DIGITAL MAIL
Background
Field of the Invention The present invention relates generally to electronic communication systems, and more particularly to electronic communication systems that self-authenticate the identity of senders and recipients, support multiple modes of addressing, and provide for automatic prioritization of received communications.
Background of the Invention Today, it is not possible to send electronic data to a recipient addressed by the recipient's physical street address. Instead, whenever the physical street address is desired as the definition of recipient, the only distribution mechanism equipped to use it is the postal service or other physical delivery systems. An item to deliver to a recipient is first provided to the postal system at formal post offices, drop boxes, contract stations, or at post office branch locations. The delivered item is likewise made available to the recipient at post office boxes, city boxes, at rural delivery points or directly at ultimate street address destinations. There is only a single "addressing mode", namely the "postal address" that defines both the input and the output points of the transport channel of the postal handling service, which in most cases is a central governmental organization, such as the United States Postal Service. The organization sets up both the form and some of the substance involved in geographical addresses (the "Postal Address") for all entities along with providing the service of delivery. Although variations of the postal handling service have appeared, including specialized package handling services and overnight package handling services, all such systems rely upon the use of a Postal Address for addressing purposes. Traditional methods of data transmission using a Postal Address yield several advantages. One advantage of the Postal Address is the trust process derived from centralized governmental control over issuance of addresses as to the validity of an address matching a specific location. Further trust levels and services, including authentication of receipt, authentication of the receiver, and so forth, may be provided as for certified mail, or delivery systems requiring identification of receiver. Another advantage is the commercial utility of the Postal Address for targeting customers in specific geographical regions. A powerful tool
of the advertising and marketing industry is the use of Postal Addresses combined with large demographic databases to pinpoint potential customers. Reliance on a method of transmission based on a geographically determinate location allows for catalogs, brochures, offering print material, and the like, to be sent to a target group thus increasing the probability of achieving or retaining new customers at a lower cost.
A significant disadvantage to the postal handling service and its variations is a very large cost function related to speed of transmission. In order to guarantee quick arrival time, costs for transmission of data increase rapidly. A further disadvantage from the commercial side is the cost of the paper or materials to be transmitted, which sets limits as to the extent an advertiser may reach a potential market.
With the accelerated development of the personal computer (the "PC") and digital telecommunications systems, including the Internet, alternate points of entry and exit and varied transport systems have appeared. Facsimile transmission and other forms of data communication via modem, radio frequency transmission, satellite communication, and combinations thereof, have grown in use by wide margins in the past fifteen years. As acceptance and use of these channels of communication have grown, so too has the technological capability of the supporting systems. Additionally, the growth of combined channels of communication (or "hybrid channels") has occurred.
Hybrid mail is one of such hybrid channels. In recent years, the term "hybrid mail" , as well as the service it denotes, have grown with increased acceptance as the business and technical communities have found better and more efficient ways to utilize the mail stream not only in the United States, but across the global marketplace as well. With some similarities to facsimile transmission, hybrid mail allows a sender to have data transmitted in electronic form to an area in close proximity to the recipient for printing and then uses delivery via the local postal service. Thus, unlike normal facsimile transmission methods which allow the sender to use a public telephone number for the electronic transmission of data to the receiver who must have a telephone and a facsimile device, hybrid mail makes use of the postal handling service at the end point for completing transmission of data to the recipient, so that the recipient need not have a facsimile device. Although hybrid mail and facsimile transmissions have utility in cutting costs and times for data transmission, they are fundamentally one-way solutions with neither dynamic storage ability nor the ability to transmit data in anything more complicated than paper form. That is, once a person receives an item by hybrid mail there is no direct mechanism by which
they can respond; nor is there any type of 'account' set up by which they can automatically receive hybrid mail and all other forms of transmission in an integrated fashion.
In contrast to the traditional postal handling services and hybrid delivery channels, electronic mail systems provides a robust method for the transmission, reception, storage, retrieval and display of data either in local area networks or more widely interconnected via the Internet. Such methods rely upon a consistently loose electronic format ("e-mail"), but use only a very strict addressing mechanism (the "e-mail address"). Such e-mail systems have the capability of rendering data in a variety of formats, for visual display on a screen or in printed form, for remote access or locally, for easy duplication and retransmission, for streamlined detection of receipt methods, very low cost and short time delays. However, current implementations of e-mail systems have their limitations, and in particular, cannot use the postal address as a descriptor of the intended recipient.
One limitation of email is that transmission of data via e-mail to a particular end-user cannot occur until the end-user has designated an e-mail address to which the data can be routed. That is, the user cannot receive email until their email address is established by their email service provider. Without such an email address, attempted email transmissions by others simply fail, with the sender being informed that the "recipient name is not recognized" or the like. That is, transmission is either impossible or creates an invalid response in an e-mail based system implementation if either an e-mail address has not been previously allocated for the reception of electronic media, or if the e-mail address designated for transmission does not have a corresponding allocated reception point.
Generally, the method of allocating an e-mail address for the routing of electronic media to an end-user can be referred to as "pre-registration" of an e-mail address. Without pre-registration of such address, electronic media cannot be transmitted, stored or retrieved by an end-user of an e-mail system.
Authentication is another problem with conventional email, referring to the ability to "know" the identity of the user. The method of authenticating an end-user related to an e-mail address is not a consistently defined process for e-mail based systems. Each local system allocating e-mail addresses can use its own approach, or no approach, to authenticate the end- user of an e-mail address location. Furthermore, such authentication information is not shared between loosely connected systems over the Internet (using the Standard Mail Transfer Protocol called "SMTP"), and thus when such end-user is a sender of electronic media, there is likewise no complete method of authentication with respect to such sender. That is, the
recipient of email over the internet today has no guarantee that the putative "sender" is in fact who sent the email message. The e-mail address is a virtual address that does not include information obvious to the end-receiver of electronic media to distinguish where the media arrives from, or whether the sender's indicated name is at all true. This makes it trivial with existing email systems to send anonymous email or email that is deliberately misleading as to the identity of the actual sender. Often, such email is unwanted and is called "spam", indicating a troublesome problem because filters cannot definitively know the true sender. This problem of ineffective filters exists at both the sending and receiving end of a transmission. Since IP addresses are typically assigned dynamically, they are not a way of identifying the actual sender connecting to an SMTP server to initiate an email, and since the SMTP protocol has no authentication of the sender, the "from" fields can be manipulated at will. Another limitation of conventional email systems is that the sender is likewise unable to require authentication of the recipient for a particular item of email at the time the recipient attempts to read the email. Thus, the sender has now way of knowing that the person who reviews the email is in fact the intended recipient; simple 'return receipts' provided by conventional email systems merely indicate that the email was read but do not authenticate the recipient.
Telephone systems are a ubiquitous form of communication, but other than being the infrastructure over which electronic communications often pass, they have no direct involvement in how electronic communications are addressed. Specifically, it is not possible today to address an email message to a recipient using their telephone number.
Summary of the Invention
The present invention addresses the disadvantages of the previously described prior methods of data transmission, providing a robust electronic transmission system similar to e- mail systems, with the additional and central addressing schemes based on the Postal Address used by postal handling services, or a telephone number, with authentication of both the receiver and sender insured, automatic pre-registration of a given account addressed via a valid Postal Address and methods of automatic generation and transmission of physical printed data for delivery in traditional postal handling systems. The present invention further allows for classification of data by both the sender and the receiver, such added control a result of the strong authentication properties of the system. The classification gives each receiver strong control over what they choose to read because they are able to rely upon trusted definitions of
the sender and categories. Unwanted e-mail can be relegated to appropriate categories, giving each receiver the individual choice as to whether to read or ignore all mail in a category without fear of misclassification of mail from authorized senders.
First, the present invention enables the use of postal addresses as a direct way of addressing electronic communications. An electronic communication, such as an e-mail message, can be sent to a recipient simply by including the recipient's postal address at the head of the body of a message sent by ordinary e-mail, or in fields specifically provided in a preferred browser interface. Unlike conventional systems, there is no need for the recipient to have a previously allocated e-mail address at a receiving system. Instead, the electronic communication can be delivered to a previously established master e-mail address (e.g.,
"postmaster") at a specified domain (e.g., "postoffice.com" or the like). At the domain, any or all available postal addresses have been assigned a digital mailbox associated with the recipient's name and postal address. The postal address of the recipient is extracted from the communication and used to identify the appropriate digital mailbox into which the communication is routed.
One aspect of the invention is that the use of postal address enables rigorous authentication of recipients, and enables the sender to send, and the recipient to receive, electronic communications to the recipient even before the recipient requests that the digital mailbox be activated or registered in his behalf. Rather, the sender's communication is used as a carrier for incentivizing the recipient to register and thereby authenticate themselves and activate their digital mailbox. More particularly, if the recipient has not activated their digital mailbox, then the sender's electronic communication may be printed out and combined with an authentication code assigned to the recipient. The combined printed communication and authentication code is delivered to the recipient at the postal address provided by the sender using the postal service, so that the authentication code is available only once the communication is opened and read. The recipient registers their digital mailbox by providing the code back to the system which hosts the digital mailbox. This action authenticates the identity of the recipient at the postal address, since by law, in nearly all countries, only the specified recipient of a postal item may open the contents of such item. Thus, one feature of the present invention is the use of the postal address, which are regularly maintained and updated, to provide a high level of authentication of electronic communication. Once a person has registered their digital mailbox, all communications sent from this person are authenticated: when received by others, the recipients have a high level
of certainty that the specified sender was in fact the sender of the communication. This ability is not available in conventional e-mail systems based on standardized, public e-mail protocols (e.g. SMTP, POP, etc.).
One embodiment of the present invention provides an electronic communication system for the creation, transmission, reception, storage, retrieval and display of data allocated to or transmitted from digital mail accounts ("digital mailbox") . The system maintains a digital mail account database which maps one or more unique identifiers to each digital mailbox.
Each unique identifier is a determinate combination of an entityname (e.g. "John Smith") and a postal address (e.g. "123 Main Street, Anytown, CA, 94311 , USA"). An individual recipient may have multiple different unique identifiers, using combinations of their entityname and different postal addresses; for each of these unique identifiers, the user may have a separate digital mailbox in the system. Overall, the combination of postal addresses and entitynames is a many-to-many relationship with all such combinations possible in the database system. Each digital mailbox is also assigned a unique account number, which also serves as an addressing mode, called the "digital P.O. Box".
Another aspect of the invention provides unique identifiers which are the combination of an entityname and a telephone number; again a user may have multiple such identifiers and digital mailboxes for each. The advantage to the user of having multiple identifiers, some based on postal addresses, some based on telephone numbers, some based on digital mailbox account numbers, is that the user may receive electronic communications which are addressed to the user by various combinations of their name and addresses, telephone numbers, or the like. The system automatically extracts the postal address (or telephone) information from a sender's message, forms the unique identifiers therefrom and determines from the database the appropriate digital mailbox into which the communication should be routed. From there, additional routing may occur to any of the other unique identifiers defined for the recipient's digital mailbox; for example forwarding to an external email address in another email system. It is not even necessary for the user to provide their identifiers to others in order to receive such communications. The availability of addresses and telephone numbers makes it possible for potential senders to directly address an end user with just this information.
A plurality of unique identifiers can map to a single account, or each of such plurality of unique identifiers can map to separate and distinct accounts, or can map into any
combination thereof. Mapping of the unique identifiers to the same account can only occur after registration and authentication (as described below) of each of such plurality of unique identifiers and only if the user which authenticates such unique identifier also has access, as verified by a password chosen at registration, to the account to be mapped to. Registration of a digital mailbox for a unique identifier may occur in a number of different ways:
(i) transmission of data to a specified user at a postal address (which is a valid geographically determinate physical address) that corresponds, using a deterministic method, to a unique identifier not yet in the digital mail account database of registered accounts. This means that the recipient has not previously registered their digital mailbox and thus a new digital mailbox for the combination of the user's entityname and postal address can be pre- registered. This mechanism is called "sender-initiated account pre-registration" and can apply both to messages sent using ordinary e-mail or through the preferred browser interface, both of which allow digital Mail to be accumulated for a recipient. However, the digital post office can choose to only send physical print mail in the case of messages sent using the preferred browser interface.
(ii) a new user can request an account by entering both an entityname and a postal address (which is a valid geographically determinate physical address) that corresponds, using a deterministic method, to a unique identifier not yet in the digital mail account database of registered accounts. This mechanism is called "user-initiated account registration" and the user can choose whether to request immediate authentication by validation of their identity through a trusted database (such as a credit-check) or whether to wait for a passcode to be physically sent to them. If the user chooses the latter method, then the account is left in a "pre-registered" state until the user receives the passcode and finishes registration. (iii) an existing user with a digital mailbox account requests the allocation of a new and distinct entityname and postal address (which is a valid geographically determinate physical address). This is one way in which the user may obtain multiple digital mailboxes for different unique identifiers based on their name and addresses.
In any of (i), (ii) or (iii) above, the creation of a new unique identifier in the system instigates the allocation of an entry in the database system for such unique identifier, but such a pre-registered account is not considered registered and authenticated until a user chooses one of the authentication methods to prove they really can receive physical mail at the postal address specified. The authentication process of a unique identifier is accomplished using
verification processes which all have the fundamental concept of checking that a user really can receive physical mail addressed using the postal address from which the unique identifier is created. The authentication methods include:
(i) the reception of a physical notice through a postal handling service (e.g. US Postal Service) sent by the system (preferably, automatically) to the designated user at the postal address, and the registration into the digital post office system of a passcode printed in the physical notice.
(ii) validation of the user's name and postal address in an existing trusted database containing postal addresses, such as by using a credit check on a supplied credit card number, the National Address Change Database, or other databases which are reliable sources of postal addresses;
(iii) validation of name and postal address through the use of a pass code found on a mailing piece already sent to the user via the postal service (thereby authenticating the address), and provided by the user back to the system (thereby authenticating the user at the address).
In all methods the authentication is based upon the trust inherited from the ability of the physical postal service to deliver physical mail to the user at the postal address included in the unique identifier. In the first method the notice contains (i) an indicator of transmission of data to the user (by some other sender) or an attempt by the user to pre-register an account in the database system, (ii) information to access the database system, and (iii) a pass-code necessary to complete the authentication of the unique identifier. Until authentication of a unique identifier, access to the database system is limited to the functions provided for digital mail accounts with no bound unique identifier, which includes the sending of digital mail to others, but such mail is presented as "authentication pending". Optionally, the registration process may also include specification and validation of data for other addressing modes, specifically including a telephone number and e-mail address. Each of these additional pieces of data are also subject to authentication. A telephone number can be authenticated by having the user call from the specified number and using Caller-ID to identify the number is really accessible to the user. An e-mail address is verified by having the digital post office send e-mail containing a code to the user, and having the user reply to the e- mail message. Each of these additional registration steps enable their respective addressing modes for the user's digital mail account.
The invention also includes methods for presentation of digital mail messages to a user in definitive categories that are based on the authentication status and type of sender. These categories allow a user to choose with confidence which digital mail to prioritize or discard. The method is advantageous even relative to actual physical mail because digital mail arrives sorted directly into the correct categories without effort from the user. The user does not have to write any particular filtering or sorting rules as in an e-mail client, as is conventional, in order to obtain the pre-sorted mail. The present invention includes a digital mail client application with a user interface that is structured to segregate incoming mail into visually distinguished grouping based on the type and authentication status of the sender. For example, the user interface may segregate the display of digital mailbox from business senders, personal senders, and/or by whether the sender is authenticated, not authenticated, or authentication pending.
The invention also includes a set of interfacing systems with electronic mail networks for the transmission of data to and from the digital post office system. These include: (i) Outgoing forwarding via e-mail: a method for forwarding of data transmitted to an authenticated unique identifier bound to a digital mailbox in the system to an e-mail address similarly bound to such digital mailbox. This allows for digital mail which has been addressed to the recipient in one mode to be forwarded and received by the recipient via a number of modes. For example, the sender may send an electronic communication to the recipient using the recipient's postal address. From the postal address and recipient name, the system determines the unique identifier formed from the name and address, and identifies the appropriate digital mailbox. The system then forwards the electronic communication to an e- mail address that the recipient has previously provided. Alternatively, the sender could have specified the recipient's telephone number, and again the system would create the unique identifier from the name and number, lookup the recipient's digital mailbox, and the e-mail address of the recipient specified therein, and forward the electronic communication accordingly. The advantage here is the ultimate destination described by the unique identifier has been authenticated and so the sender has assurance that the intended recipient receives the electronic communication. (ii) Outgoing replicating via e-mail: a method that duplicates the transmission of data to an authenticated unique identifier bound to an account in the database system, using any of the addressing modes, to an e-mail address similarly bound to such account.
(iii) Outgoing new messages via e-mail: a method for transmission of data by a user in the system to any existing e-mail address; and
(iv) Automatic sorting of incoming messages: a method for allocation of data received from an electronic mail network external to the database system to an account addressed by any of a variety of addressing modes specified in such transmission, or according to the class of sender (e.g. whether the sender is personal sender, a business, etc.).
The invention also includes a system for the creation of a new message that gets sent to a user at a postal address (whether or not such unique identifier has previously been registered or authenticated), and simultaneously submitted to a queued database system which generates a printed form of the data and distributes the printed form to a postal handling service for delivery to the user at the postal address specified. This allows a sender to send an electronic communication to a recipient who is not yet using the digital mail system, and for the recipient to receive the electronic communication in printed form at their postal address.
The invention also includes a system for the allocation, storage, retrieval and display of advertisements allocated into different categories in an advertising database system, including general, geographical, sponsorship or any combination thereof (i) on the display pages accessed by the user of the database system, (ii) in specified allocable portions of the data transmitted, received, stored, retrieved and displayed from the database system to the user, and (iii) in specified allocable portions of the printed form of the data distributed through a postal handling service.
The invention also includes a system for the authentication of data transmissions throughout the network and database system, including authentication of transmissions between the database system elements and authentication of transmissions as sent and received between users. The authentication of the transmissions is accomplished through a new Digital Mail Transfer Protocol which does not allow anonymous or unproven sender identities.
Instead, all data transmitted throughout the database system is authenticated by the inclusion of cryptographic digital certificates, whose validity is based upon an authentication trust authority with a root authentication secured in a bank vault and a hierarchy of nodes representing different authentication entries for all elements of the Digital Mail Network. The hierarchical distribution of trust and staged expiration dates of the digital certificates assure that security of the authentication is maintained and recovered, even if threatened by malicious intents. Users can therefore put trust and confidence in the authentication of each sender and in all status information about both senders and receivers.
