ".

25 The user profile agent first authenticates the request and then processes it. In response, the requested information is returned to the server (steps 1121 and 1122). If the agreement of Figure 9 has been previously established, the user profile agent notices in step 1120 that an online ·: ··: person must be used. Because the online personality is such that only the nickname can be displayed in the '' identifier * * ': 30 paths / name' sub-category, the user profile agent only returns the nickname (Foobar) in step 1121. When the server receives this message, it can resume normal operation to the user

I I

web pages (step 1123). This HTTP response contains the user's favorite name in the message body. After that the user can use the service.

· “*: 35 If the service wants to know more about the user later in the same or next service session, the service sends an information request ie 111879 to the user's profile agent. Figure 12 shows an example of system-to-system message exchange in connection with such a generic information request from a service providing server. The server first requests routing information to the profile agent host from the paging system and upon receiving it, sends an information request to the host (steps 1201 to 1203), which forwards the request to the user profile agent (step 1204). In this context, it is possible to specify that if the operation requested by the service is not allowed, permission is requested from the user's workstation. The user profile agent then requests permission from the user's workstation by sending a confirmation request to the user's workstation through the hostel (step 1205). If the user allows the operation, it returns approval (step 1206). When the user profile agent receives this message, it begins processing the request and then sends the desired information to the service (steps 1207 and 1208). For example, if the requested operation was '' write '', then the user profile agent returns the status of the request (i.e., request 15 completed). If the user's workstation denies the operation required by the service, the service is informed that the requested operation is not allowed. On the other hand, if no transaction confirmation is required, the user profile agent will respond to the service immediately upon request.

As mentioned above, the user profile agent can also move within the network. For example, if a user's current location has been updated in some way, such as with a GPS receiver, the user profile agent may find that it is too far from the user's current location. The user profile agent * · will then initiate the location update by sending a migration request to the current hostel. 13, step 1301. This message may include the address of the new hostel near the current location of the user's | * 25 workstation, or :: if the user's profile agent does not know where the nearest hostel is,

t «I

current location and request to transfer the agent to the hostel nearest to that location. As a result, the new hostel (hostel B) will be sent: ··! a request to approve the user profile agent (step 1302). If the new host accepts • the profile agent, it sends an acknowledgment to the current host (step 1303). Upon receiving this message, the current hostel is requesting access to I | I allow the profile agent to paraphrase itself (step 1304). In response, the agent is • worded to a new hostel (steps 1305 and 1306).

: * · *: This new hostel activates the user profile agent in step 1307. In response to 35 activations, the user profile agent sends a request to the new hostel to update the location of each agreement, one agreement at a time. Figure 13 illustrates an update of two contract locations (CID1 and CID2, respectively, steps 1308 and 1312). Messages sent by the user profile agent include the contract identifier and the public key. In response to each request from the user profile agent, the new host sends an update request 5 to the paging system by adding routing information (corresponding steps 1309 and 1313 to the first and second contracts, respectively). The paging system updates the location of the contract indicated by the request and sends an acknowledgment back to the hostel (steps 1310 and 1314), which forwards the acknowledgment to the user profile agent (steps 1311 and 1315). Once the user profile agent has received an acknowledgment for each update process, it sends an acknowledgment request to the new host (step 1316). In response to this request, the new host will acknowledge the transfer of the agent to the original host (step 1317).

This way, the new hostel updates the user profile agent location agreement. Locations are updated on a contract-by-contract basis to prevent 15 search systems from discovering contracts that belong to the same user profile agent.

The search system acts like a black box when serving the rest of the system. Contact points (i.e. contracts) are registered there by a location update operation and are requested from there by a search operation. 20 The search system is also required to be efficient and scalable. : · Va. Thus, the resources of the search system should not obstruct the movement of the user's profile agent ♦ · · ·. The various options for implementing the application system are described in:. · · ·. the following briefly.

Because the profile agent knows its customers, the simplest option for • · 25 profile agents would be to keep customers aware of their location. However, collaboration would allow customers to observe when each pseudonym '···' (personality) changes its location and thus correlate which pseudonyms are more likely to be associated with the same person. In particular, this would prevent users from using two contracts with a customer.

· * [': 30 Using retransmission chains is another option to implement a search system. In such a solution, the agent leaves out -!.! address when moving to a new hostel itself.

