WO2001057615A2 - Procede et appareil de commande de suivi des activites en reseaux - Google Patents

Procede et appareil de commande de suivi des activites en reseaux Download PDF

Info

Publication number
WO2001057615A2
WO2001057615A2 PCT/US2001/003281 US0103281W WO0157615A2 WO 2001057615 A2 WO2001057615 A2 WO 2001057615A2 US 0103281 W US0103281 W US 0103281W WO 0157615 A2 WO0157615 A2 WO 0157615A2
Authority
WO
WIPO (PCT)
Prior art keywords
user
server
tracking
persistent information
role
Prior art date
Application number
PCT/US2001/003281
Other languages
English (en)
Other versions
WO2001057615A3 (fr
Inventor
Ron Perry
Erez Manor
Almog Ben-Harosh
Moshe Anisman
Original Assignee
Idcide, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Idcide, Inc. filed Critical Idcide, Inc.
Priority to AU2001238010A priority Critical patent/AU2001238010A1/en
Publication of WO2001057615A2 publication Critical patent/WO2001057615A2/fr
Publication of WO2001057615A3 publication Critical patent/WO2001057615A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden

Definitions

  • the present invention relates to protecting the privacy of Internet users by identifying, reporting, and restricting the collection of personal and other data relating to Internet users and their online activity. More particularly, the present invention relates to a method and apparatus for identifying and controlling tracking activities on the Internet and on similar networks.
  • a cookie represents a small amount of “persistent” information which is generated by a web server and is stored on the computer of a user when the user requests a web page from the server. Subsequently, each time the user sends a request for information to this web server, the cookie is sent back to the server along with the user request.
  • the type of information which a cookie can contain is practically unlimited. The storing of cookies or other persistent information on the user's computer, while browsing, is normally invisible and unknown to the user.
  • cookies Originally, the purpose of cookies was to identify users and possibly prepare customized information for them. That is, instead of soliciting certain personal information (e.g. the user's name and interests) from the user each time the user accesses the server, the server, upon receiving a first request from the user, asks the user for this information, and stores it for later use. Although it is possible to packages all the information into a cookie and send the cookie to the user device for storage, it is more common to store the information itself at the web server, and only put some kind of identification tag in the cookie that is sent back to the user device. The next time the user requests a web page from the same web server, the server uses the cookie sent to it with the request to identify the user and present the user with customized information.
  • personal information e.g. the user's name and interests
  • cookies For a different purpose.
  • Profile-based advertisers place a cookie on a user's computer with some arbitrary identification of the user. They maintain a database with information they can gather about the various activities of that user at their web site, such as the pages visited, products viewed, purchases made, etc. They may also collect personal and identifying information such as name, address, age, gender, e-mail address, etc. With the aid of the stored cookies, they can recognize the same user on subsequent visits to the web site, and combine and correlate the data from a series of visits made on different occasions.
  • a particular class of trackers, "multi- site” trackers can identify the same user as he visits different entities on the web, and put together a comprehensive set of information describing his or her activity over a large number of Internet sites.
  • Cookies are used to personalize the web site for the user, to create a "virtual shopping carts" that makes shopping on the Internet friendly to users,
  • cookies enable web sites to perform various functions smoothly and easily through firewalls and other network devices that obliterate some of the conventional addressing information on the Internet.
  • Many sites, such as The New York Times require a user to accept a cookie before they permit the user to browse their web sites.
  • the operation of many services on the Internet is dependent on cookies. Microsoft's Hotmail service, for example, will not function for a user who disabled cookies in his browser.
  • Some browsers have an option to warn the user that a web server is storing a cookie on the user computer. These browsers typically display a dialog box asking the user whether he or she agrees to have the cookie stored on the computer. The user then must reply to the message by clicking an appropriate button. However, responding to dozens of cookie prompts every time the user surfs the Internet may be annoying and may distract the user's attention from browsing.
  • cookies are just one (though the most common) technique used by web servers to identify, tag and track users, by storing persistent information on their computers or other access devices.
  • Cookie Munger is a widely available tool used by web sites for tagging users who set their browser to reject cookies. It can be expected that new tagging techniques and tools will continue to evolve as the Internet itself continues in its race of accelerated development.
  • a method and apparatus for controlling tracking activities on a network are described.