By providing the above features and elements, and as described in more detail below, the invention described herein provides the following advantages and distinctions over the prior art:
The present invention provides the ability to send a message electronically using the physical street address or telephone number of the recipient. Such messages can be initiated from a browser interface (by filling out an online form). Alternatively, a user can initiate such a message via an ordinary e-mail composed using a conventional e-mail software product, by putting the address as text inside the body of an e-mail message, and sending it to a predetermined e-mail address (such as, for example, postmaster@postOffice.com). The present invention receives and parses the e-mail message, and generates the message for delivery to the specified address. If a telephone number is provided, the present invention consults a database to determine the physical address corresponding to the telephone number. The present invention also facilitates automatic updating of e-mail addresses when an individual moves or changes jobs, or the like. By contrast with conventional systems, whereby if a person moves, e-mail is not automatically forwarded, the present invention uses postal address change information submitted to the USPS National Address Change database to redirect electronic mail. Address change information triggers re-registration of the new physical address and then delivery of paper and digital mail to the person at the new address. The present invention provides a mechanism by which a message can be sent electronically to a recipient, without requiring that the recipient have taken any prior action such as "opening" an account or selecting an address. This provides significant advantages over conventional e-mail systems, which commonly rely upon "usernames" that must be chosen in advance, and which must be unique within a domain. In addition, such convention e-mail addresses must be known to a sender before that sender can initiate electronic communication with the recipient. The system of the present invention requires no such prior steps, because it can use a postal address or telephone number to identify a recipient, without requiring prior assignment of a username. In addition, in one embodiment, the sender's action in initiating a communication with a recipient triggers pre-registration of the recipient, and can thus facilitate a viral marketing scheme as described below. The present invention further provides functionality for "best-effort" or "closest- match" addressing. By contrast with conventional electronic addressing methods which require an exact (character-by-character) match, the present invention provides heuristics for determining a closest match for an input address, and if appropriate prompting the user as to
whether the closest match is the intended address. In one embodiment, several close matches can be displayed for user selection. In addition, the present invention provides an address correction wizard which checks both the validity and uniqueness of an address. If appropriate, the system suggests alternative close-matching choices, or requests more distinguishing fields (such as an apartment number).
As will be described in more detail below, the present invention facilitates several addressing modes. In one such mode, users can identify recipients based on digital mail box numbers, which are unique recipient identifiers. In one embodiment, such numbers are provided in the same format as credit-card numbers (i.e. 16 digits, broken into four groups of four digits each). Such digital mail box numbers are cross-indexed to full address information for a recipient. A user can send mail to a recipient electronically by specifying the box number within the e-mail address (e.g., boxnumber@postoffice.com).
Also, the present invention permits price discrimination based on addressing mode. For example, a postage price structure can be developed with varying price levels depending on whether the sender uses the digital mail box number, the postal address, an email, or the telephone number of the recipient as the address. This can be used to encourage certain addressing modes over other modes.
Since the present invention provides a mechanism for addressing based on postal addresses, authentication of identity is facilitated based upon the recipient's ability to receive a piece of physical mail at a particular postal street address. Once this authentication has taken place, further electronic mail messages to that recipient benefit from the previously obtained authentication. In other words, the present invention can guarantee that an entity claiming to have a particular street address actually does reside there, since the entity was able to receive a code sent to them by physical delivery (which the entity then registered online). Alternatively, some other authentication method may be used, which inherits knowledge of a past physical delivery.
Authentication based on ability to receive physical mail can also be "piggy-backed" onto some physical mail item. Thus, a code for receiver authentication can be printed on some other sender's physical mail, thus both saving postage, and potentially gaining customers through a wider distribution.
By providing authentication based on ability to receive physical mail, the present invention facilitates trusted delivery to a trusted address. In other words, the sender can be assured that an electronic message is sent to the recipient whose identity has been proven.
In addition, the present invention provides authentication as to the sender's identity. In one embodiment, messages from unauthenticated senders are allowed, but are labeled as such, and sorted into different categories, without effort by the recipient. This allows the recipient to decide whether such unauthenticated messages should even be read, with the recipient having to define their own, often unreliable rules for identifying "junk" mail as in conventional email systems.
Sensitive communications can be subject to an additional level of authentication. For example, when sending mail using the browser interface, a sender can specify that the recipient be required to provide additional authentication information (such as supply mother's maiden name, a sender-specific account number, password, or other secret information), prior to allowing the message to be read by the recipient.
Using the present invention, the authentication of an entity with a proven postal address can be certified to others by providing an automatic Digital Signature. The present invention can provide the Digital Signature for inclusion on other documents or in outgoing ordinary e-mail messages, thus providing authentication for any sender or receiver capable of reading Digital Signatures.
The present invention also provides several advantages in the presentation of messages and their content. For example, the invention facilitates pre-sorting of received mail into categories. Digital Mail is automatically presented in categories, both in the Digital Mail browser, and in conventional e-mail readers. When displaying messages in a conventional e- mail reader, the invention may adjust subject lines and/or receipt times so as to "trick" the e- mail reader into presenting messages in a category-sorted order (e.g., timestamping all messages from one particular class of sender 10 years back, another class of sender 20 years back and so forth; or prefixing subject lines with sender class designation, such as "Personal," "Business," and the like) . Categories are defined by the type and attributes of the sender, which are reliable due to the trust in the sender's identity provided by sender authentication. Some items, deemed higher priority than others within a given category, can be presented at the top of the category list, overriding normal sort methods such as order of arrival. This priority designation can be specified, for example, at premium cost to the sender, independent of any action by the receiver.
The present invention provides techniques for blending "transient" electronic messages (such as "instant" messages) with "ordinary" e-mail messages in a single mail reader. Thus, both types of messages can appear in the same list and format within an e-mail
reader, with the transient message disappearing when no longer relevant (such as when the sender of an instant message is no longer on-line).
The present invention provides techniques for authenticating the sender and receiver of an instant message. One of the problems with conventional instant messaging, such as AOL Instant Messenger™, lies in authenticating the sender and receiver, as the public domain instant messaging protocol TOC is easily spoofed, with just a userid and an XOR'd password for protection. By contrast this present invention allows the authentication of instant messaging using the authentication methods provided by the present invention.
Another advantage of the present invention is the capability of notifying a recipient of the arrival of electronic mail by any of several means, such as by telephone, fax, physical print delivery, and the like. The choice as to notification means can be made independently by both the sender and receiver. In conventional messaging services which allow users to, for example, receive faxes by e-mail, or to have their e-mail voice-synthesized to them over the phone, the notification mode is chosen by only one of either the sender or receiver. By contrast, the present invention allows both the sender and receiver to independently order extra delivery modes for any message.
The present invention also facilitates insertion of an advertisement, promotion, gift certificate, or coupon into printed physical personal mail, leveraging off of the sender's judgment about which promotions, etc. would be of interest to the recipient. Conventionally, a personal mail piece is separate from business or advertising pieces. The present invention allows the creation of a single printed mail piece with both the personal message from a sender unrelated to the advertising entity, such as a sender personally known to the recipient, as well as promotional/incentive material provided by an advertising entity, but selected by the sender. The single printed mail piece can be structured so that, after an initial opening, only part of the personal message is visible. Thus, the recipient must unfold the piece to see the rest of the personal message, thereby revealing the advertisement or coupon. Such printed mail pieces may be used both as physical paper greeting cards and as the initial notification method following pre-registration of a recipient. By providing a code on the printed mail piece, which is then entered by the recipient via an on-line form, registration of a recipient is facilitated. The present invention also provides a technique for "on-the-fly" mail merge.
Conventionally, mailing list expansions (called "mail merge"), for both physical and electronic mail, must replicate as many copies of the whole message as there are recipients. This is particularly costly (in both postage or storage) when many copies must be produced and
distributed. The present invention allows storage of a single copy of the base message, and personalization at the time of a recipient reading a message, instead of at the time of sending.
The present invention provides increased security in message transmission by employing a secure protocol designated as a Digital Mail Transfer Protocol (DMTP). This protocol improves on conventional Simple Mail Transfer Protocol (SMTP) by providing sender validation, by reference to both the host machine and the sending program. This heightens the security of electronic message transmission and decreases the likelihood of spoofing or hacking.
Users can be supplied with free software to run locally as a mail server on their local machine that enables all transmissions leaving their computer to use the secure DMTP protocol. The invention thereby provides users the choice of using mail servers either remotely (at a centralized post office) or on their own computer. If they do run the servers on their own computer, then the system can be configured so that all mail transmissions leaving the security of a user's own hardware use the secure encrypted DMTP protocol over the Digital Mail Virtual Private Network, and have fully private content and headers. For either choice of server, a user also can choose (or continue to use) any mail client (such as Outlook Express®, Eudora®, Netscape Messenger®, etc.), and still get the advantages of DMTP.
The present invention employs a hierarchical claim of trust in order to provide assurances that Digital Certificates issued by the invention are reliable and trustworthy. In one embodiment, the present invention establishes a hierarchical chain of trust rooted in a computer stored in a secure bank vault, such as a Swiss bank vault, that can generate certificates proving its identity and authorization. The digital mail network uses the hierarchy of certificates to provide secure trust for all transmissions and mail delivery. This trust hierarchy is then used to verify host identities instead of relying upon the Internet's DNS (Domain Name Servers). This not only secures the transmissions, but also verifies that the computers making the transmissions are not imposters. The invention can thus use the hardware infrastructure of the internet by creating a virtual private network with encrypted transmissions between hosts by doing its own authentication of the identity of those hosts.
The present invention further encompasses: the combinations of hardware and software systems that enable the forgoing processes with their various features and benefits; the software products that execute on conventional hardware to provide the above describe functionality; the user interfaces of the digital mail client applications that allow senders and recipients to manage digital mail accounts; the business methods for customer acquisition and
revenue generation which utilize the various processes of the digital mail network, along with the business methods related to the operation of a digital mail network; the physical mail pieces that include postal information of recipients and authentication or passcodes for authentication of a recipient's postal address; and the physical mail pieces such as greeting cards and the like that combine personal messages of a sender with coupons, advertisements, or promotions, etc. of an advertiser selected by the sender.
Brief Description of the Drawings
FIG. 1 is a block diagram overview of one embodiment of the database system and network of the present invention. FIG. 2 is a block diagram of the scalable system of computers that make up the backbone of the Digital Mail PostOffice embodiment of the present invention.
FIG. 3 is a block diagram of the software processes that form the remote server side of the Digital Mail Network, and run physically on the computers of the Digital Mail PostOffice.
FIG. 4 is a block diagram of the software processes that form the local server side of the Digital Mail Network, and run physically on the computers of a user .
FIG. 5 is a block diagram of the software processes that form the local client side of the Digital Mail Network, and run physically on the computers of a user .
FIG. 6 is an illustration of the type of folded physical mail that can be sent to notify entities that they have received Dmail waiting for them, and to enable them to activate their accounts.
FIG. 7 is a block diagram depicting a prior art addressing system for message transmission.
FIG. 8 is a block diagram depicting a unified addressing system for electronic messages, according to the present invention. FIG. 9 is a block diagram depicting sender-initiated account creation according to the present invention.
FIG. 10 is a block diagram depicting user-initiated account creation according to the present invention.
FIG. 11 is a flowchart showing a method of registration, including authentication of postal address, telephone number, and e-mail address, according to the present invention.
FIG. 12 is a flowchart showing a method of user-initiated address checking including potential new account pre-registration, according to the present invention.
FIG. 13 is a flowchart showing a method of sender-initiated digital mail including potential new account pre-registration, according to the present invention.
FIG. 14 is a screen shot of a sign-up screen according to one embodiment of the present invention. FIG. 15 is a screen shot of a screen for collection of additional registration information according to one embodiment of the present invention.
FIG. 16 is a screen shot of a mailbox screen according to one embodiment of the present invention, showing sorting by category and prioritizing of mail items.
FIG. 17 is a screen shot of a message display screen according to one embodiment of the present invention, including an electronic message addressed by a physical postal address. FIG. 18 is a screen shot of a screen for composing a letter according to one embodiment of the present invention, including a variety of addressing modes and address verification features.
FIG. 19 is a screen shot of a greeting card composition screen showing greeting card type selection, according to one embodiment of the present invention.
FIG. 20 is a screen shot of a greeting card composition screen showing greeting card selection, according to one embodiment of the present invention.
FIG. 21 is a screen shot of a greeting card composition screen showing message input, according to one embodiment of the present invention. FIG. 22 is a screen shot of a greeting card composition screen showing greeting card addressing, according to one embodiment of the present invention.
FIG. 23 is a screen shot of a greeting card composition screen showing gift certificate selection, according to one embodiment of the present invention.
FIG. 24 shows a greeting card including a personalized message, gift certificate, and registration code, according to one embodiment of the present invention.
FIG. 25 is a screen shot of an add contact screen according to one embodiment of the present invention.
FIG. 26 is a screen shot of an options screen according to one embodiment of the present invention. FIG. 27 is a screen shot of an address verification screen according to one embodiment of the present invention.
FIG. 28 is a conceptual diagram showing a comparison of digital mail with postal mail and e-mail.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
General Definitions
Unless otherwise defined herein, all terms which are commonly used in the computer, marketing, and Internet communities shall have the meanings commonly given such terms in such communities. The following definitions are provided for illustrative purposes only, and are not intended to limit the scope of the invention as claimed herein.
Advertiser: an Entity which provides or intends to provide an Advertisement. In one embodiment, Advertisers sign up to provide Advertisements, as described in more detail below.
Advertisement: an advertising communication to be delivered to one or more
Users. Advertisements may be delivered, for example, to (i) a User viewing content on the Digital Mail Network or (ii) an Entity who is in receipt of Print Digital Mail. Other delivery methods may also be used, as will be recognized by one skilled in the art. Advertisements may include, for example, any of a General Advertisement, Geographical Advertisement or Sponsorship Advertisement, or any combination thereof.
Pre-Registration: initiation of a Unique identifier. In one embodiment, this is performed by a) transmitting data to a Unique Identifier which has not been previously allocated in the Digital Mail PostOffice database, causing an allocation in the Digital Mail PostOffice database of such Unique Identifier for reference and the start of the Authentication process; or b) an Entity attempting to access the Digital Mail Network and entering a Postal Address to activate a new Unique Identifier; or c) a User requesting pre- registration using a new Entity name or new Postal Address. In one embodiment, the Pre- registration also starts the Timeout Period for the Unique Identifier.
Account: means by which the invention recognizes a User. In one embodiment, "Account" refers to a virtual allocation of a Digital P.O. Box with at least one Unique
Identifier. A User can access the Account to create, transmit, receive, store and retrieve Digital Mail.
Digital Mail or Dmail: a communication that can be transmitted, received, stored, or retrieved by a User. In one embodiment, such communications are associated with a
Digital Mail PostOffice. As will be recognized by one skilled in the art, Digital Mail can exist in any format, medium, or protocol, including for example any MIME or S/MIME format, digital postcards, greeting cards, letters, documents, brochures, catalogs, and the like.
Digital P.O. Box: a virtual holding location, for example in the Digital Mail
PostOffice. In one embodiment, a Digital P.O. Box is identified with respect to a User and an Account by a n-digit number written as a string of digits and spaces. For example, the account number may be a 16 digit number formatted like credit card numbers: "0123 4567 8912 3456". Formatting like a credit card number has the advantage that it instills in users a sense that the number is important and confidential, thereby further enhancing the care with which users treat their account numbers. One skilled in the art will recognize that any other format for the Digital P.O. Box may also be used. The association between a Digital P.O. Box and an Entity is defined, in one embodiment, by the database stored at the Digital Mail PostOffice.
Digital Mail Network: a combination of interconnected components that enable the functionality of the present invention, including, for example, the Digital Mail PostOffice, the Digital Mail Virtual Private Network, the trust authority hierarchy, and the client/server processes used for exchange of Digital Mail.
Digital Mail Virtual Private Network: a Virtual Private Network, as is known in the art. This may be implemented, for example, as an encryption-secured environment for communication across the Internet.
Digital Mail PostOffice: an infrastructure, including hardware and software elements, for implementing the functionality of the present invention, including for example a database system, interfaces to a Digital Mail Network Virtual Private Network and alternate email networks, generation of physical printed mail, and advertising database and control. In one embodiment, computers associated with Users and Entities are separate from and interact with the Digital Mail PostOffice.
E-Mail Network: any conventional e-mail network implementation.
Entityname: The exact text used to refer to a user, which becomes part of the database entry for a unique identifier for that user. The term "entityname" is a precise object, whereas the word "user" can refer both to a subject taking an action, as well as loosely to its own name.
E/PA: the combination of an entityname with its Postal Address.
General Advertisement: in one embodiment, this refers to any Advertisement that can appear to a User with content or in the advertisement section of physically transformed Digital Mail.
Geographical Advertisement in one embodiment, this refers to an Advertisement that appears to geographically-selected Users or to receivers of physically transformed
Digital Mail.
Postal Address: a geographically determinate address that is associated with a location. Typically, Postal Addresses are assigned by a country's centralized postal service for the delivery of physical media through a Postal Handling System .
Postal Handling System: any type of service for delivery of physical mail, including both government and private postal services, express delivery services, and the like.
Print Dmail: a printed counterpart to Digital Mail. In one embodiment, Print Dmail may be generated and mailed from a geographical location to an Entity with a valid Postal Address.
Preformat Print Dmail a transformed counterpart to Digital Mail. In one embodiment, Preformat Print Dmail may be forwarded to a print and mailing system to convert such data into Print Dmail.
Physical Notification: hard copy notification. In one embodiment, Physical Notification is sent upon Pre-registration of an Account. Such notification includes, for example, information as to accessing the Digital Mail Network, the use of a passcode to allocate an Account for the Entity based upon the Unique Identifier, and the like.
Registration: authentication of a Unique Identifier. In one embodiment, this is performed upon Pre-registration of the Unique Identifier, and corresponds to the opening of a Digital Mail Account. In one embodiment, Registration is performed in response to an action taken by a receiver, whereas Pre-registration of an Account may occur in response to an action of an unrelated sender. Registration may include, for example: sending a Physical Notification to an Entity with a Postal Address; or inheriting proof that physical mail can be received using the Unique Identifier. Registration may further included the process by which an Entity accesses the Digital Mail Network and supplies the information; the database is then updated to reflect the Registration. In one embodiment, if Registration of an Activated Unique Identifier is not completed within a predetermined period of time, a Timeout occurs, and the Unique Identifier is deactivated by removal from the Digital Mail Database.