T * By following a chain of shipping addresses, the customer finds an agent.

• V The disadvantage of this solution is that it is malfunctioning when 35 agents are moving vigorously - the length of the chain increases and the search path can be popped from one side of the globe to another.

is 111879

The home-based solution eliminates unpredictable search paths in the chain model. In a home-based solution model, each user profile agent would have a defined server, a home that tracks its location. However, this solution restricts mobility by binding the user to the home provider.

5 The name server solution is a traditional way of linking tags to their locations. It is used, for example, in the Internet domain name system. Name server systems are highly scalable because parts of the identifier space are distributed hierarchically to different servers. Unfortunately, such a hierarchical addressing assumes that the address binding is fairly 10 permanent.

To maximize personal mobility, addressing must be hierarchically low, and a name server solution is not possible. Location service based on a hierarchically flat address space is described in Ballintijn, van Steen, and Tanen-15 Baum, Exploring Location Awareness for Scalable Location Object Ideas, Proceedings of the Fifth Annual ASCI Conference, Heijen, The Netherlands, June 1999 , pp. 321-332 (also available at http://www.cs.vu.nl/pub/papers/globe/IR-459.99.pdf, visited 4/2000). Preferably, the search system of the present invention is similar to that described in this article 20. The key idea in this positioning service is to take advantage of locality, which means that search costs increase as the distance increases. to the address where it is cheaper '.' Search for local destinations.

The structure of such a search system is illustrated in Figure 14.

* * t I

Because the architecture is hierarchical, the nodes in the system divide the network into a hierarchy of geographical areas. At the bottom of the hierarchy are leaf nodes, t | each of which covers a newspaper area, which may be virtually a few local area networks. The next higher-level region may then represent, for example, the city where the LANs are located. Each of the 30 areas is associated with a directory node that stores location information about the agreements in its area (i.e., the area covered by the nodes below it). The root node at the top of the hie hierarchy covers the entire network and includes for each identifier the next layer node pointers, etc. The leaf nodes store the contract addresses. Thus, only one leaf node knows where the hostel 35 contract is. When the search is performed, the search operation starts from the leaf page that corresponds to the area where the customer is located. If the leaf node has 19 111879 addresses, the customer will receive the address immediately. Otherwise, the request proceeds upward until it reaches a directory node comprising a record of the sought identifier, from where it lowers to the leaf node where the address is located.

As the structure and function of the search system is known per se, 5 its details are not discussed further here. Further information can be found in the above article or in M. van Steen and F. Hauck, Algorithmic Design of the Globe Wide-Area Location Service, The Computer Journal, 1998, Vol. 41, No. 5, p. 297-310 (also available at http://www.cs.vu.nl/pub/papers/globe/IR-440.97.ext.pdf).

10 Although the invention has been described by way of example only in the appended drawings, it is clear that the invention is not limited to them but can be practiced by one skilled in the art without departing from the scope and spirit of the invention. The following is a brief overview of some of the likely variations.

The system can support three different communication modes for profile agents: static, session-based, and event-based modes.

In the spatial communication mode described above, no long-term information about the profile agent location is maintained outside the paging system. This mode allows for a simple request-response message exchange. Because of the security risks associated with other modes, spatial communication is the 20 primary means of communication for most customers. For each s. ··· For handover, clients first retrieve the profile agent location and then perform a message exchange, including authentication.

. ···. In session-based communication mode, the client can enter into a long-term relationship with the profile agent. If the profile agent moves during these 25 time periods, the session will also move. In addition, authentication and policy notification are performed only once. However, when a profile agent sends a notification of a new address to clients, they may launch a correlation attack based on when the updates arrive. Thus, the use of session-based communication should be restricted to the clients being created.

Event-based communication can be used to share profile changes. In this mode, customers subscribe to receive certain notifications. When a profile agent receives an update: ·, it sends a notification to all subscribed customers.

35 Events can also be exploited in correlation attacks.

«♦ ·

Potential attacks can be reduced by making their delivery asynchronous, i.e. by adding variable delays between each message being sent.

The user profile agent may also be a distributed entity comprising a parent agent and a plurality of child agents. This allows different contracts to be on different hos-5 rolls. The advantage of such an implementation is that the user no longer has to rely on one hostel for all information, with the exception of the parent agent host, which can still access all parts of the profile but no longer knows all the clients with whom the profile agent is related.