  • tagging of a network access device and potential tracking of an online activity of a user are identified. Further, the user is notified that the user is being tracked.
  • the extent of tracking is restricted, up to a capability to completely disable tracking of the online activity of the user.
  • Figure 1 is a block diagram of one embodiment for a network architecture
  • Figure 2 is a block diagram of one embodiment for an architecture of a computer system
  • Figure 3a is a block diagram of one embodiment for detecting and reporting tagging and tracking of an online activity of a user over a network
  • Figure 3b illustrates an exemplary web page residing on a web server
  • Figure 3c is a flow diagram of one embodiment for detecting potential tracking in data incoming to a client device
  • Figure 3d is a block diagram of another embodiment for detecting and reporting tagging and tracking of an online activity of a user over a network
  • Figure 4 is a block diagram of an embodiment for restricting tracking of an online activity of a user over a network
  • Figure 5 is a flow diagram of one embodiment for restricting tracking of an online activity of a user over a network
  • Figure 6a is a block diagram of one embodiment for configuring storage and retrieval of persistent information.
  • Figure 6b is a block diagram of another embodiment for configuring storage and retrieval of persistent information.
  • Figure 6c is a block diagram of yet another embodiment for configuring storage and retrieval of persistent information.
  • the method includes identifying tagging of a network access device and potential tracking of an online activity of a network user and informing the user that the user is being tracked. In one embodiment, the method includes controlling and restricting the extent of tracking, up to a capability to completely disable tracking of the online activity of the user. It should be noted that the term "user" used herein refers both to persons and autonomous devices that may be performing activities over a network.
  • the present invention also relates to apparatus for performing the operations herein.
  • This apparatus may be specially constructed for the required purposes, or it may comprise a general purpose computer selectively activated or reconfigured by a computer program stored in the computer.
  • a computer program may be stored in a computer readable storage medium, such as, but is not limited to, any type of disk including floppy disks, magnetic hard- disk, optical disks, CD-ROMs, and magnetic-optical disks, read-only memories (ROMs), random access memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, or any type of media suitable for storing electronic instructions, and each coupled to a computer system bus.
  • Wide area network 130 may include, for example, the Internet, America On-LineTM, CompuServeTM, Microsoft NetworkTM, or Prodigy TM.
  • wide area network 130 may include conventional network backbones, long-haul telephone lines, Internet service providers, various levels of network routers, etc.
  • servers 110 may communicate through wide area network 130 to a plurality of clients 120.
  • Client 120 represents any device that may enable user's online activity over a network. Such devices may include, for example, a conventional computer system, a network computer or thin client device (e.g., WebTV NetworksTM Internet terminal or OracleTM NC), a laptop computer or palm-top computing device (e.g., Palm PilotTM), a cellular phone, a "kitchen computer”, etc.
  • Client 120 may be a device used by a person (a "user”).
  • client 120 may be an autonomous device performing activities over wide area network 130, in which case client 120 itself is referred to as the "user”.
  • client 120 may have a Graphical User Interface (GUI) to allow users to access data.
  • GUI Graphical User Interface
  • GUI is a graphics-based user interface that incorporates icons, pull-down or pop-up menus and a pointing device.
  • GUIs may include, for example, Microsoft Windows, Apple Macintosh, PalmOS, UNIX Motif, or UNIX OPE LOOK.
  • client device 120 may use Microsoft Windows, Apple Macintosh, PalmOS, UNIX Motif, or UNIX OPE LOOK.
  • other user interfaces including non-graphic interfaces may be used by client device 120 without loss of generality.
  • Client 120 may be connected to wide area network 130 in various ways.
  • client 120 may be connected directly to wide-area network 130 through direct or dial up telephone line, or other network transmission line.
  • client 120 may be connected to wide-area network 130 using a modem pool.
  • a conventional modem pool may allow a plurality of clients to connect with a smaller set of modems in modem pool for connection to wide- area network 130.
  • wide-area network 130 may be connected to a gateway computer or a router, which may be used to route data to clients through a local area network. In this manner, clients can communicate with each other through a local area network (LAN) or with servers 110 through a gateway and wide-area network 130.
  • LAN local area network
  • servers 110 through a gateway and wide-area network 130.
  • servers 110 may communicate with client 120 using conventional means.
  • servers 110 may operate as web servers if the World-Wide Web (WWW) technology of the Internet is used over wide area network 130.
  • WWW World-Wide Web
  • HTML HyperText Markup Language