Sponsor: an Advertiser. In one embodiment, Sponsors are Advertisers who have signed up with the Digital Mail PostOffice to sponsor, for example: (i) specific content on the Digital Mail Network, within Digital Mail that is transmitted, or on Physically
Transformed Digital Mail; (ii) any content on the Digital Mail Network or within Digital Mail which is viewed by Users; or (iii) any content on Physically Transformed Digital Mail that is sent to a recipient.
Sponsorship Advertisement: an Advertisement associated with a Sponsor.
Timeout Period: a predetermined time interval. In one embodiment, if Registration of an Activated Unique Identifier is not completed within the Timeout Period, the Unique Identifier is deactivated by removal from the Digital Mail Database.
Unique Identifier: an identifier for a user. In one embodiment, the Unique Identifier is created using the combination of the Entity name and the Postal Address.
User: a person, business, or group capable of having regular postal mail or other physical delivery sent to it.
System Architecture
The fundamental objective of the Digital Mail Network is to provide flexibility of addressing modes and delivery modes. In contrast to the prior art shown in Figure 7, where each addressing mode implies a unique delivery mode, the Digital Mail Network, as shown in the overview in Figure 8, allows any addressing mode to result in a message, or notification for a message, to be delivered using any delivery mode. For example, in the prior art, the postal address 601 was only meaningful to the postal delivery service 602, and a telephone number 606 was only meaningful to the telephone network 607. It was previously not possible to "address" a message using a telephone number 606, and have the message physical delivered. The digital Mail Network 100 allows such flexibility. With this invention, it is now possible to use the postal address 601 as an addressing mode for message that gets delivered electronically 605, and likewise it is possible for a message sent to a traditional "email address" 604 to trigger physical delivery 602 of a print version 603 of the desired message. Likewise, it is possible for a telephone number 606 to be used as the only "address" of the recipient, or for electronic messages to trigger notification by telephone 610. The Digital Mail Network is implement by a system of software processes running on scalable arrays of computers. Referring now to FIG. 1 , there is shown the top-level architecture of one embodiment of the Digital Mail Network 100, in accordance with the present invention.
Digital Mail Network
The Digital Mail Network 100 provides an operating environment for the present invention. In a preferred embodiment, the Digital Mail Network operates as a distributed system of networked components. The networked components are coupled together over a local area network or wide area network either publicly, such as the public Internet, or privately, such as the Digital Mail Virtual Private Network. The Digital Mail network routers, which provide interconnection of components on the network, also provide firewall protection that conceal internal networks from external networks and enforce secure access between components on the Digital Mail Network and the public Internet. The Digital Mail Virtual Private Network (DMVPN) provides end users with a way to privately access information on over a public network infrastructure such as the Internet . The DMVPN provides privacy using tunneling and encryption. In a tunnel, a private point-to-point connection is established between endpoints to exchange information. This connection cannot be accessed by other
parties. Encryption scrambles the data that is sent between two endpoints such that anyone observing the data cannot determine its content.
Digital Mail Authentication Authority
In a preferred embodiment there is a central trust authority 113 with multiple zone sub- authorities who issue and revoke Digital Certificates. A Digital Certificate is a set of data that completely identifies an entity, and is issued by an Authentication Authority only after that authority has verified the entity's identity. The Digital Certificates serve to authenticate each component in the network and provide for authentic and encrypted sessions between components. Digital Certificates are also a form of digital identification used to prove the identities of users on nonsecure networks such as the Internet and provide the information necessary to conduct private communications and prove the origin of communications. The term nonsecure network is used here to refer to a computer network that can be routinely accessed by users without the need to obtain access permission. Communications on such a network are subject to possible monitoring by unknown users. The potential also exists for fraudulent communications in which senders of messages falsely represent themselves. The Digital Mail Authentication Authority provides privacy and authentication services ensuring that only individuals with whom we want to share the information can understand it, and people with whom we share the information are really the individuals chosen to share it. Privacy in this context depends upon the ability to prevent anyone except the intended recipient from being able to read a message - even though anyone on the network might be able to intercept it. Authentication in this context is the verification that the entity with whom you are communicating is, in fact, who you think it is - even though you have no direct physical means of proof.
Trust Authority Root and Zone Authorities
In the preferred embodiment there is a Trust Authority Root 113 and multiple Zone
Authorities 113z. Within large worldwide networks that are composed of smaller, multiple regional units, the need for each unit to manage their own resources is required. Each unit must enforce the policies under which approval is granted to requesters to gain access to their resources. Providing these units the ability to issue Digital Certificates themselves can be accomplished by allowing them to become certifying authorities, each with their own Zone Authority server 113z. Misuse of authority is addressed through use of the Trust Authority hierarchy. The hierarchy begins with an ultimate certifying authority called Root 113. The
Root authority 113 certifies Zone Authority servers 113z within the network to enforce security and control throughout the entire system. If for some reason a Zone Authority mismanages the issuance of certificates, the relevant Zone Authority server certificate can be revoked by the Root authority. This effectively invalidates certificates issued by the Zone Authority without affecting any other certificates issued by the Root Authority.
Digital Mail PostOffice
In a preferred embodiment there are one or more central Digital Mail PostOffices 107 which provide centralized mail storage, mail delivery, mail exchange, account databases, account directories and lookup, postal address directories and address correction, digital mail piece authentication, digital postage accounting, and other mail handling services. The Digital Mail PostOffice 107 is coupled via the private Digital PostOffice Virtual Private Network Interface 160, and the public Digital PostOffice Internet Interface. In a preferred embodiment the Digital Mail PostOffice 107 includes Digital Mail Storage 114, Digital Mail Exchangers 109, Digital Mail Account Databases 115, Digital Mail Directories 110, Digital Mail Address Correction 150, Digital Mailbox Authentication 152, Entity Interface Servers 210, Digital Mail Print Servers 111, Digital Mail Print Systems 117, and Digital Mail Advertisement Servers 112.
Digital Mail Account Databases
In a preferred embodiment the Digital Mail Account Databases 115 provide storage for account data for a large number of digital mailboxes and include account numbers, account identifiers such as name, postal address, telephone number, email, fax number, Digital PO Box number, and the like. The databases 115 store user ID's, authentication information (passwords, digital certificates, and the like) and other identifying data. The database 115 stores information regarding recently registered and pre-registered accounts. The database 115 stores financial information associated with the Digital Mail Account including Digital Postage account balances and transactional information associated with mail handling and payment processing. The database 115 stores a collection of statistics associated with the account that are used for many purposes including heuristic algorithms used in mail handling, new account registration and other fee based services. The database 115 also includes user choices, preferences, alias lists, buddy lists, family member name lists, news preference lists, advertising preference lists, and explicit opt-in advertisement choices, and the like. Appendix C shows an example mail account organization for database 115.
Digital Mailbox Authentication Servers (DBA)
In a preferred embodiment the Digital Mailbox Authentication servers 152 provide all the authentication services for a Digital PostOffice 107 including the functions for account pre-registration, registration, additions, changes, modifications, removals, and the like. The servers 152 also provide mail piece identification services and other authentication services. The servers 152 are primarily responsible for communicating with Zone Authorities 113z for digital certificate issuance requests and other digital certificate management functions, including revoking and the like. In the preferred embodiment the authentication servers can be implemented using Sun Microsystems Sparc computers, or any other comparable computer, using software in addressable memory embodying the authentication server architecture of the present invention.
Digital Mail Storage
In the preferred embodiment the Digital Mail Storage 114 database is composed of Mail In-Queue storage, the Mail Out-Queue storage, Undeliverable Mail storage, Individual Account Mail storage, Business Account Mail storage, Consumer Mail storage, and Broadcast Mail Storage. The Individual Mail Storage includes separate storage components Inbox, Drafts, Trash, Sent, and other personal folders managed by the user. Each storage component has sections for mail classes including Personal, Priority, Financial, Business First Class, Business Standard Class, selected Consumer Mail classes, selected Broadcast Mail classes, selected Email classes, and other specialty mail classes. Separate sections allow for management by class which includes separate rules for in-bound delivery, display, out-bound sending, notification, sorting, filtering, blocking, opt-in, opt-out, and other mail action rules. Appendix D shows an example mail storage organization. Appendix B shows example of one mail piece storage format extension to RFC-822 format known in the art. Digital Mail Exchange Servers
In the preferred embodiment the Digital Mail Exchange servers 109 provide all services for digital mail reception and delivery management. The servers 109 provide the execution environment for the Digital MailMan modules. The Digital MailMan modules serve as the electronic equivalent of a physical postal mailman and provide for automated Mail processing and delivery for all mail forms. For each type of mail piece, there are separate
Digital MailMan modules include Dmail-In procesing modules, Email-In processing modules,
Dmail-Out processing modules, Email-Out processing modules, and Undeliverable Processing modules. The Digital MailMan modules may run separately or together on a mail exchanger server. The modules include all mail processing functions including initiating address lookup, address correction, delivery heuristics for weakly matching name and address recipient data, and the like. The Digital MailMan modules perform address lookup using Digital Mail Address Correction 150 services. The Digital MailMan module provides Digital Mail Account 115 debit and credit during mail delivery and includes exception processing for various financial processing conditions. The Digital MailMan module provides notification processing using the the Digital Mail Notification moduel. The Digital Mail Notification module performs all notification functions including notifications for all mail processing actions and exceptions. Notification processing occurs using all possible communication mediums including dmail, email, telephone, fax, instant messaging, and the like. In the preferred embodiment, the exchanger servers 109 can be implemented using Sun Microsystems Sparc computers, or any other comparable computer, using software in addressable memory embodying the exchanger server architecture of the present invention which provides access to a mass storage device 114 which stores a database of Dmail.
Digital Mail Address Correction (DAC)
In a preferred embodiment the Digital Mail Address Correction servers 150 provide both deterministic and heuristic address lookup and correction services. The services are available as Address Correction Wizards operating using the Digital Mail Account databases 115 and a combination of available worldwide postal address databases and postal change-of- address databases, including Postal Databases, such as the US Postal Address Database, the US Postal Change-of- Address Database, the Canadian Postal Address Database, other country Postal Address Databases, and the like. In the preferred embodiment the address correction servers 150 can be implemented using Sun Microsystems Sparc computers, or any other comparable computer, using software in addressable memory embodying the address correction server architecture of the present invention.
Digital Mail Directory (DMD)
In the preferred embodiment the Digital Mail Directory (DMD) servers 110 provide lookup and search services for various information within the Digital Mail Account storage 115. The services include lookups for all addressing forms, including postal addresses, telephone numbers, digital PO Box numbers, and the like, and lookups for all identification
forms, including names, nicknames, aliases, buddy lists, and the like, stored within the Digital Mail Account storage 115. In the preferred embodiment the directory servers 110 can be implemented using Sun Microsystems Sparc computers, or any other comparable computer, using software in addressable memory embodying the directory server architecture of the present invention which provides access to a mass storage device 115.
Digital Mail Print Servers (DPS)
In a preferred embodiment the print servers 111 are used to create physical mail pieces destined for delivery using the physical postal services. The print servers include functions for creating physical authentication mail pieces. The physical mail pieces may be combined with advertisements from the advertisement servers 112. In the preferred embodiment the print servers 111 can be implemented using Sun Microsystems Sparc computers, or any other comparable computer, using software in addressable memory embodying the print server architecture of the present invention which provides access between a mass storage device 116 which stores Preformat Print Dmail in a queue, and a print system 117 which accepts such Preformat Print Dmail, creates Print Dmail, and then forwards such Print Dmail onto a Postal Handling Service 118.
Digital Mail Advertisement Servers (DAS)
In a preferred embodiment the advertiser servers are used to deliver advertising messages with electronic mail pieces and physical postal mail pieces optionally using targeted using geo-demographics and other statistical modeling using statistical data stored in the Digital Mail Account databases 115. In a preferred embodiment the advertiser servers 112 can be implemented using Sun Microsystems Sparc computers, or any other comparable computer, using software in addressable memory embodying the advertiser server architecture of the present invention which provides access to a mass storage device 119 which stores a database of data objects representing advertisements.
Physical Worldwide Paper Postal Service
There are existing Physical Worldwide Paper Postal Services 118 that deliver physical postal mail to a physical location using the postal address. The Digital Mail PostOffice uses the physical postal services to deliver Print Dmail addressed by the postal address. In one embodiment, the Digital Mail PostOffice also uses the physical postal services to authenticate
a postal address associated with a Digital Mail Account 115. A postal address associated with a Digital Mail Account is authenticated by delivering to the account user, using the postal services for delivery, an authentication mail piece containing one or more passcodes. When an authentication document is delivered to the recipient by the postal services, the passcode(s) on the document inherit the trust imparted by the postal service's delivery to a trusted postal address. The authentication of recipient's identity is facilitated based upon the ability for a Digital Mail Account owner (a user) to receive an authentication mail piece at the postal address associated with his Digital Mail Account. A Digital Mail Account owner (user) uses the passcode(s) to complete the authentication process while logged on to the associated Digital Mail Account. With the authentication complete, a digital certificate is provided which inherits the trust imparted by the physical postal service for delivery to that identity. The digital certificate provided is subsequently used by both senders and receivers of electronic mail to authenticate sender and receiver identities respectively.
Remote Entity Servers
In a preferred embodiment there are one or more Remote Entity servers 210 located at the Digital Mail PostOffice 107 providing network services 106 to remote clients and which translate remote network communication from remote email and web clients, which communicate using standard Internet protocols (SMTP, POP, IMAP, HTTP), to the Digital Mail Transport Protocol (DMTP) protocol which interfaces to the Digital Mail Virtual Private Network 108. The entity servers include one or more Digital Mail Web Servers (DWS) 132, one or more Digital Mail Email Servers (EMS) 133, one or more Digital Mail Dmail Servers (DS) 134, and one or more Digital Mail Merge Servers (DMS) 135. In the preferred embodiment the entity servers 200 can be implemented using Sun Microsystems Sparc computers, or any other comparable computer, using software in addressable memory embodying the entity server architecture of the present invention.
Entity Client
In a preferred embodiment there are one or more entity clients 300 that provide the local execution environment for the creation, transmission, reception, storage, retrieval and display of data allocated to or transmitted from digital mail accounts ("digital mailbox"). The entity clients may communicate with the Remote Entity Servers 210 over the public Internet, or may be configured to use local Entity Servers 200 communicate using local interprocess communication 184. In the preferred embodiment the client systems 101 can be implemented
using a IBM personal computer, or any other comparable platforms, including a processor operatively coupled to a display, an input device, a network connection, and using software in the addressable memory embodying one of several client request architectures of the present invention, including a web-browser client 102 (such client being one of any number of off the shelf or similar web-browser packages such as the Netscape browser, the Microsoft Internet Explorer browser, etc.), an e-mail client 103 (such client being one of any number of off the shelf or similar SMTP or IMAP based e-mail packages, such as Microsoft Outlook, Eudora, etc.), a Dmail client 104, or a Dmail merge client 105.
Entity Servers
In a preferred embodiment there are one or more Entity servers 200 providing local network services on the client system 101 and which translate local network communication from local email and web clients, which communicate using standard Internet protocols (SMTP, POP, IMAP, HTTP), to the Digital Mail Transport Protocol (DMTP) protocol which interfaces to the Digital Mail Virtual Private Network. The Entity servers 200 also provide access to local mail storage, and other local mail handling and management services. In the preferred embodiment the client systems 101 can be implemented using a IBM personal computer, or any other comparable platforms, including a processor operatively coupled to a display, an input device, a network connection, and using software in the addressable memory embodying one of several client request architectures of the present invention, including the Digital Mail Web Server (DWS) 122, the Digital Mail Email Server (EMS) 123, the Digital Mail Dmail Server (DS) 124, and the Digital Mail Merge Server (DMS) 125.
Entity Client Communication using Entity Server or Remote Entity Server
The Digital Mail PostOffice 107 is connected either by the Digital Mail Virtual Private Network 108 or the public internet to the computers 101 of users, where the term "user" may refer either to a personal individual or to a business. Each user is able to choose whether to use the encrypted and secure Digital Mail Virtual Private Network 108 by installing local server software 200 on his own machine, or by accessing the server processes 210 providing the same functions but running on the computers of the central Digital PostOffice 107. In either case, the server process 200 or 210 communicate using existing standard protocols to client processes 300, but the difference is whether the transmissions on these unencrypted existing standard protocols are present on the public internet 106 or only local to the internal connections 184 of each users' own machines. The network connections 106 and 108 provide
access to the remotely situated Digital Mail PostOffice 107, either by unsecured public internet transactions, or by secured transactions over the Digital Mail Virtual Private network 108. The unsecured transactions on 106 are from the clients to the remote servers 132, 133, 134, 135 running at hardware owned by the Digital Mail PostOffice. Or the server processes 122, 123, 124, 125 can be run locally so that all communications leaving the physical computers 101 at the user site are secure over the Digital Mail Virtual Private Network 108.
Digital Mail Account Database Detail
The Digital Mail Post Office 107 includes a digital mail account database 115. This database 115 stores account data for a large number of digital mailboxes. Each digital mailbox is associated with the name and postal address of a user, and other identifying information, such as email address(es), telephone number(s), facsimile number(s), and the like. In addition, any number of unique identifiers derived from a combination of the name and postal address are also associated with each user's digital mailbox. The database 115 may be a relational or object oriented database; either implementation is acceptable. The only significant constraint is that each digital mailbox can be accessed by various unique identifiers formed from the user's name and the other identifying information, one of the postal addresses, telephone numbers, or the like. The database 115 stores tables for each name component, and postal address component, telephone number, and so forth, and builds various primary and secondary keys based on combinations of these components. Each digital mailbox is also assigned an account number, which preferably includes a strong random number, and may include other verification digits (e.g. check digits). In one embodiment the digital mailbox account number is a 16 digit number, which may be presented for display like conventional credit card numbers, i.e. 4 groups of 4 digits. Users may also address electronic communications to other using the recipient's digital mailbox account number.