The profile agents can also be implemented without storing views for subsequent information requests. In such a case, the profile agent generates a view each time profile information is requested by using one or more of the view defining functions. In such a case, said one or more functions form the middle layer of the agent between the kernel and the contracts. Thus, in its simplest form, contract 15 can only contain its own identifier.

However, the use of the above option is recommended as it is much simpler to define and utilize ready-made views than to create them in real time. In addition, the level of service can be easily improved by utilizing ready-made views. For example, the system may utilize ready views that are deployed at a particular time of day or by the user. ·: · By location.

: \ it In order to keep the number of contracts in good standing, a contract can be · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · ·

It is also possible to use a "stripped down" version of the system, so that the profile information entered by the user through the host agreement is available to all customers who access the profile path through the agreement.

Anonymous routing can also be used to prevent malicious parties from disclosing a user agent by correlating contracts. 30 In such an implementation, each contract of the user agent is assigned a different address via an anonymous network that the hostels are connected to! conjunction. Because anonymous routing is known per se, it is not discussed further here.

Although the invention has been described above in the light of the examples in the attached figures, it is clear that the invention is not limited to these examples, but can be modified by one skilled in the art without departing from the spirit and scope of the invention.

Claims (19)

A method for providing user-specific information for service applications in a telecommunications network, characterized in that in the process: 5. the user's profile data is stored in user-specific software agents, each of which comprises at least one inner layer for storing the user's profile data and an outer layer for storage of contracts, which contracts form boundary layers to control the use of profile data from the network, 10. said agents are stored in the network, - the contracts are used for customers and the contracts are stored in the outer layer, each customer being a party that utilizes existing profile data in the network; - the respective positions of the contract are maintained in a position information system; - the location of a desired contract is requested by the system; and - user-specific information is transmitted between the customer and the agent by means of said contract. Method according to claim 1, characterized in that it further comprises a step for determining views of profile data and for connecting each view with at least one contract, the view; 1 determining the form and content of the user-specific information available for the customer by means of the contract linked to the view. * 25 The method according to claim 2, characterized in that the submission of a contract comprises the submission of a special host contract for use by the user only and the submission of at least one service contract for the use of a service application that exists in the network. Method according to claim 2, characterized in that; The transfer comprises the transfer of user-specific information from said location to the customer, whereby said information is in accordance with the view • • linked to said contract. t i » The method according to claim 3, characterized in that said transmission comprises transmitting user-specific information: from the user to said location. • 1 * 1 fit 111879 Method according to claim 5, characterized in that the user enters user-specific information in the inner layer by the host contract. Process according to claim 3, characterized in that the user begins to enter into a service contract. Method according to claim 4, characterized in that it further comprises storing views of profile data in the agent. Method according to claim 8, characterized in that the transmission of user-specific information comprises the use of a view previously stored in the agent. Method according to claim 1, characterized in that it further comprises transferring agents in the network in response to a change in the user's position. Method according to claim 1, characterized in that the transmission of user-specific information comprises the encryption of data. Method according to claim 3, characterized in that the request for the location is performed at least once for each service session between the user and the customer. 20 The method according to claim 1, characterized in that the customer is a service application. The method according to claim 1, characterized in that the customer is the user. 15. A system for providing user-specific information for service applications in a telecommunications network, characterized in that the system comprises - for storing the user's profile data, user-specific software agents, each of which comprises at least one inner layer for storing the user's profile data and an external one. layers for storing; 30 such contracts, by which customers have access to profile data, where: at each contract forms an interface, by means of which the user's use of profile data from the network is controlled, and each customer is one; party using existing profile data on the user in the network, - storage means for storing said agents in the network,: f 35 - mode control means for checking the respective positions of the contract, and 111879 - means for transmitting user-specific information by means of said contract the position of the desired contract and the customer. System according to claim 15, characterized in that it further comprises means for determining views of profile data and for interconnecting each view with at least one contract, each view determining the form and content of the user-specific information available by means of the to view the contract linked. 17. A system according to claim 16, characterized in that the user-specific software agents comprise an additional views storing intermediate layer which is located between the outer and the inner layer. System according to claim 15, characterized in that the 15 user-specific software agents are movable agents. 19. A system according to claim 15, characterized in that it further comprises agent creation means for creating a profile agent for the user. t I · »» * ·