The digital mail account database 115 also includes the collection of statistics that are available for use both by the Digital Mail PostOffice (in deciding, for example, what digital mail to forward by print mail), and for potential fee-based disclosure to senders or advertising sponsors. The statistical information, tallied both for pre-registered and registered accounts, includes count of:
How many times a particular unique identifier has been used as a destination address by other senders.
How many times the digital mail account user has sent mail to recipients that were already registered and authenticated.
How many times the digital mail account user has sent mail to "new" addresses, where this sender was caused such destination accounts to be pre-registered for the first time. (In particular, this last statistic is useful to recognize potential misuse, abuse, or spamming, and can be a factor leading to the de-registration of digital mail accounts.
The digital mail account database 115 also includes user choices, preferences, alias lists, buddy lists, family member name lists, news preference lists, advertising preference lists, and explicit opt-in advertisement choices. In the preferred embodiment the Digital Mail PostOffice can be implemented using
Sun Microsystems Sparc computers, or any other comparable computer, using software in addressable memory embodying one of several server client interface architectures of the present invention, including a web-browser server 122, an e-mail server 123, a Dmail server 124 or a Dmail merger server 125, and in the case of either the web-browser client server 122 or e-mail client server 123, corresponding software in addressable memory embodying one of several database interface server architectures of the present invention, including a web interface server 142 or an e-mail interface server 143.
Part of the Digital Mail Network is the internal connection on 108 between the interface servers 210 and the exchanger servers 109, directory servers 110, print servers 111, advertiser servers 112, unique identifier generation servers 152 and address correction servers 150. Alternatively, servers local to the user can communicate on 106 to the Digital Mail Virtual Private Network interface which acts as a bridge to the local Digital Mail Network 108 inside of 107.
Pre-registration of a Digital Mail Account
A Digital Mail Account is pre-registered for reception of data in one of two ways: (1) a potential recipient can directly request opening of a Digital Mail Account, including the specification of a unique identifier or (2) a sender can attempt to transmit data to a recipient using their name and postal address, or other unique combination of recipient name and identifying, authenticatible information. A. User (recipient) direct pre-registration of a Digital Mail Account
In the first method, shown in the overview Figure 10 and the more detailed flowchart Figure 11, a user 620 binds a unique identifier to a digital mail account (i.e. digital mailbox)
by accessing the Digital Mail Network and selecting an option to pre-register 621, which will create a unique identifier in the digital PostOffice database for transmission and reception of postal addressed data. Users would be motivated to request an account as a result of direct marketing, seeing promotional material on various web sites, hearing radio advertisements, or seeing print advertisements. The pre-registration process 621 allows the user a choice 633 of address authentication method. Typically, a user may choose physical postal authentication 634 which will result in a letter 622 being printed and physically sent back to user 620 by a postal delivery service. Until an account's unique identifier is actually authenticated and registered (described in the next main section) and represented by boxes 616 and 617, messages sent from the digital mailbox are marked as being from a sender with
"Authentication pending". When the user does receive the verification card 622, then the user can continue with the flow in Figure 11, visiting the web site and typing in the passcode on the verification card, and then re-entering 629 his Entityname and chosen password 630, and continuing with the registration process. The confirming of the physical receipt of the passcode 622 sent to the user verifies that the user was able to receive physical mail at the specified address, and so the digital PostOffice authenticates 617 the identity of the user in his future outgoing messages. Alternatively, if a user has received a "quickcode" card 635 already sent to him by another sender, the user can register immediately, without incurring an extra postal delay in waiting for card 622 to be delivered. After the fundamental postal address authentication, it is optionally possible for the user to choose 640 to register and authenticate 641 his telephone number or choose 642 to register and authenticate 643 his ordinary external email address.
Describing now the hardware and software used for these steps of pre-registration and registration, in the preferred embodiment, a user, such as userA 131, accesses the system 100 through a web browser client 102, and is provided with an option to activate a digital mailbox with new unique identifier to be bound to the digital mailbox. Selecting such option transmits the activate unique identifier request option across the network connections 106 and 108 to processes 122/132, which respond with a form page with fields for the entering of the new entityname ("E") and postal address ("PA") (such fields together referred to as the "E/PA"). UserA 131 interactively enters the fields of information used to identify themselves and their postal address plus any other optional information (e.g. telephone number, cell phone number, and so forth).
As will be described in the next section on the "Validation of a Postal Address", the server 122/132 does a preliminary check on the E/PA to determine whether all appropriate fields have been entered, or whether certain information is incomplete or not in appropriate form. If such check turns up errors, an Address Correction Wizard is invoked, and a new form page is created with the fields and data entered into by the user, indicating which fields are incorrect and need to be updated correctly, such page sent over the network connection 106 and displayed for userA 131 to correct through the web browser client 102.
With the completion of a preliminary check, the E/PA entered by userA 131 is passed off by the web server 122/132 to central authentication processors 152. The software invoking the unique identifier search goes through a set of procedures to attempt to heuristically match different permutations of the given entityname and ancillary data of the E/PA plus a normalized postal address to the already allocated unique identifiers stored in the mass storage system 115. That is, the software attempts to determine whether the user has previously activated a digital mailbox for this or a similar unique identifier. For example, one of the heuristics is to compare the given entityname to a list of known "disallowed" entitynames, such as "resident", "occupant", "owner", and to abort pre- registration of the digital mail accounts for names that would be not unique enough to expect registration. The disallowed entityname heuristics also include checks in a dictionary for the case where all of the words in the name are common dictionary entries. For example, "Humble President" is disallowed, but "President Swanson" is allowed.
Figure 12 shows the flowchart of possible conditions and courses of action for potential user-initiated account pre-registration. First, the postal address 660 is checked 661 for a match in the digital mail account database 115 to determine whether it has already been registered. If there is no match, the new, valid, E/PA is added 666 into the database 115 as a new, activated, unique identifier therein. An account is established, an account number allocated, and the unique identifier, along with the underlying name and postal address information, are associated with the digital mailbox. The digital mail PostOffice may, at its discretion and through additional heuristics, choose to place further restrictions on this method. For example, an additional step can be to check whether the new E/PA exists in some larger set of postal address databases obtained from outside the digital PostOffice system (such as mailing lists from advertisers or catalog companies) and only allow free pre-registration of names found to exist in such mailing lists. If a user requests pre-registration of an E/PA that appears not to
exist in any mailing lists accessible to the digital PostOffice, then such pre-registration could be enacted only if the user agrees to pay a fee.
If the postal address 660 matches one in the digital PostOffice database 115, then the entityname is checked 662 for matches to the entityname(s) already registered at the address. If the address matched but the entityname has no match to the existing names known at that postal address, then there is a "conflict" indicating a user may be trying to activate an account at the same postal address as has already been activated using a different name. However, it may also be valid that multiple individuals with unrelated names may share the same postal address (for example, roommates). Accordingly, the action taken is both to proceed with adding 666 the new request as a new activated unique identifier, but also to send 670 Dmail (an electronic communication within the system 100) to the digital mailbox for the preexisting unique identifier. This informs the recipient for that unique identifier of the new pre- registration under another name, and gives them instructions that if they believe 671 the new pre-registration is incorrect that they can simply reply to the message (or click on a hyperlink), to direct the Digital Mail PostOffice 107 to deactivate 673 the newer unique identifier, or possibly this will require a specific telephone call to a Digital Mail PostOffice customer service human operator for additional verification When such a request for de-registration is received by the Digital Mail PostOffice, all mail held under the new digital mailbox being deactivated is forwarded 672 to the pre-existing unique identifier's digital mailbox. Another possibility is that the postal address matches one in the existing database, and the entityname has a weak match to one of the existing names already known at that postal address. A weak match is defined by heuristics including the mapping of nicknames and partial names ("Richard" weak matches to "Dick", "Mr." weak matches to "Dr.", "Mr. Brown" weak matches to just "Brown", "Joe Brown" weak matches to just "Brown", etc.). In this case, the entityname specified by the user requesting pre-registration of the account is used to update 665 the entityname in the database 115 for that unique identifier and account, and a Dmail message is sent to notify and confirm that the name change is intended.
If the postal address matches one in the database 115, and the entityname has a strong exact match to one of the existing names known at that postal address, then there is no need for creation of a new Digital Mail Account, and like the other cases, the account is just enabled for registration. In this case, and the other cases 665 and 666 that completed pre-registration, registration is then enabled. If the user does not yet have 667 a passcode or quickcode, then this is the point in the flow that triggers the digital PostOffice to print a mail piece addressed to
the user's postal address and containing a passcode, and to queue its delivery 622 using physical delivery. The user will receive the printed mail piece with passcode, and then provide the passcode, along with identifying information back to the digital post office, thereby authenticating the user at the postal address. B. Sender based pre-registration of the unique identifier for an intended recipient
In the second pre-registration method, shown in the overview Figure 9 and the more detailed flowchart Figure 13, a user 131/620 composes and sends a message to a potentially new recipient. The composition of the message includes the specification of the postal address either in the fields of the PostOffice client 104,105 software's web forms, or as text at the head of an email message that is parsed by servers 204 or 304, or through the use of digital mail merge client 105. For example, a message could be sent to digital postmaster (using email address postmaster@postoffice.com (or other pre-established domain) similar to:
FROM: ioe@anywhere.com TO: postmaster@postoffice.com SUBJECT: Business
To:
Bill Bones
123 Main St.
Anytown, CA, 92342, USA
Call me to discuss our plans our new dotcom venture. Joe.
As described below in the section on the "Validation of a Postal Address", the server
122/132 does a preliminary check 612 on the E/PA (e.g., the combination of "Bill Bones" and his postal address) to determine whether all appropriate fields have been entered, or whether certain information is incomplete or not in appropriate form. If such check turns up errors, the "Address Correction Wizard" is invoked and either a new form page is created with the fields and data entered by the user, indicating which fields are incorrect and which need to be updated correctly, or if the incoming message was an email message 204/304, then the Address Correction Wizard generates a reply email message containing this same information.
Continuing in the overview, once the recipient's address is validated, the digital mail account is pre-registered 613 if needed, and print mail 614 is potentially generated and sent to recipient 615. After the recipient receives the physical mail, they may choose to access the digital Mail PostOffice and to use the quickcode on the physical mail to register 616 their account. Users are motivated to register their account both so that they can send authenticated 617 digital mail 616 to other recipients 619, or to respond to one of the marketing programs, such as an offer to have the digital PostOffice send free greeting cards to this 611 sender's list of recipients.
Figure 13 shows the more detailed flowchart of possible conditions and courses of action for potential sender-initiated account pre-registration. If the postal address 660 has no match in the PostOffice database, then the entityname 663 is compared 664 against list of known "disallowed" entitynames, such as "resident", "occupant", "owner". If the entityname does match one of the "disallowed" names, then the message is discarded, because sending it would lead to too much junk mail. If the postal address has no match in the PostOffice database, and the entityname is not one of the "disallowed" names, then in this case, the new, valid, E/PA is added 666 into the Digital PostOffice database as a new, activated, unique identifier, and the message is sent 680 as Dmail to the new unique identifier.
If the postal address matches 661 one already existing in the database, and the entityname matches 664 one of the entitynames on a list of known "disallowed" entitynames, such as "resident", "occupant", "owner", then in this case, there is not a creation of a new Digital Mail Account, but instead the Dmail message is sent 676 to all of the unique identifiers that have the postal address. From the point of view of a sender, Digital Mail has the advantage that their message gets automatically replicated and sent to all individuals with previously activated accounts at a household.
If the postal address matches 661 one in the existing database, and the entityname is not on the disallowed list, then the entityname is compared 675 with the entityname(s) already registered at the address. If there is no match to any the existing names known at that postal address, then there is a potential "conflict" indicating a user may be trying to activate an account at the same postal address as has already been activated using a different name. But since it may also be valid that multiple individuals with unrelated names may share the same postal address (for example, roommates), the action taken is to both to proceed with adding 666 the new request as a new activated unique identifier, and also to send 670 Dmail to the
pre-existing unique identifier, informing them of the new account pre-registration. This mail sent to the other names, already registered in combination with the postal address, gives them instructions that if they believe 671 the new pre-registration is incorrect that they can simply reply to the message (or click on a hyperlink), to direct the Digital Mail PostOffice to deactivate 673 the newer unique identifier's account. When such a request for de-pre- registration is received by the Digital Mail PostOffice, all mail held under the account being de-activated is forwarded 672 to the pre-existing unique identifier's digital mailbox account.
An example of this flow is, if someone sends a message to "Sally Brown" at "123 Main St. Anytown, Big City, CA, USA," and the only pre-existing name at that postal address is "Jane Brown", at first a new account is created for "Sally Brown", in case she really is a distinct person desiring a new digital mail account. But, if Jane replies to the Digital Mail PostOffice 107 that a sender just got her name wrong, then the account for "Sally Brown" gets deactivated, and the message that had been sent to "Sally Brown" gets forwarded to Jane so that it isn't lost. If the postal address matches 661 one in the database, and when the entityname is checked 675 against the names already registered at that address, either a weak or strong match is found, then there is no need creation of a new Digital Mail Account, and the Dmail message will be sent 680 to the pre-existing unique identifier's account. However, there are also further checks done to decide whether to additional print the message, along with a passcode) and queue the message for physical delivery 679. If the recipient is already authenticated and registered 677, then there is no need for physical delivery because the recipient will be able to read the digital Mail 680 sent electronically. If the recipient is not yet registered, then the authentication of the sender is checked 678. If the sender is also not yet registered and authenticated, then there is print version generated, to cut down on junk mail and misuse of the digital Mail PostOffice for generating paper spam. However, if the recipient is not yet registered, but the sender is authenticated 678, then there print version is generated 679 and delivered to notify the recipient that there is digital Mail 680 available.
The following discussion describes the software and hardware flows used to implement the above actions in sender-based pre-registration. In either case of a Dmail client 104 or a Dmail merge client 105, one of the interface systems 107 is allocated to run the Dmail server 124 or Dmail merge server 125 corresponding to such client, with communication between the server software accomplished over the network connection 106. 1. Dmail client
In the preferred embodiment, an E/PA and the designated message is transferred from the Dmail client 104 to the Dmail server 124. The Dmail client 124 does a preliminary check on the E/PA that was entered prior to passing it to the Dmail server 124 to determine whether all appropriate fields exist, or whether certain information is incomplete or not in appropriate form. If such check turns up errors, an error for such specific E/PA is displayed.
With the completion of a preliminary check, the E/PA and designated data entered by userA 131 is transferred by the Dmail client 104 to the Dmail server 124 over the network connection 106. The Dmail server sends a request over the network connection 108 to the digital mail directories systems 110. The request passes the E/PA to the digital mail directory systems to determine whether it corresponds to an existing unique identifier and to request an allocation of a new entry for a unique identifier if the corresponding unique identifier does not exist and is valid. The validity check proceeds as was previously described, with such procedures for unique identifier checks passing back to the calling routine either the existing unique identifier or a null result, and a tag indicating whether the postal address was invalid, the E/PA strongly matched against a unique identifier or the E/PA weakly matched against a unique identifier.
In the case of an invalid postal address, the Dmail server 124 passes on an error message to the Dmail client 104 which then indicates such error result with respect to the postal address portion of the E/PA, and the transaction ends. In the case of a strong match the Dmail server 124 passes the corresponding unique identifier designator plus the data to be stored to one of the exchanger systems 109 which instance software for the allocation of the data to the referenced unique identifier in the mass storage device 114.
In the case of a weak match, the Dmail server 124 passes back a check request to the Dmail client 104 for a request to userA as to whether the weakly matched unique identifier is the one that was supposed to be represented by the E/PA (i.e., in a situation that userA sends data to a partial address or leaves off an apartment number but still intended the recipient that was weakly found to correspond to the E/PA passed).
If the response from userA through the Dmail client 104 is a negative response, the transaction proceeds as indicated in the next paragraph. If the response from userA through the Dmail client 104 is an affirmative flag, the corresponding unique identifier for the weak match, plus the data to be stored, is passed over the network connection 108 to one of the
exchanger systems 109 which instance software for the allocation of the data to the referenced unique identifier.
In the case of a weak match where the matched unique identifier is not the unique identifier intended by userA, or where a unique identifier does not exist for the valid E/PA form, a request is sent from the Dmail server 124 to the mail directory systems 110, one of such systems running software which allocates a new entry in the mass storage device 115 corresponding to the normalized postal address plus entityname and other ancillary data, such data together being the unique identifier. Thus, the system creates a new digital mailbox, assigns the new unique identifier from the E/PA to this mailbox, and stores the message such in storage so that it can be accessed by the recipient from the digital mailbox.
Concurrent with the allocation of the new unique identifier in the mass storage device 115, the software running on the mail directory system 110 generates a unique pass-code, such pass-code to be used by the recipient to authenticate and bind such new unique identifier to the recipient's digital mailbox account at a later time. The pass-code is forwarded along with the unique identifier on the network connection 108 to the print system 111, the print system being able to accept such pass-code and unique identifier, and create a physical postal notice card for transmission in a postal handling service 118 to the postal address portion of the unique identifier to the individual named by that portion of the unique identifier, that is, the recipient identified by the sender. The use of such postal card is described in detail in the authentication section below.
After allocation of the unique identifier by the mail system 110, the unique identifier is returned to the Dmail server 124, which then passes the corresponding unique identifier designator plus the data to be stored to one of the exchanger systems 109 which instance software for the allocation of the data to the referenced unique identifier in the mass storage device 114. This unique identifier does not correspond yet to an account and thus though there is storage of data accessed by use of such unique identifier, no account can at that moment access such referenced data. 2. Dmail merge client
In the preferred embodiment, a list of E/PAs and the designated data is transferred from the Dmail merge client 105 to the Dmail merge server 125. The Dmail merge client 105 does a preliminary check on each E/PA in the list prior to passing such list to the Dmail merge server 125 to determine whether all appropriate fields exist for each E/PA, or whether certain
information is incomplete or not in appropriate form. If such check turns up errors, an error for such specific E/PA is registered such that a user can take care of updating the erroneous E/PA.
With the completion of a preliminary check, the Dmail merge client transfers both the E/PA list and the data to be sent to each E/PA to the Dmail merge server 125 over the network connection 106. The Dmail merge server then begins an iterative loop through each E/PA in the list, and proceeds with the following steps below:
1. The server sends a request over the network connection 108 to the digital mail directories systems 110. The request passes the E/PA to the digital mail directory systems to determine by software running on such systems whether it corresponds to an existing unique identifier, and to request an allocation of a new entry for a unique identifier if the corresponding unique identifier does not exist and is valid. The validity check proceeds as was previously described, with such procedures for unique identifier checks passing back to the calling routine either the existing unique identifier or a null result, and a tag indicating whether the postal address was invalid, the E/PA strongly matched against a unique identifier or the E/PA weakly matched against a unique identifier.
2. In the case of an invalid postal address, the Dmail merge server 125 passes on an error message to the Dmail merge client 104 which then indicates such error result with respect to the postal address portion of the specific E/PA, and the iteration for the specific E/PA ends.
In the case of a strong match the Dmail merge server 125 passes the corresponding unique identifier designator plus the data to be stored to one of the exchanger systems 109 which instances software for the allocation of the data to the referenced unique identifier in the mass storage device 114. In the case of a weak match, the Dmail merge server 125 passes back a check request to the Dmail merge client 105 for a request to userA as to whether the weakly matched unique identifier is the one that was supposed to be represented by the E/PA (i.e. in a situation that userA sends data to a partial address or leaves off an apartment number but still intended the recipient that was weakly found to correspond to the E/PA passed). The Dmail merge client 105 can be set to automatically: (i) indicate the weak form should be accepted for transmission of the data, (ii) indicate the weak form should not be accepted and thus a new unique identifier activated, or (iii) indicate no data should be sent based on the E/PA and send feedback to alert userA as to the invalidity of such E/PA. If response (iii), the iteration
completes. If response (ii), the transaction proceeds as indicated in the next paragraph. If response (i), the corresponding unique identifier for the weak match, plus the data to be stored, is passed over the network connection 108 to one of the exchanger systems 109 which instance software for the allocation of the data to the referenced unique identifier. In the case of a weak match where the matched unique identifier is not the unique identifier intended, or where a unique identifier does not exist for the valid E/PA form, a request is sent from the Dmail merge server 125 to the mail directory systems 110, one of such systems running software which allocates a new entry in the mass storage device 115 corresponding to the normalized postal address plus entityname and other ancillary data, such data together being the unique identifier.
Concurrent with the pre-registration of the new unique identifier, the software running on the mail directory system 110 generates a unique pass-code, to be used by a recipient to authenticate and register a new Dmail account. Sender userA can set certain parameters in for the Dmail merge client 105 such that the pass-code can be (1) forwarded to a printing system for transmission in a postal handling service to postal address and entityname indicated by the unique identifier, (2) returned to the digital mail merge client for storage in the list for use by userA in presenting such pass-code to the intended recipient through other paper means, such as the sender's own mass mailings.
Registration of a Digital Mail Account
Registration authenticates a Digital Mail Account by proving that a user really can receive physical mail using the given E/PA, which is the combination of its entityname and postal address. When a Digital Mailbox Account is activated by direct action of the user, following one of the flows in the previous section listed under "User (recipient) direct pre- registration of a Digital Mail Account", the user must select which of the registration methods in this section is desired. When a Digital Mailbox Account is pre-registered by a different user sending Dmail, which results in the creation of a new unique identifier, following one of the flows in the previous section listed under "Sender-based pre-registration of the unique identifier for an intended recipient", the first process below, the "Postal notification flow" is automatically triggered if the sender has completed his authentication. Additionally, the postal notification flow may also be triggered even if the senders are anonymous or unauthenticated if the Digital Mail PostOffice determines there is over a certain threshold number of messages already sent to a particular unique identifier, strongly suggesting that the unique identifier is
valid. The Postal Notification flow instructs the Digital Mail Print Servers 108 to print physical mail 622 that gets delivered to an user using a Physical Delivery service, and upon receipt the user then can access 629 the Digital Mail Network online.
In either case (of registration happening at the same time as pre-registration, or after Physical Notification), the user begins by using their computer and web-browser interface 102 to access the Digital Mail Network 107. The request for registration is transferred across the network 106 from the web browser client 102, and the web server 122 transmits back to the web browser client 102 an html page fields for the entering of an actual entityname for the user, a field for the entering of a unique account name, and the selection of an account-access password. Once the user enters the information in such fields for transfer back to the web server 122, the web server 122 passes such information through the web interface server 142 for lookup by software instanced on one of the digital mail directories 110 which determine whether such account name is unique or already exists.
In the preferred embodiment, once the software running on the directory systems 110 determines the unique nature and allocates on the mass storage device 115 an entry for the newly registered account, a separate software procedure on the directory system 110 is instanced for the creation and allocation on the mass storage system 115 of a unique account identifier called the digital post office box number. In one embodiment, as mentioned above, the account number is 16 digits. Such digital post office box number has the same characteristics as a post office box number used by postal handling services such as the U.S. Postal Service. The account number is bound to the newly created digital mailbox account, such that the digital post office box number provides an alternate mechanism for entering into the database system or for users inside or outside the system to send authenticated or unauthenticated data transmissions to the user. Such digital post office box number is passed along with the acknowledgment of the new account creation to the web server 122 for the creation of dynamic code translated into the acceptance display page on the web browser client 102 to the end user.
Each registration authentication process, when completed, allows the user to proceed to send and, if not already activated, receive postal addressed data, with transmissions tagged with the specific type of authentication that has been used (thus allowing the receiver of such data to know the level of authentication for the sending user). In fact, as is indicated later on, such tags can be used for filtering of the different types of transmissions received by a user in the database system.
In the preferred method for authentication, userA 131 accessing the database system on a client system 101 running a web browser client 102 is given an option to authenticate a unique identifier. Such option is presented on a display page transferred from a web server 122 activated for such client session. Selection of the authentication option transmits a request to the web server 122 over network connection 106 and data representing the list of authentication options is returned over network connection 106 for display by the web browser client 102. Such options include the three preferred options of 1) postal notice authorization, 2) quick-code authorization, and 3) credit card authorization, as well as other methods of sub- authentication or weak authentication, all of which seek to inherit the proof that physical delivery to the unique identifier(s) bound to the Digital Mail Account reach the same user as has registered the account. A. Postal notification flow
When a user requests postal notification authorization through the web browser client 102, the web server 122 provides a passcode verification form for display by the web browser client 102 to userA 131. The user enters the pass-code that has been previously sent on the postal notification card sent through the postal handling service to userA. The postal notification card is initially sent due to pre-registration of a unique identifier as previously described. userA 131 enters a pass-code off of such postal notification card, which is then transmitted from the web browser client 102 to the web server 102. The web server passes the pass-code through the web interface server 142 to the mail directory system 110.
The mail directory system 110 attempts to correlate the passcode with a unique identifier stored previously allocated. If a match occurs, the unique identifier is returned by the mail directory system 110 through the web server interface 142 to the web server 122. The web server 122 serves a confirmation page containing the unique identifier to the web browser client 102. The confirmation page asks the user to confirm that the unique identifier and its name and postal address is to be bound to the digital mailbox of userA 131. If userA 131 confirms the unique identifier, web server 122 passes the unique identifier, the account data and a tag indicating authentication via postal notification through web interface server 142 to the mail directory system 110. The mail directory system 115 binds the unique identifier to the given account and authenticates the unique identifier such that transmissions may be sent using such unique identifier. A confirmation tag is passed back from the mail directory system
115 to the web server 122 which is then displayed to userA 131 through the web browser client 102 to confirm completion of the authentication for the given unique identifier.
Thus, this process authenticates the recipient because it relies on the accuracy of the postal database to ensure that the recipient is the person to receives the code, and hence when the code is given back, and it is known that the recipient is indeed the person who is listed in the postal databases. B. Quickcode flow
Another authorization method is by "piggybacking" a printed code on some other piece of mail 635 that the recipient would be receiving anyway. This method is typically used where the digital Mail PostOffice has entered into business agreements with senders of merchandise catalogs, other mass mailings, or specifically with bill sending agencies such as credit card issuers. On any of these types of mailings, a pass code, as above may be printed, along with instructions to the recipient as to how the register. In this particular case the passcode is called a "quickcode" to reinforce the concept that it enables instant registration. This is in contrast to "Postal Notification flow" above, where a user needed to first pre-register, and then wait to receive physical delivery of a passcode. With the quickcode flow, there is no initial transmission of a electronic communication from some sender to the recipient. Instead, the recipient can activate their digital mailbox account directly as a result of receiving the mass massing, but in doing so automatically authenticates their identity. This automatic self- identification feature is not currently done with conventional mass mailing "free signups" such as America Online 's method of sending out offers for free limited time service on their network.
When a user requests quick-code 635 authentication through the web browser client 102, the web server 122 creates data representing a form for display in the web browser client 102 for userA 131 to enter the quick-code that has been previously sent on any of a number of different types of mailings through the postal handling system from a user which has used the digital mail merge method for sending data and activating accounts.
As one example, a catalog company may use the digital mail merge method to its catalog to a large mailing list of its customers, perhaps hundreds of thousands of recipients. Each recipient has been assigned a unique passcode; in the database 115 one or more unique identifiers have been previously allocated for each of these recipients (based on their names and postal addresses) and stored along with their passcodes. The passcode is printed
somewhere on the catalog, preferably with instructions for its use, including a URL to a web site hosted by the system 107.
Assume that userA 131 is the recipient of mailing such as this one (which need not even be a mass mailing). The user accesses the system 107, and enters the pass-code off of such mailing, which is then transmitted through the web browser client 102 to the web server 102. The web server passes such pass-code through the web interface server 142 to the mail directory system 110 which attempts to correlate such pass-code with a unique identifier stored in database 115If a match occurs, the unique identifier is returned by the mail directory system 110 through the web server interface 142 to the web server 122. The web server 122 creates data for display through the web browser client 102 representing a query for confirmation that the given unique identifier is to be bound to the account of userA 131. If userA 131 affirmatively indicates acceptance of the unique identifier, web server 122 passes the unique identifier, the account data and a tag indicating authentication via quick-code through web interface server 142 to the mail directory system 110. The mail directory system 115 binds the unique identifier to the given account and authenticates the unique identifier such that transmissions may be sent using such unique identifier. A confirmation tag is passed back from the mail directory system 115 to the web server 122 which is then displayed to userA 131 through the web browser client 102 to confirm completion of the authentication for the given unique identifier. In an alternative to the preferred method for generation and use of quick-codes, an option in the digital mail merge software used over the direct mail merge client 105 allows for E/PA lists to be sent in along with a specific quick-code for each E/PA entry already designated by the mail merge user. Such quick-code can be a catalog user number that is previously generated by the cataloger, or such other number as may already be used by direct mail companies or bill presentment companies (e.g. user's account number with a store, utility, financial institution, etc.) or any other similar type of user which may have their own set of codes to use for authentication of unique identifiers activated in the system. In the preferred style, the quick-code would be a special designator previously established for the direct mail or similar user, such that quick-codes passed in by such user would be unique from all other quick-codes generated either internally to the database system or externally by other entities using such method on the direct mail merge client 105. In the case of generation of quick- codes by the direct mail merge client 105, such information is passed along with the E/PA to the direct mail server 125 which passes the final unique identifier as previously described for
storage in the database system along with the quick-code to be stored along with such unique identifier. Note that such method is different from the normal scenario where a pass-code would be generated for such passed unique identifier and then returned through the direct mail server 124 to the direct mail client 104 for use by the user of such client in future mailings to the user corresponding to the E/PA. C. Credit Card flow 634
The credit card flow has the same objective as the passcode and quickcode flows, namely, verifying that a user is able to receive physical mail addressed using a particular E/PA, thus proving the user's identity and his "right" to register that E/PA. The difference is that the credit card flow, and all the other subsequent methods that rely on other trusted databases, are seeking to verify that the user previously received some piece of mail (such as a credit-card bill, utility bill, etc.) addressed to the E/PA, instead of a mail piece newly generated by the digital PostOffice.
When a user chooses 633 credit card authorization through the web browser client 102, the web server 122 queries through the web interface server 142 for unauthenticated unique identifiers currently bound to the account through which the user is accessing the system 107. The request forwarded across the network connection 108 to the digital mail directory system 110 results in a return to the web interface server 142 of a list of unauthenticated unique identifiers. Such list is forwarded to the web server 122 which in turn creates data representing the list of such unauthenticated unique identifiers currently bound to the account, with a form to allow for the tagging of one or more the such unique identifiers. The data created by the web server 122 also includes form locations for the entering of credit card information along with such additional necessary data as is used for validation of the credit card for such transaction. Such data is forwarded for display through the web browser client 102 to userA 131.
UserA 131 selects one or more of the unique identifiers displayed, along with selecting and entering information pertaining to one or more enabled credit cards in the system, and transmits such data through the web browser client 102 to the web server 122.
For each unique identifier selected by userA 131, the web server starts a separate procedure to check the unique identifier for correspondence with information to be returned from a valid credit card check. Credit card information is forwarded over the web interface server 142 through network connection 108 to a portal allowing access to the specific credit
card database indicated. Data returned from the portal to the web interface server is passed to the web server procedure, such data indicating whether the credit card is valid, whether confirmation data forwarded along with the credit card number indicates userA 131 is the valid holder of such credit card, along with postal address and name information to use for authenticating the unique identifiers selected. If the credit card is indicated as invalid, the web server sends a page to the web browser client 102 indicating the invalidity of the credit card. If a valid credit card, the information concerning the postal address on the card is sent through a procedural correction which makes use of part of the match mechanism for unique identifiers, thus creating a normalized postal address. The name and normalized postal address are then compared against the unique identifier and if a match occurs, such unique identifier is transmitted along with a tag indicating authentication of such unique identifier through the web server interface 142 on network connection 108 to the mail directory system 110 where the unique identifier is tagged as authenticated via credit card (note there is no need to bind such unique identifier to the account since such binding already has previously occurred). In one variation of the preferred embodiment, the check routine used by the web server
122 to match the credit card name and address against each unique identifier uses a weak method which allows, as an example, for the unique identifier representing "John D. Smith" and "John Smith" to match against a credit card name "John D. Smith" thus authenticating both such unique identifiers if the postal address portion of such unique identifier matches. Other variations of the weaker matching form may be implemented to allow a credit card to be used for matching against unique identifiers that do not perfectly match against the credit card information returned. D. Sub-authentication 640 of telephone number
In addition to the primary authentication of the E/PA, each digital mail account may optionally have an authenticated telephone number. This telephone number may be used both as a method of addressing by another sender, and as an additional piece of authenticated data that a digital mailbox account owner can supply. Telephone numbers are authenticated by the following process:
In setting up a Dmail account, a user choosing to authenticate their telephone number will supply it to the Dmail server.
The user is asked to call a specific telephone number (e.g. a toll free number) from the telephone number they want to authenticate and to key in their 16-digital mailbox account number via the touchtone pad.
The Dmail server uses CallerlD (more generally ANI, automatic number identification) to verify that the telephone number used to make the call matches the one requested for authentication.
The Dmail server marks the Dmail Directory database to verify that the telephone number has been authenticated to be accessible to the user.
E. Sub-authentication 642 of email address
In addition to the primary authentication of the E/PA, each digital mail account may optionally have one or more authenticated email addresses. The email address may be used both as a method of addressing by another sender, and as an additional piece of authenticated data that a Dmail account owner can supply. An email address is authenticated by the following process: In setting up a digital mailbox account, a user choosing to authenticate their email address will supply it to the Dmail server. The server provides a code to the user.
The user is sent a message to the email address they provided; the message is sent containing a containing a second code.
The user sends email containing the first code, as well as a copy of the email message that contained the second code. This verifies both that the user received the email containing the second code, and that they personally added the first code received from the server. Note that merely looking for an email response alone might be insufficient because automatic email reflection (including email mailer delivery errors) might include a copy of the sent email and would not coπectly indicate that the user had actually received and acted on the email. The Dmail server marks the Dmail Directory database to verify that the email address has been authenticated to be accessible for both receiving and sending to the user.
F. Public trusted databases
Although the methods described above are the main methods of authentication, other methods can be implemented based upon access portals to other databases with trusted information about entities at specific addresses. Such trusted information could come from Department of Motor Vehicle records, Voter Registration records, utility company records, Telephone company records, Phonebook (Yellowpages or Whitepages) databases, or other
databases that have at some recent time validated the use of a particular physical address by a user. Such alternate databases can be interfaced to the system similar to the credit card databases, such that a similar approach to the credit card method describe above can be expanded to allow for authentication through alternate routes. G. Alternate authentication methods or combinations
The important aspect of authentication is the proof that a user really lives or does business at a particular physical address. But other authentication methods may be used as weaker forms of authentication, particularly if they are viewed as being only temporary, such as while waiting for a stronger form of authentication. For example, the method of using Public Trusted Databases authenticates only as well as the level of trust associated with each database, and therefore these weaker methods are not as useful for solid permanent authentication.
However, a combination of several weak authentication sources could be combined to be considered as strong enough proof to merit permanent authentication. For example, any combination of three weak-authentication database sources could be judged as equivalent to regular postal notification authentication.
Another part of the Authentication flow is defense from user attempts to abuse or defraud. The Digital Mail PostOffice must take all precautions to prevent fraud and misuse of the Digital Mail Network. A specific method to avoid attacks is to examine the hardware GUID (Global Unique ID) of incoming requests for new Digital Mail Account creations. The GUID uniquely defines the Ethernet interface board of the computer hardware being used by a user. Policies in the Digital PostOffice software prohibit registering more than a set threshold of Digital Mail Accounts from a specific GUID, even if the user "claims" to be providing a different unique identifier for each one. Note that this prohibition is against "registering" as a recipient. It is permissible and expected that a user may send mail to many other destinations, and that the sending of such Dmail may cause accounts to be pre-registered. But, what is suspicious is when a user claims to be Registering as a digital mail account owner, and then tries repeatedly to register other physical addresses from the same computer. Such use will be disallowed in general, although exceptions to this policy would be made for business addresses where it would make sense that many similar physical postal addresses (for example, differing only by a mailstop number) would be registered using the same computer.
Validation and correction of a Postal Address
Validation of a postal address is a step in both the processes of Pre-registration and Registration, as well as in the sending of every Dmail message. Further combinations and checking of the entityname are handled separately in the sections on Pre-registration and Registration. In the preferred embodiment, sending and receiving authenticated transmissions relies on using a postal address with an entityname in such a combination as to create a unique identifier for the individual being addressed, unique identifiers are simply that combination of a valid postal address and entityname plus such other information that distinguishes one person at an address from another, if needed due to there being multiple similar names at the same address. Thus, for "John Smith" who lives at "380 West 80111 Street, New York, New York 10000," the unique identifier may simply be the combination of John Smith and his address. However, in other cases, more information, such as apartment number, middle initial, etc., may be necessary to distinguish the one John Smith from another who lives at the same address. Of necessity, the algorithms that need to be capable of handling world- wide postal addresses are heuristic in nature.
A pivotal check to the implementation of a postal address based scheme, and a core competency of the Digital Mail Network, is the ability to correct and ensure the usability of an address. When a E/PA is received, the postal address portion is first passed over the network connection 108 to one of the digital address correction servers 150 running software that accepts a postal address in a raw form (i.e. with the single actual address being potentially referenced through a variety of different styles including abbreviations for street names or endings such as "blvd." versus "boulevard", etc.), and attempts to normalize the postal address to the canonic form used in the address existence databases used and published by the USPS and other national postal services worldwide. That is, "353 W. 56th Street" and "353 West 56th St." as string inputs to the normalizing software generate an identical output postal address. Heuristics are best for the united States, but also handle languages and street address forms used throughout the world For example, in Japan, the address forms "3-7-5" and "7-5, 3- chome" are also considered identical and normalized to a single form.
Output from the digital address correction servers 150 is either a string representing the normalized postal address, or if no such postal address form can be resolved, a null string. In either case, the output string is passed back to the digital mail directory server 110.
In the case of an invalid postal address or any other correctness failure of the E/PA, the pre-registration or registration of a new unique identifier is aborted, and the user is sent a
diagnostic reply. This includes the invoking of a software process called the "Address Correction Wizard" which makes suggestions to the user as to potentially what changes would result in a correct and unique E/PA. For example, if a user had specified a street address as "Park Blvd", and the public ZIP databases show that in that particular town there was no "Park Blvd" but there was a "Park Street" and a "Park Avenue", the Address Correction Wizard displays to the user the explanation and the potential choices that he could make in a re- submission.
The Address Coπection Wizard is invoked immediately when using the preferred Digital Mail client-server interfaces. In the case of Dmail that arrives in an email message, then Address Correction Wizard composes a response that is sent as a reply email, and in addition to the textual diagnostic information indicating any errors or difficulties in normalizing the address, the email contains a hyperlink so that if the original sender so chooses, he can invoke a browser and follow the link to the Address Correction Wizard page of the preferred Dmail interface, which will be particularly useful if more than one address correction attempt ensues. This enables the user to immediately benefit from the features of the ACW.
A. Heuristics used to match with already known addresses.
If the Postal Address submitted has a partial match to an address already in the Digital PostOffice database, but is lacking enough information to make it distinct, then the Address Correction Wizard displays to the user the explanation and the potential choices that he could make in a re-submission
B. Heuristics for fraud avoidance by checking for adherence to reasonable limits on the maximum number of names at each address, and reasonable limits on the density of addresses on a street.
It is possible that more than one user may reside at the same physical postal address, and that is why the digital PostOffice has the concept of unique identifiers, and policies to alert other users at an address when an attempt is made to register an additional entityname at the same address. However, the digital PostOffice can also implement policies that just prohibits registration of more than a set number of entitynames that is reasonable for the same physical postal address. For example, while it may be true and reasonable that a family of 8 people
(including children) live at a house in a residential neighborhood, it is an indication of fraud if
80 people attempt to register all using the same residential postal address, with no other distinguishing information such as an apartment number.
Likewise, the database of potentially valid addresses from the postal services specifies street number ranges that are valid. For example, on "Lucca Place" in San Jose, valid numbers range from 1500 to 1800. But it is rarely true that every number in that range actually exists, because that would imply 300 houses packed into a street lA mile long. The digital PostOffice may choose to implement policies that detect when there appears to be an attack on the system by the registration of more street numbers than is possible for the type of neighborhood (i.e. residential street). C. Heuristics for triggering prompting for more specific identifiers, such as apartment numbers or business mailstop numbers
For example, if the input address is "353 W. 56th Street" but there already exists an entry for "353 W. 56111 Street, Apt #3", then the user is instructed to specify the missing distinguishing information, in this example, the apartment number. For businesses, if there is already one user who has registered at "1 AMD Place, Mailstop 162", then a new user attempting to register the address "1 AMD Place" will be prompted by the ACW to supply a Mailstop number as well.
Dmail Category Definitions and Presentation
Another aspect of the invention are the features available in the embodiments enabling the reading of Dmail. The preferred embodiment is in a web-browser interface, although much of the functionality will also be duplicated in conventional email readers, as addressed in subsequent paragraphs below. In the preferred web-browser interface Dmail is presented in categories which are determinable based on the class of the unique identifier of the sender, and encoded header information contained in the message as received from the Dmail Network. The header includes a digital certificate that validates through the digital Mail
Network's trust authority hierarchy that the message is authentically received from the Digital Mail PostOffice, and that the category information has not been tampered with. The categories include:
• Buddy Instant Digital Mail • Transient messages indicating each buddy that is presently accessing the Digital
Mail Network
• Replies to outwardly sent transient buddy messages
Personal
Authenticated senders
Unauthenticated Dmail senders (but not including Email which is sorted separately below)
Anonymous senders
Priority (business sender paid for premium delivery categorization) Business Class
Business Financial Class (bills)
Business First class (including responses to Dmail requests) • Business Standard class
Business Non-Profit class Consumer class Catalog class Entertainment class • Other consumer marketing mail
Email class
Email aliased by the Digital Mail PostOffice
Email addressed to mail to : username@xxxxx. com , where xxxx is a pre-selected domain • Email received from POP servers outside the Digital Mail Network
The web-browser window has distinctive regions for each category which each displays a separator indicating the start of the category. Optionally, each category may have its own separate scrollbar to select which of the message headers to display within each category, or the categories can just show the top of the list if there are more messages than fit and there is no scrollbar enabled.
The messages within each category are separately sorted, by the usual set of possible criteria (date/time-received, message size, alphabetically by subject, etc.), or by the criteria of the addressing mode used by the sender. It is possible by menu selection to adjust the total number of messages accessible via the scrollbar in each category to include: • Just messages that have been newly received since the last time the mail reader was exited.
• Just messages received in the most recent N days.
• Just messages received in the most recent N weeks.
• Just messages received in the most recent N months.
• All messages
Buddy Instant Digital Mail The "Buddy Instant Digital Mail" category is a special category, because some of the messages there may go away even if not ever read. These special messages are called "transient messages" and are generated when other senders access the Digital Mail Network and have this user listed in their "buddy lists". Likewise, during the period in which this user is accessing the Digital Mail Network, polling of the Digital Mail PostOffice is done periodically to see if any users identified in the "buddy lists" are also accessing the Digital Mail Network, and if so, each is sent a transient buddy message from this user. When a reply is made to a transient message, a special option allows the response to either automatically be deleted when either buddy stops accessing the Digital Mail Network, or to be kept until read, just like normal messages. Separation and Advertisement banners
Between each category are separation banners, which serve not only to visually distinguish the categories but are also available for advertisements. The advertisements can include either static rendered advertisements or dynamic banners that change every few seconds. In both cases, the advertisements can be optionally equipped with hyperlinks to other websites. Also, for both "static" and "dynamic" advertisements, the choice of advertisement can be made a function of statistical information stored in database 115 for each user, including preferences stated when the Digital Mail account was activated, and historical information about what advertisements have been reacted to in the past.
Furthermore, because the Postal address associated with each user gives definitive geographical information for each user, such static or dynamic advertisement banners can also be further targeted geographically to those users within a certain prefeπed area. This is a significant advantage that advertisers receive from the Digital Mail PostOffice, relative to other websites that cannot target local sales because they have no authenticated information about the actual physical location of a user. Further determinations in terms of the type of advertisements that may appear can be based upon other user preferences chosen in terms of determining the type of messages which the user decides to filter. For example, if a user sets up an account to receive certain types of messages relating to sports, banner advertisements
dealing with sports may be one set that are specifically increased in proportion for display to that user.
Flow of Dmail Through the Digital Mail Network
A. Basic flow of sending Dmail using Web-Browser
In the preferred embodiment a Dmail is generated by a user such Dmail being as a simple text message or as a more complicated message including attached documents or hyperlinks to other documents remote or locally on one of the client systems 101, such client system using software in addressable memory embodying a web-browser client architecture 102 indicated previously. Such Dmail is transmitted over the network connection 106, along with a set of at least one Entityname 131,132 and a Postal Address 130, to the interface servers 122 running interface software 142, which together appear as a single network location, one of the interface servers being selected for reception of the Dmail, and instancing software in addressable memory embodying a client server architecture 102-122 indicated previously and corresponding to the software embodying the client architecture 102 running on the client system 101.
The specific interface server 107,122 that is interfacing with the client system 101,102 over the network connection 106 sends a query via the internal network connection 108 to the directory servers 110 and passes both the Postal Address and the Entityname to such directory servers 110.
Directory servers 110 use software embodying a deterministic method to resolve the User at a Postal Address into a unique identifier, and a tag is returned along with such unique identifier on the internal network connection 108 indicating whether the unique identifier is new, already exists, or is invalid (for example, in the case the Postal Address sent is invalid). If the tag returned with the unique identifier is invalid, the Dmail is passed back over the network connection 106 to the client system 101 along with an error indicator as to the invalidity of the Postal Address and User combination.
If the tag returned with the unique identifier specifies an existing unique identifier or a new unique identifier, such unique identifier is forwarded along with the Dmail to the exchanger servers 109, with a request for storage in the database 114 allocated to an Account with the given unique identifier.
B. Basic flow of sending Dmail using E-mail Client
In the preferred embodiment a Dmail is generated by a user such Dmail being as a simple text message or as a more complicated message including attached documents or hyperlinks to other documents remote or locally on one of the client systems 101, such client system using software in addressable memory embodying a e-mail client architecture 103 indicated previously. Such Dmail is transmitted over the network connection 106, along with a set of at least one Entityname 131,132 at a Postal Address 130, to the interface servers running interface software 123,143 selected for reception of the Dmail, and instancing software in addressable memory embodying an e-mail client server architecture 103-123 indicated previously and corresponding to the software embodying the client architecture 103 running on the client system 101.
The specific interface server 107,123 that is interfacing with the client system 101,103 over the network connection 106 sends a query via the internal network connection 108 to the directory servers 110 and passes both the Postal Address and the Entityname to such directory servers 110. Directory servers 110 use software embodying a deterministic method to resolve the
User at a Postal Address into a unique identifier, and a tag is returned along with such unique identifier on the internal network connection 108 indicating whether the unique identifier is new, already exists, or is invalid (for example, in the case the Postal Address sent is invalid). If the tag returned with the unique identifier is invalid, the Dmail is passed back over the network connection 106 to the client system 101 along with an error indicator as to the invalidity of the Postal Address and User combination.
If the tag returned with the unique identifier specifies an existing unique identifier or a new unique identifier, such unique identifier is forwarded along with the Dmail to the exchanger servers 109, with a request for storage in the database 114 allocated to an Account with the given unique identifier.
C. Basic flow of Dmail using Dmail Client
In the preferred embodiment a Dmail is generated by a user such Dmail being as a simple text message or as a more complicated message including attached documents or hyperlinks to other documents remote or locally on one of the client systems 101, such client system using software in addressable memory embodying a Dmail client architecture 104 indicated previously. Such Dmail is transmitted over the network connection 106, along with a set of at least one Entityname 131,132 at a Postal Address 130, to the interface servers
running interface software 124,144 selected for reception of the Dmail, and instancing software in addressable memory embodying an Dmail client server architecture 104-124 indicated previously and corresponding to the software embodying the client architecture 104 running on the client system 101. The specific interface server 107,124 that is interfacing with the client system 101,104 over the network connection 106 sends a query via the internal network connection 108 to the directory servers 110 and passes both the Postal Address and the Entityname to such directory servers 110.
Directory servers 110 use software embodying a deterministic method to resolve the User at a Postal Address into a unique identifier, and a tag is returned along with such unique identifier on the internal network connection 108 indicating whether the unique identifier is new, already exists, or is invalid (for example, in the case the Postal Address sent is invalid). If the tag returned with the unique identifier is invalid, the Dmail is passed back over the network connection 106 to the client system 101 along with an error indicator as to the invalidity of the Postal Address and User combination.
If the tag returned with the unique identifier specifies an existing unique identifier or a new unique identifier, such unique identifier is forwarded along with the Dmail to the exchanger servers 109, with a request for storage in the database 114 allocated to an Account with the given unique identifier. D. Basic flow of Dmail using Dmail Merge Client
In the preferred embodiment a Dmail is generated by a user, such Dmail being as simple as a straight text message or more complicated including attached documents or hyperlinks to other documents remote or local, on one of the client systems 101, such client system using software in addressable memory embodying a Dmail merge client architecture 105 indicated previously.
The software in addressable memory includes a routine to cycle through a database of Entities and Postal Addresses stored on a storage system 105 accessible by the client system 101. For each pair of user and Postal Address, a Dmail plus the user and Postal Address pair is transmitted over the network connection 106 to the interface servers 125, which together appear as a single network location, one of the interface servers being selected for reception of the Dmail, and instancing software in addressable memory embodying a Dmail client server architecture.
The specific client server that is interfacing with the client system over the network connection sends a query via the internal network connection to the directory servers and passes each separately received pair of Postal Address and the Entityname to such directory servers . Directory servers use software embodying a deterministic method to resolve the user at a Postal Address into a unique identifier, and a tag is returned along with such unique identifier on the internal network connection indicating whether the unique identifier is new, already exists, or is invalid (in the case the Postal Address sent is invalid).
If the tag returned with the unique identifier is invalid, the Dmail is passed back over the network connection to the client system along with an error indicator as to the invalidity of the Postal Address and user combination.
If the tag returned with the unique identifier specifies an existing unique identifier or a new unique identifier, such unique identifier is forwarded along with the Dmail to the exchanger servers , with a request for storage in the database allocated to an Account with the given unique identifier.
E. Flow for Print Based Dmail
For certain cases Dmail is replicated in print and physical sent to the recipient. These cases including where a sender has specified (and paid for) the added feature of print delivery, a user has chosen print delivery for all received Dmail in a particular category, and the first message to an activated Dmail account that has not yet been registered. In all such cases the Dmail is transmitted over the internal network connection 108 to the print server 111, such print server containing software to transform the Dmail into a Preformat Print Dmail that is then transmitted to a mass storage device 116 on which is stored a queue and into which the Preformat Print Dmail is then stored. The print server 111 runs another piece of software that monitors the queue on the mass storage device 116 and the print system 117 attached to the print server 111 and forwards Preformat Print Dmail from the mass storage device 116 to the print system 117 when the print system 117 is ready for new data.
The print system 117 produces Print Dmail which is then forwarded to a Postal Handling Service 118 for delivery to the user at the Postal Address given.
Functions in the Dmail Sender user Interface
A. Choices of addressing Modes
The goal of the Digital Mail Network is to be able to make it easy to send messages. To facilitate this, senders are able to use a variety of methods to attempt to address Dmail:
1. Postal Address
In particular, this choice is available even prior to account pre-registration, because it will trigger the account pre-registration process by the sending of physical mail to notify a recipient of available Dmail. In the preferred use of the Digital Mail clients 102 or 104 to servers 200 or 210 interface, the sender forms have fields for the Postal Address. When using the Email client 103, the Email is parsed by Email Servers 204 or 304 to find the Postal Address information in textual form at the top of the message. Figure 11 shows an example Email message with a Postal Address. Note that the traditional email systems ignore the Postal Address and just consider it part of the message body.
2. Digital P.O. Box
This addressing mode requires that the Digital Mailbox Account already exists, and that the sender knows the number. However, it is also requires the least resources from the Digital Mail PostOffice and is therefore encouraged by the lowest price. This method has the advantage that in enables communication with the least amount of information disclosed by a potential recipient to a potential sender, just as an ordinary postal P.O. Box also provides isolation and anonymity to a receiver. This privacy is achieved without the recipient needing to take extra action to fetch mail separately (i.e. from different mailboxes) from senders that know the full identity and address of the recipient as from senders that have been given only the Digital P.O. Box Number.
3. Telephone Number
This mode only works if the intended recipient already has opened an account with a sub-authenticated telephone number. 4. Digital Mail PostOffice username
When a Digital Mail Account is created, the User may also select a "usemame" in the traditional email style (which must be unique within the domain assigned to the system 100), and receive mail addressed to this usemame@xxxxx.com, where "xxxxx" is the domain name assigned to the system 100, such as "postoffice.com", for example. 5. Digital Mail PostOffice alias name
Each sender will be able to define a set of aliases that are specific to that sender, and are stored as an "address book" for that sender, unlike other email alias methods that are only available to affect the email sent from the host where the aliases are defined, the Digital Mail PostOffice allows the alias database to be used in combination with the receipt of email from a sender's email account elsewhere. For example, a user could create an alias called "mom" that binds to another Digital Mail Account they specify (their "mom"). Then, when the Digital PostOffice receives incoming email over the external email server 133 addressed to "mom@postoffice.com", it checks the Digital Mail Account for that particular sender (looking up the digital mailbox using the sender's email address which has been previously bound), and uses that sender's address book alias for "mom" to find the Digital Mail Box the mail should get sent to. The combination of an alias with the email address of a sender allows each sender to remotely utilize their own private aliases.
6. Ordinary Email Address
This mode only works if the intended recipient already has opened an account with a sub-authenticated email address or addresses. It is enabled by the use of the form mailto:name%otherhost@host.com which all standard email protocols will send to host.com for delivery, even when otherhost is itself a valid internet hostname.
7. Entityname (and location), even when potentially ambiguous
It is also possible to address Dmail just using an entityname without a valid Postal Address, or to combine it with partial address information, such as "John. Smith. San
Francisco.Califomia". With this method, the Digital Mail PostOffice attempts "best effort" delivery by seeking to find the closest matching set of unique identifiers. At the time of sending, the sender can choose whether the message should be:
• Delivered only if a single recipient matches the address. • Queued to be manually examined by a person ("the digital postman" that may be able to make a more effective judgement for best effort delivery. This choice is available only with the payment of an additional fee.
• Sent to multiple potential recipients where the number of ambiguous recipients is limited to a small number by the Digital Mail PostOffice. • Only a subject line is sent to multiple potential recipients with instructions to ask the recipient to reply to the sender if they believe they are the actual intended recipient.
These choices facilitate "speculative addressing" such as trying to send Dmail to old friends or others whose address is in doubt. If the sender chooses to conceal the message if the Digital Mail Network finds the recipient appears to be ambiguous, then the recipient only receives a Dmail with a message header and name of the sender, and then the recipient can choose whether to reply to the sender and ask to be sent the full message. An additional aspect of this addressing mode is that the Digital Mail PostOffice will reject delivery entirely if it determines that the number of potential ambiguously addressed recipients is greater than a chosen threshold. B. Services on sent messages, taking effect at the Receiver
An aspect of the invention are new features available in the embodiments enabling the sending of Dmail. The preferred embodiment is in a web-browser interface, although much of the functionality may also be duplicated in conventional mail sending tools adapted as necessary, as addressed in subsequent paragraphs below. In the preferred web-browser interface, Dmail composition will have additional menu-selectable functions that give a sender choices, analogous to choices in sending physical postal mail:
• Sending with a return-receipt requested for delivery of envelope to recipient. This request will trigger the Dmail reader to send a return Dmail to the sender on the first occurrence of the recipient invoking an action in a mail reading tool that presents to him the header of the message in a visible portion of the listing of messages in its category.
• Sending with a return-receipt requested for delivery of letter contents to recipient. This request will trigger the Dmail reader to send a return Dmail to the sender on the first occurrence of the recipient invoking an action in a mail reading tool that presents to him the data contents of the message.
• Sending a print message to a recipient who has never registered their digital Mail account. Generally, digital Mail arriving for a recipient is queued for being read, and only some messages are periodically printed to send as duplicated physical mail. After the first print message, the digital PostOffice maintains a policy as to how often to duplicate other messages into print mail, each of which functions as a reminder and incentive for the recipient to register their account. If a recipient has been sent a number of messages over some threshold, but has not yet registered their account, then the sender can be notified, at the time of sending through the prefeπed browser interface, that it is highly likely the
recipient may not receive the digital Mail unless it is also duplicated as physical print mail, and the sender can be allowed, for a fee, to direct that his message be duplicated and sent in print.
• Sending "priority mail" that appears in a premium category, such as the priority category or the "first class" business instead of "standard class".
• Sending "express mail" that will stay at the top of a time-sorted list until it is read, even if newer messages arrive subsequently.
In addition, Dmail senders also can specify per-message authentication, so that in order to read messages, the recipient must supply additional authentication (a separate pass-key in a sense), specific to this sender. This can be one-time for the specific sender-receiver combination, periodic (such as once a month), or for each received message individually. The additional authentication can be either in the form of requiring the recipient to supply a sender- specific code before the message will be displayed, or answering a sender supplied question that is encoded in the Dmail header. As an example of the first usage, the sender may desire to have the recipient type in a code from a physical postal letter (such as a monthly bill or account statement) separately sent by the sender. This use duplicates the authentication method performed earlier to authentication the Dmail receiver, but is fully in control of the sender, and can thus provide the sender additional assurance. As an example of the second usage, the sender may desire to have the recipient answer the some type of question, such as supplying their "mother's maiden name", to which their existing security policies are already accustomed. In either case, the Dmail reader interface only decrypts the message and presents it to the recipient upon a coπect response to the authentication challenge. The Dmail reader also can, optionally, notify the sender with a return Dmail message about the status of the authentication challenge, and indicate whether the potential recipient was successfully authenticated by the challenge or failed after a plurality of attempts.
7) A sender can also choose that a Digital Mail message trigger additional notification to alert the recipient of important incoming Digital Mail awaiting being read. The additional notification methods are:
• Send Print Digital Mail using the local Postal Service at the recipient. This happens anyway if the recipient user has not yet authenticated their account to indicate that they expect to be reading Digital Mail online.
• Send an email if the Digital Mail Account has a sub-authenticated email address in the Digital Mail PostOffice database.
• Send a facsimile transmission to the recipient if there is a fax number on file in the Digital Mail PostOffice database.
• Notify the recipient by telephone using a computer synthesized voice, if the Digital Mail Account has a sub-authenticated telephone number in the Digital Mail PostOffice database.
• Notify the recipient by telephone with a human operator ("the Digital PostOffice Operator").
Each of these additional services will have a cost, which the sender's account is charged with upon the selection of these services for each mail sent. C. Services available before (or in contemplation of) sending
In the prefeπed web-browser interface, Dmail senders will have also have services available that query the Dmail directories for information about specific recipients. For fees, a sender is able to receive information, for each intended recipient, including:
• Whether the recipient has an existing Dmail account
• Whether the recipient has authenticated the Dmail account
• How long the Dmail account has been open
• How long the Dmail account has been at its present physical postal address
• The monthly volume of mail received by the intended recipient in the sender's intended category.
• The last date Dmail was read from the account
• Whether the recipient already has filters in place that would block the viewing of the intended message. This feature is enabled by the sending of status information from Dmail reader servers back to the Dmail Directory database.
• Preferences of this account for advertisements of particular types and subjects. This information is both from specific statements "opt-in" statements made when opening a digital Mail account, as well as statistical information regarding which advertisement banners this user has responded to in the past.
Functions in the Dmail Receiver user Interface
In the display areas, each message's header is optionally color-coded with the level of authentication for the sender. Possible levels include:
• Sender authenticated as a known Dmail Individual (with the displayed name).
• Sender authenticated as a known Dmail Business (with the displayed name). • Sender has requested authentication, but the authentication process is in progress.
• Sender has requested the message be sealed until the receiver answers a challenge for additional sub-authentication (typically a password, but can be an answer to a specific sender-supplied question.)
• Sender is new or unknown The color coding may also optionally indicate whether the message arrived encrypted
(extra security for contents of message), or digitally signed (extra validation of the identity of the sender, based on trust of the signer)
There are also sublevels of authentication which may also be displayed for each sender, both to indicate the original authentication method (i.e. whether the sender used the receipt of physical mail sent by the Digital PostOffice, the use of a Quickcode, or just inherited trust from a public database, such as a credit-check), and to indicate whether there are additional sub-authentications (of telephone number or email address), available for that sender.
It is also optionally possible to filter the displayed messages based upon the sender's authentication level, or sub-authenticated level, and to select specific actions to take for all messages from specific senders. The actions possible, which can be selected either by menu or hyperlink, include:
• Move this and other emails from this sender to the top of the present category.
• Move this and other emails from this sender to the bottom of the present category.
• Move this and other emails from this sender into a different category.
Additional Services
An user can also choose, at substantial additional cost, to request additional notification to be sent for all incoming Digital Mail, separately for each category. The additional notification methods are:
• Send Print Digital Mail using the local Postal Service at the recipient. • Send an email if the Digital Mail Account has a sub-authenticated email address in the Digital Mail PostOffice database.
• Send a facsimile transmission to the recipient if there is a fax number on file in the Digital Mail PostOffice database.
• Notify the recipient by telephone using a computer synthesized voice, if the Digital Mail Account has a sub-authenticated telephone number in the Digital Mail
PostOffice database.
• Notify the recipient by telephone with a human operator ("the Digital PostOffice Operator").
Dmail feature preservation through Email Receivers
In addition to the preferred embodiment of a web-browser interface for both the receiving and sending of Dmail, it is also possible, with additional aspects of the invention, to support most of the added features of Dmail even when using ordinary email reader and sender programs. In particular, the key feature of categorizing received Dmail is accomplished in an ordinary email reader by manipulation of the date/time fields and prefixing of the subject fields. Both types of changes are performed so that the messages will appear grouped into the categories, whether the email reader sorts by time or by Subject.
The changing of the date is chosen in a way to be the least intrusive as possible, but still provide as much information to the user. To accomplish this, the prefeπed choice is to adjust the each category to use a different multiple of -10 years. For example, the first category can use the original dates, the secondary category can adjust dates back by 10 years, so that all those messages appear lower in a list sorted with most-recent at the top, the next category can adjust dates back by 20 years, and so forth. By choosing 10 years as the increment, it will be obvious to the recipient, without confusion about the actual dates, since any real list of messages would undoubtedly span a time period much shorter than 10 years. Further, 10 years is a small enough increment, that even email readers that assume that all dates are greater than the year 1900 would work fine, since there are fewer than 10 categories.
Adjusting the text in the subject field can be done with a simple prefix code of a few characters, such as "Cl:", "C2:", ..., so that an alphabetic string sort will produce an ordering where the categories are all grouped together and appear in the desired order.
When using an ordinary email reader, rather than the specific Dmail web-browser interface, an additional aspect of this invention is the creation of additional email messages with distinctive subject lines to serve as category separators. The dates and subject prefixes chosen will work to always place these messages between the categories in the lists of email messages that have dates or subject lines adjusted as described in the previous paragraph. Further, both the subject and body of the separator messages may have advertisement material that matches the web-browser interface in the delivery quantity of static advertisements.
Dmail feature preservation through Email Senders
All of the menu choices available in the prefeπed browser interface for sending digital Mail are also available through specialized directives that can be placed into normal email addressed to "postmaster@postoffice.com" (the use ofpostoffice.com" is not required per se; any other domain may be established to receive Dmail).
Security improvements relative to existing DNS protocols
The SMTP protocol, cuπently used by nearly all electronic mail systems worldwide, has no provision for checking the actual identity of a mail sender, and therefore it is trivial to send anonymous or fraudulent email messages. In order to coπect these deficiencies of SMTP, the Digital Mail Network implements a new protocol called the DMTP, the Digital Mail Transfer Protocol which transmits messages with unequivocal sender identity information. In the usual case, the sender is identified by reference to his authenticated Dmail account. In the special case of a Dmail sent by a special anonymous interface provided for by the Digital Mail Network, the sender is clearly identified as having chosen to be anonymous, instead of being mislabeled with some assumed identity.
The DMTP protocol is used over encrypted transmissions on the Digital Mail Virtual Private Network 108, so that unsanctioned use attempts will fail. The encryption is based upon the keys generated by Trust Authorities 113, and distributed via the Trust Certificate Distribution channels 162. A. Definition and features of the DMTP protocol
Another aspect of this invention is the creation of a new protocol called the "Digital Mail Transfer Protocol" (DMTP). Unlike its simpler predecessors (SMTP, POP, IMAP) 322, 324, 326 , DMTP is always authenticated and encrypted. Further, again unlike the other protocols (SMTP, POP, IMAP) 322, 324, 326, it does not rely upon the public internet's "Domain Name Server" DNS protocol as a starting point, but instead creates a new secure definition of the network addresses needed, based on a trust hierarchy. The trust hierarchy, illustrated in Figure 1, starts with the digital certificates issued to each individual user's DMTP server. These certificates are issued and validated by the digital certificates issued to "Zone servers" which are in turn issued and validated by the root trust authority 113 behind the Digital Mail Network 162. The root trust authority is preferably a computer stored in a bank vault located in Switzerland, so that it falls under Swiss law; though other locations may be used. The Swiss location is prefeπed both because of the strictness of the bank secrecy laws, and because it is the trusted location of the International Postal Union Headquarters. The digital PostOffice root trust authority 113 computer is only accessed periodically (such as annually) when it is necessary to generate digital certificates for the Zone servers. The Zone server certificates have an expiration date (typically one year after date of creation) to limit the potential, in the event a Zone server is compromised, for creating unauthorized DMTP server certificates.
A key advantage of the organization described in Figure 1 is the distinction that available server processes 302,304,306 are software running locally on an end-user's computer hardware. This keeps the cleartext insecure protocols (SMTP, POP, IMAP) 184 confined locally to the physical location of the user, rather than being sent across the public internet 106. Instead, only the DMTP 328 protocol is sent across the public internet 106. Since DMTP is an encrypted protocol, all traffic on the Digital Mail Network is in the form of a VPN (Virtual Private Network), even though it is carried on the public internet infrastructure.
Further, replacing the "standard" implementations of the (SMTP, POP, IMAP) servers with the implementations of (SMTP, POP, IMAP) 322, 324, 326 which conform with the operation of the present invention, enables the generation of the "adjusted" email messages described in a previous paragraph so that a user can received authenticated Dmail, including separation into categories, even when choosing to use a local email reader.
User Interface Descriptions
Referring now to FIG. 14, there is shown a screen shot of a sign-up screen 1400 according to one embodiment of the present invention. The user enters an account name in field 1401, which will be used to identify the user in the context of the invention. Password fields 1402 allow entry of a user-selected password for user validation. Additional user identity verification is provided by fields 1403, including for example birth date, and secret password question and answer. User profile fields 1404 collect additional information describing the user, which may be used for targeting advertising or other profiling. OK button 1405 submits the entered information, and Clear button 1406 clears the fields in screen 1400. The alternate email address field capture a user's email address and thus allows for the authentication of this email address using the methods described above under Subauthentication of Email Address.
Referring now to FIG. 15, there is shown a screen shot of a screen 1500 for collection of additional registration information according to one embodiment of the present invention. Home address fields 1501 collect information describing the physical address of the user. This information is used for user initiated account registration. Match button 1502 provides functionality for verifying the physical address using trusted postal address databases. User profile fields 1404 are provided as described in connection with FIG. 14. OK button 1503 submits the entered information, and Clear button 1504 clears the fields in screen 1500.. Referring now to FIG. 16, there is shown a screen shot of a mailbox screen 1600 according to one embodiment of the present invention, showing sorting by category and prioritizing of mail items. Several categories 1601 are displayed, each containing several messages. Incoming messages are automatically places in categories 1601 according to the type of sender, as previously specified. This allows the user to know before even reading a message, the type of sender and thereby use this information to decide whether or not to read the message; the type of sender is known and authenticated by the digital post office, and thus the recipient is guaranteed as to the accuracy of the classification, unlike in conventional systems that apply heuristic rules to move mail into folders.
For each message, the sender 1602 is identified, and the date received 1603 is shown. Generally, messages are sorted by date within each category 1601, although high-priority messages such as 1606 are presented at the top of the list, regardless of date. Priority can be determined based on certain predetermined qualities, including for example a higher fee having been paid by the sender. Thus, a sender can pay a fee to have a particular message stay at the top of it's a category, even if it is older than other messages.
Subject 1604 is shown for each message, as well as the security level 1605 of the message. "Authentic" indicates that the sender has been authenticated, while "Auth Pending" indicates that authentication is in progress. "Password Required" specifies that additional authentication means are required (as specified by the sender) before the message can be displayed to the recipient, as shown in message 1607. For example, the recipient may be required to enter a password or answer a test question before reading the email. This message- specific authentication enables the sender to further ensure that a message is read by only a specific person.
Check boxes 1608 allow the user to select individual messages for action. Clicking on Delete Checked 1610 deletes the checked messages. Clicking on Move to 1611 moves the checked messages to another location, specified by drop-down menu 1612. Check All box 1609 checks all messages within the associated category. Buttons 1613 are also provided for viewing messages within a certain date range, such as Today, One Week, One Month, and the like. This feature makes selection and viewing of messages far more useful than mere "date" sorting found in conventional messaging systems.
Referring now to FIG. 17, there is shown a screen shot of a message display screen 1700 according to one embodiment of the present invention. Note that this message was sent to the recipient addressed by their physical postal address 1701, and not an email address. The subject 1702, date 1703, and body 1704 of the message are displayed, including buttons 1705 for performing various actions on the message, such as replying, forwarding, deleting, and moving.
Referring now to FIG. 18, there is shown a screen shot of a screen 1800 for composing a letter according to one embodiment of the present invention, including a variety of addressing modes and address verification features. Radio buttons 1804 provide several options for addressing mode, including postal address, e-mail address, phone number, and digital post office box. Depending on the mode chosen, a different set of fields 1805 appear for entry of addressing information. Thus, this feature allows a sender to address a message to a recipient using any of these different types of addresses.
Send button 1801 sends the message, while Save Draft button 1802 saves the message locally for later retrieval. Cancel button 1803 cancels the letter composition process.
Address Book Lookup button 1806 provides access to the user's address book for selection of a recipient therefrom.
Directory Lookup button 1807 provides access to a public directory, such as may be consulted using the Lightweight Directory Access Protocol (LDAP) for selection of a message recipient therefrom.
Check Recipient / Address Wizard button 1808 provides access to an address coπection wizard that checks the validity of an entered postal address, and suggests close alternatives if the entered address is not found. Remove Recipient button 1809 removes the specified recipient, while Add Recipient button 1810 adds the specified recipient.
Subject field 1811 and body field 1812 permit entry of subject and body of the message, in a conventional manner. Additional options 1813 such as a signature may also be provided. Attachments 1814 to the message may also be specified.
Referring now to FIGS. 19 through 23, there is shown a series of screen shots for greeting card composition according to one embodiment of the present invention, which is one way to facilitate the sender initiated account creation process, such as illustrated in Fig. 9. Additional details of the structure of the greeting card are discussed below with respect to Fig. 5.
In one embodiment, the screens shown in these figures are presented in succession to the user, to effect composition and transmission of a greeting card in accordance with the user's specifications.
FIG. 19 is a screen shot of a greeting card composition screen 1900 showing greeting card type selection, according to one embodiment of the present invention. The user selects among various greeting card types 1901 as presented in screen 1900. FIG. 20 is a screen shot of a greeting card composition screen 2000 showing greeting card selection, according to one embodiment of the present invention. The user selects among several greeting cards 2001 as displayed on screen 2000. Previews of the displayed cards 2001 are also available. Once a card has been selected, a greeting card composition screen 2100 such as shown in FIG. 21 is displayed, showing message input, according to one embodiment of the present invention. The user is presented with a preview 2101 of the card, and can enter personalized messages and salutations in fields 2102 and 2103. Buttons 2104 allow a user to proceed with addressing, previews, or postponing transmission of the card. FIG. 22 is a screen shot of a greeting card composition screen 2200 showing greeting card addressing, according to one embodiment of the present invention. Fields 2201 allow entry of the recipient's postal address. Buttons 2202 allow the user to proceed with selecting a
gift certificate for the card, or postponing transmission, or looking up an address for the recipient.
In one embodiment, the user may select a gift certificate to be included with the card. FIG. 23 is a screen shot of a greeting card composition screen 2300 showing gift certificate selection , according to one embodiment of the present invention. The user can select from a number of gift certificates 2301, which may be coupons for various merchants. Depending on the user's selection, the recipient's card includes a gift certificate for a particular merchant. Previews and additional information concerning gift certificates 2301 can be obtained by clicking on appropriate buttons in screen 2300. This feature allows a sender who may be personally known to the recipient to directly select and send a gift certificate for a vendor. The sender benefits by this process by being able to send a free , high quality greeting card, created online, but addressed by postal address; the vendor benefits by having a gift certificate targeted to the recipient, benefiting from the sender's judgment about the interests of the recipient; and the recipient benefits from receiving the greeting card and the gift certificate.
Once the user has made the selections in FIGS. 19 through 23, a personalized greeting card is generated and sent to the recipient. This step also initiates pre-registration for the specified recipient. FIG. 24 shows a greeting card 2400 as delivered to the recipient, including a personalized message 2401, gift certificate 2402, and registration code 2403, according to one embodiment of the present invention. Also provided is a unique identifier 2404 for signing onto the system. The recipient can thus become authenticated by virtue of the fact that he or she has received a piece of physical mail at the specified address, when he or she then signs on to the system and provides registration code 2403. Incentives for such sign-on may be provided, such as for example allowing the recipient to compose and send a number of greeting cards to other recipients, upon sign-on.
Referring now to FIG. 25, there is shown a screen shot of an add contact screen 2500 according to one embodiment of the present invention. The user provides required information 2501 as well as additional information 2502 for the new contact, who is then entered in the user's local database. Okay button 2503 confirms the information. In one embodiment, addition of a contact using screen 2500 may initiate pre-registration for the contact, subject to authentication. Thus, this feature allows the action of adding a contact to one's address book to initiate pre-registration of another user. In contrast, conventional online
address books merely store contact information; creation of a new contact does not create an email or similar account for the contact in any electronic communication system.
Referring now to FIG. 26, there is shown a screen shot of an options screen 2600 according to one embodiment of the present invention. Various administrative options 2601 are provided for interacting with the system of the present invention, including for example:
• Editing a personal profile;
• Editing default settings and preferences;
• Changing passwords;
• Configuring automated forwarding and notification options; • Specifying filtering and blocking options;
• Configuring retrieval of POP e-mail from various accounts;
• Creating a personal signature, and optionally a digital signature; and
• Configuring automatic reply to incoming messages.
Referring now to FIG. 27, there is shown a screen shot of an address verification screen 2700 according to one embodiment of the present invention. When the user enters an unrecognized address in fields 2701 (in this example during entry of their postal information) the address coπection wizard provides a list of closely matching addresses 2702. The user can then select from the displayed list. In this manner, physical addresses can be verified before messages are sent, even if the user does not remember the exact address. This same feature of the address coπection wizard is available any time a user provides a postal address into the system (e.g. account registration, addressing a message by postal address, addressing a greeting card, etc. by postal address, and so forth).
Referring now to FIG. 28, there is shown a conceptual diagram showing a comparison 2800 of digital mail 2802 of the present invention with conventional postal mail 2801 and conventional e-mail 2803. As portrayed in FIG. 28, digital mail 2802 as implemented by the present invention provides the advantages of postal mail 2801 (trusted system, familiar, and verified addresses), while avoiding the disadvantages of postal mail 2801 (slow, inconsistent, and expensive). In addition, digital mail 2802 as implemented by the present invention provides the advantages of e-mail 2803 (fast, inexpensive, and efficient), while avoiding the disadvantages of e-mail 2803 (insecure, spam-ridden, and unverifiable).
Business models for customer acquisition
Yet another aspect of this invention are the specific methods that can be used to acquire users. Potential users can be first contacted by either physical delivery, existing email systems, or through the world-wide-web internet.
1) Contact through internet access to the Digital Mail Network website Potential users will be able to click on hyperlinks at a variety of other partner companies' websites that will direct their browser to initiate a session with the Digital Mail Network. In particular, at such an initial session, a potential new user will both have the opportunity to activate a Digital Mail Account, to send Digital Mail, and to use marketing promotions such as the sending of free greeting cards via the Digital Mail Network. 2) Contact through branded links from other portals allowing those portals to offer the services available within the Digital Mail Network
In particular, the services of "anonymous Dmail", recipient queries, and free greeting cards could be provided through links at other portals that maintained their branding. 3) Contact through physical mail delivery As discussed in previous paragraphs, authentication is the process of verifying that a particular Dmail user has a particular physical street address. Verification is accomplished by having the recipient respond to the Digital Mail server with a code printed on a piece of physical mail received. There are various methods to generate physical mail addresses to which to address postal mail containing authorization codes: a) In response to the recipient requesting registration through the web-browser interface or by a request to the postmaster of the Digital Mail server. Users would be motivated to request registration as a result of direct marketing, or due to hearing radio or seeing print advertisements. b) By "piggybacking" a printed code on some other piece of mail that the recipient would be receiving anyway. Examples of this method would be having the Digital Mail server initiate business agreements with senders of merchandise catalogs, other mass mailings, or specifically with bill sending agencies such as credit card issuers. Codes printed on these materials would allow the quickcode method of immediate authentication without the Digital Mail PostOffice needed to send any additional postal mail for physical delivery. c) In response to some other sender addressing Dmail to a new recipient. In order to encourage this method, the Digital Mail server creates the concept of advertisement-supported greeting cards, that users can address to friends, acquaintances, and associates.
Specifically for the third method above, free-to-the-sender greeting cards are a combination of both Dmail and a physical printed postal mail card, containing any combination of:
• Personal message from sender; the sender is preferably personally known to the recipient, and thus the recipient is more inclined to read the card, instead of merely throwing it away as junk mail.
• A tip, such as a recipe or "how-to" tidbit (including branding of specific items or ingredients)
• Coupon for the branded item • Coupon for a related item
• A xxxx.com Identification card, with a Dmail account registration code.
A prefeπed embodiment of the combination postal greeting and Dmail registration card is shown in Fig 5. The card has four panels created by three crease-line folds 513. The structure of this greeting card is preferably applied to the greeting cards generated by the process described with Figs. 19-23.
The prefeπed structure of a greeting card is as follows:
Panel 501 contains a "tip", or some other information that would be meaningful to the recipient, and which the recipient would find interesting to keep.
Panel 502 contains a personal message from the sender. An additional enticing principle is that this message is only partially exposed when panel 503 remains folded over the second crease-line 513, and therefore requires this panel 503 be opened before the personal message on panel 502 is fully visible.
Panel 503 contains a coupon, gift certificate, or collection of such items. Panel 504 contains a detachable registration card, with a Dmail account number and a quick code for entry by the recipient in the manners described above..
The placement of the digital mailbox account number and quick code on panel 504 is also desirable. This is because its folded location prevents it from being seen before the card is fully opened. Since it is a violation of law for other than then addressed recipient to open the card, there is a high degree of certainty that only the intended recipient views the code, and subsequently provides it back to the system 100 to authenticate their address and identity.
The structure of this type of greeting card also facilitates particular methods of forming such cards including receiving a personal message and recipient postal address from a sender, receiving the sender's selection of a coupon or promotion of an advertiser, printing the
sender's messages and selected coupons/promotions onto a physical mail piece, and delivering the mail piece to the recipient. For the purpose of authenticating the postal address of the recipient, the method further includes printing an authentication code on the mail piece, receiving the authentication code in a computer system, and verifying the authentication code. The method may further include printing and folding sealing the mail piece to at least partially obscure the coupon and/or authentication code, so as to require the mail piece to be unfolded completely to reveal the coupon and/or code. The method may further include printing and folding the mail piece to partially obscure the sender's message, so as to require the recipient to unfold the mail piece to read the entire sender message.
4) Contact through Email
Messages sent out over ordinary email systems may also be used to encourage a potential user to activate a Digital Mail account by accessing the Digital Mail Networks website. In particular, a method is to send email through one of the many "opt-in" services that has a mislabeled sender and a message body that makes a potential user realize the potential advantages of authenticated Digital Mail. An example of such an email message is:
FROM: Tom Friend
TO: Joe User
SUBJECT: A new development in communications!
Joe,
Wouldn't you love to be able to trust who an email is really from?
Yours, Tom
If you hate spam, don't go postal, go postoffice.com Don't Lick, just Click postoffice.com Digital Mail
Revenue Sources for the Digital Mail PostOffice
Digital Postage paid by the sender
In particular, a new concept is that the price paid for a message depends on the addressing mode used for that message. Each addressing mode can have a different price based
on the amount of resources necessary for handling the message, the value to the sender, and the degree to which it is strategic to encourage particular addressing modes. For example, addressing using the Digital P.O. Box number is priced very low, to encourage the widespread use and distribution of Digital P.O. Box numbers, which only the Digital Mail Network can deliver.
Further, the price paid for a message depends on the category it is to be displayed in, and the position (priority) within that category. An additional new concept is that the price can change based upon the sender's choice of category, with no change to the contents of the message itself. Fees for additional services requested by the sender
These potential fees include amounts for all of the options available in the section above entitled "Services on sent messages, taking effect at the Receiver".
In particular, fees can provide revenue for: a. Sending with a return-receipt requested for delivery of envelope to recipient.
b. Sending with a return-receipt requested for delivery of letter contents to recipient.
c. Sending "priority mail" that appears in a premium category, such as the priority category or the "first class" business instead of "standard class".
d. Sending "express mail" that will stay at the top of a time-sorted list until it is read, even if newer messages arrive subsequently.
e. Requiring that the receiver supply an additional password or response to a question challenge before being able to read the message.
f. Alerting the recipient of incoming Dmail by additional notification methods:
i. Physical Delivery
ii. Email
iii. Facsimile
iv. Automated Telephone
v. Human-operator Telephone
Fees for query services
These fees would apply to requests about potential recipients, even if Dmail isn't actually sent. The fees are levied for all of the types of information described in the above section entitled "Services available before (or in contemplation of) sending": • Whether the recipient has an existing Dmail account
• Whether the recipient has authenticated the Dmail account
• How long the Dmail account has been open
• How long the Dmail account has been at its present physical postal address
• The monthly volume of mail received by the intended recipient in the sender's intended category.
• The last date Dmail was read from the account
• Whether the recipient already has filters in place that would block the viewing of the intended message.
• Preferences of this account for advertisements of particular types and subjects.
Fees for additional services requested by the receiver
These potential fees apply when a recipient has specified to be alerted regarding incoming mail in particular categories. An additional new concept is the point that such fees can be levied only for mail in particular categories, where the categories are part of what the Digital Mail Network authenticates. The alert methods, each with a different price, are the same as can also be specified by the sender a) Physical Delivery
b) Email
c) Facsimile
d) Automated Telephone
e) Human-operator Telephone
Appendix A Example Web Site Organization for a Web Site Supporting Digital Mail Network
1. Web Site
1. Registration 1. registration, asp
1. POST
1. registration_process . asp 2. registration2.asp 1. POST 1. registration_process. asp
2. Login
1. login.asp
3. Logout
1. logoutasp 1. POST
1. logout action.asp
4. Mailbox
1. mail. asp 1. POST 1. mail action.asp
5. Compose Letter
1. compose.asp 1. POST
1. compose action.asp 6. Compose Greeting
1. greeting.asp, 7. Addresses
1. Main Page Layout 1. Header 1. topsutff.asp
1. Logo
2. User Postal Address
3. User Email Address
4. Advertisement 2. Global Menu
1. Mailbox
2. Sent
3. Trash
4. Compose Letter 5. Compose Greeting
6. Addresses
7. Folders
8. Options
9. Help 3. Addresses Bar
1. Address Book View
2. Alphabet Index
4. Action Menu
1. Add Contact — link to add_address.asp
2. Delete ~ call javascript and submit (addresses.asp)
5. Sort Menu ~ all links call addresses.asp
1. Name
1. First
2. Last
2. Nickname
3. Postal Address
4. Email
6. Entry
1. Check Box
2. Name ~ link to user profile (add adderss.asp)
3. Nickname
4. Postal Address
5. Email — link to compose (compose.asp)
6. Telephone number?
7. Footer
1. Global menu
2. Copyright 2. Edit Page Layout
1. Required Information 1. First Name
2. Last Name
3. Email Address
4. Digital Post # 5. Postal Address
2. Additional Information
1. Group associated
2. Nickname
3. Company 4. Home Telephone 5. Work Telephone 6. Fax number
7. Cell Number
8. Pager Number
9. Work URL
10. Home URL
11. Note
12. Birthday 13. Action Menu
1. Okay ~ call javascript and submit (addresses.asp)
2. Cancel ~ call addresses.asp
14. Footer
1. Global menu
2. Copyright
8. T r7ui cio
1 1.. ffoollddeerrss..aasspp
1. POST
1. folders action.asp
2. folders _ confirm.asp 1. POST 1. folders_action.asp
3. folders create.asp 1. P6ST
1. folders action.asp
4. folders_delete.asp 1. POST
1. folders_action.asp
5. folders rename.asp 1. POST
1. folders action.asp 9. Options
1. options.asp
1. options extemal.asp
2. options_extemal_newmail. asp
3. options filters.asp 4. options_forwarding. asp
5. options_password.asp
6. options_Preferences. asp
7. options_profile.asp
8. options_signature.asp 9. options vacation.asp
10. Help
Appendix B: Example Message Format
1. rfc-822 format with extended header information
1. X-PO-<n>-TYPE 1. Dmail to 1. EMAIL
1. X-PO-<n>-EMAIL
2. POBOX
1. X-PO-<n>-POBOX
3. TELEPHONE 1. X-PO-<n>-(FROM/TO/CC/BCC)-FIRST
2. X-PO-<n>-(FROM/TO/CC/BCC)-LAST
3. X-PO-<n>-TELEPHONE
4. ADDRESS
1. X-PO-<n>-(FROM/TO/CC/BCC)-FIRST 1. Mailing address name
2. X-PO-<n>-(FROM/TO/CC/BCC)-LAST 1. Mailing address name
3. X-PO-<n>-(FROM/TO/CC/BCC)-ADDRl 1. Mailing address street 1 4. X-PO-<n>-(FROM/TO/CC/BCC)-ADDR2
1. Mailing address street 2
5. X-PO-<n>-(FROM/TO/CC/BCC)-CITY 1. Mailing address city
6. X-PO-<n>-(FROM/TO/CC/BCC)-STATE 1. Mailing address state
7. X-PO-<n>-(FROM/TO/CC/BCC)-ZIP 1. Mailing zipcode
2. X-PO-<n>-EMAIL
3. X-PO-<n>-TELEPHONE 4. X-PO-<n>-POBOX
5. X-PO-<n>-(FROM/TO/CC/BCC)-FIRST 1. Mailing address name
6. X-PO-<n>-(FROM/TO/CC/BCC)-LAST 1. Mailing address name 7. X-PO-<n>-(FROM/TO/CC/BCC)-ADDRl
1. Mailing address street 1
8. l X-PO-<n>-(FROM/TO/CC/BCC)-ADDR2
1. 0 Mailing address street 2
9. X-PO-<n>-(FROM/TO/CC/BCC)-CITY 1. 0 Mailing address city
10. X-PO-<n>-(FROM/TO/CC/BCC)-STATE 1. Mailing address state
11. X-PO-<n>-(FROM/TO/CC/BCC)-ZIP 1. Mailing zipcode 12. X-PO-SECTION
1. Category to sort mail in recipient mailbox; Personal, Priority, Business Class, Consumer class, Email class. All un-categorized or unauthenticated dmail will be sent to Email class.
13. X-PO-PRIORITY 1. Type of mail sent; priority, express, return-receipt envelope, return- receipt letter, sender authentication
14. X-PO-AUTHENTICATION
1. Level of authentication; email, credit card, telephone, postal, none. The client web will set this field since it is known at the time of mail creation, i.e. the mail will have an authentication level of the sender at the time the mail was created.
Appendix C: Example Schema of Digital Mail Account Database
1. Authenticated User (Regular User)
1. User Information fields
1. poUsemame: user log in name 2. poPassword: user password
3. poStreet: user postal address
4. poCity: user postal address city
5. poState: user postal state
6. poZip: user postal zip code 7. poZip4: user postal zip code +4
8. poTelephone
9. poTelephone Addressable flag whether to let other address you by phone number
10. poEmail alternative email address 11. poGUID its foreign key to the Authentication Pending directory 12. poStatus user status: active, deleted
2. Management fields
1. poMailboxLocation mail server name 2. poMailboxNumber 16 digital mail box number
3. poActivatedDate user activated time
4. poLastVisitDate user last visiting date
5. poMailVolume how many mail the user receives
6. poAuthenticationMethodie: web, postal card, quick-code...., its an aπay, the user can be authenticated by multiple methods
7. poFoldlndex aπay of user folder index; ie: 01,02,99
8. poFoldName work with poFoldlndex as an associative aπay; ie: 01— >Personal Folder
3. Optional field 1. poBirthday
2. poAge
3. poCareer
4. poCompanyName
5. poWorkPhone 6. poAlias alias name for his receiver: mom, dad; it's an aπay. Odd field is alias name, even field is alias poMailboxNumber 7. Other perferences:
1. poBuddyList: aπay of buddy poMailboxNumber, which will be move to friends folder 2. other web browser preference setting: color, size of screen
3. some import date information to give dmail notification: your birthday, anniversary,...
2. Authentication Pending User (Account Activated, but not authenticated yet) 1 Mandatory fields 1 poGUID: GUID of temporary user
2. poPassword password
3. poStreet: user postal address
4. poCity: user postal address city
5. poState: user postal state
6. poZip: user postal zip code
7. poZip4: user postal zip code +4 8. poActivationMethod anticipated activation method, its an aπay
9. poActivationDate is an aπay, multiple activation
10. poActivationCount same address maybe activated multiple times
11. poActivator who activated this account, aπay
12. poStatus a flag to tell if this accounted has been authenticated, or invalid (timeout)
Appendix D: Example organization for Digital Mail Storage Databases
1. Individual Mail Storage
Inbox Personal
Priority Financial First Class Standard Class <selected Consumer Mail Classes>
<selected Broadcast Mail Classes> Email Trash Sent Drafts
<personal_folders>
2. Consumer Mail Storage for Businesses
<category> (ie: Catalog) <sub-category> (ie: Sports)
<business Digital Mailbox>
Digital Direct Mail (displayed to consumers) Digital Business Reply Mail (reply from consumers) Priority Financial
First Class
Standard Class
Email Trash Sent
Drafts <business_folders>
3. Broadcast Mail Storage for Organizations <category> (ie: Politics)
<sub-category> (ie: California) individual Entity Digital Mailbox>
Digital Direct Mail (displayed to individuals) Digital Reply Mail (reply from individuals) Trash
Sent Drafts <other_folders>