  • web servers 110 may communicate across the World-Wide Web with client 120. It will be realized by one skilled in the art that a wide variety of network protocols and coding languages other than HTTP and HTML may be used with this invention without loss of generality.
  • client 120 may use a client application program known as a web browser such as the NetscapeTM NavigatorTM published by Netscape Corporation of Mountain View, CA, the Internet ExplorerTM published by Microsoft Corporation of Redmond, Washington, the user interface of America On-LineTM, or the web browser or HTML translator of any other conventional supplier.
  • client 120 may access graphical and textual data, or video, audio or tactile data provided by web servers 110.
  • web servers 110 may be in various Internet domains.
  • domains are defined by the domain name system associated with the Internet Protocol (IP) address.
  • IP Internet Protocol
  • all devices sharing the common suffix part of the IP address are said to be in the same domain.
  • top level domains are “.com”, “.net”, “.org”, “.edu”, “.gov”, etc.
  • specific domains are “yahoo.com” “cnn.com”, “whitehouse.gov”, “majestic.net.au”, etc.
  • tracking server 140 is associated with servers 110 in various domains.
  • tracking server 140 may be one of web servers 110.
  • Tracking server 140 represents web servers that monitor and collect data about online activity of clients 120.
  • Tracking server 140 may communicate to client 120 via wide area network 130 in the same ways as described above with respect to servers 110. It should be understood by one skilled in the art that tracking server 140 is not a necessary element of the network topology shown in Figure 1.
  • FIG. 2 illustrates an example of a computer system 200 illustrating an exemplary client 120, or servers 110 and 140 computer systems in which the features of the present invention may be implemented.
  • computer system 200 is comprised of a bus or other communications means 201 for communicating information, and a processing means such as processor 202 coupled with bus 201 for processing information.
  • Computer system 200 further comprises a random access memory (RAM) or other dynamic storage device 204 (commonly referred to as main memory), coupled to bus 201 for storing information and instructions to be executed by processor 202.
  • Main memory 204 also may be used for storing temporary variables or other intermediate information during execution of instructions by processor 202.
  • Computer system 200 also comprises a read only memory (ROM) and /or other static storage device 206 coupled to bus 201 for storing static information and instructions for processor 202.
  • ROM read only memory
  • An optional data storage device 207 such as a magnetic disk or optical disk and its corresponding drive may also be coupled to computer system 200 for storing information and instructions.
  • Computer system 200 can also be coupled via bus 201 to a display device 221, such as a cathode ray tube (CRT) or a liquid crystal display (LCD), for displaying information to a computer user. For example, graphical or textual information may be presented to the user on display device 221.
  • an alphanumeric input device 222 is coupled to bus 201 for communicating information and /or command selections to processor 202.
  • a pointing device 223 such as a conventional mouse, touch pad, trackball, or other type of cursor direction keys for communicating direction or position information and command selection to processor 202 and for controlling cursor movement on display 221.
  • a fully-loaded computer may optionally include video, camera, speakers, sound card, and many other conventional options.
  • client 120 can be implemented as any device described above.
  • Such a device does not necessarily include all of the elements and features of the above-described exemplary computer system; however, the functionality of the present invention may nevertheless be implemented with such devices.
  • a communication device 225 is also coupled to bus 201 for accessing remote computers or servers, such as web servers 110 or 140, or other servers via the Internet, for example.
  • the communication device 225 may include a modem, a network interface card, or other well known interface devices, such as those used for interfacing with Ethernet, Token-ring, or other types of networks.
  • the computer system 200 may be coupled to a number of servers 110 via a network infrastructure such as the infrastructure illustrated in Figure 1 and described above.
  • Figure 3a is a block diagram of one embodiment of the invention for identifying the tagging of clients 120 and the potential tracking of the online activity of network users, and for informing users that they are being tracked.
  • browser 330 is used on client 120 and may be any browser described above.
  • Browser 330 supports online activity of the user on client device 120.
  • the online activity may include, but is not limited to, sending requests for web pages or objects to web servers 110 and receiving the requested web pages or objects for browsing.
  • Web server 110 may hold web pages for one or more web sites. (It is customary to place multiple web sites on a single commercial server.)
  • a large web site may be spread over a number of servers in different geographic locations.
  • an IBM web site may consist of thousands of files spread out over many servers in multiple countries.
  • a web site is a related collection of information or web pages owned by an individual, company or organization. For the sake of clarity in explanation, it is assumed that a server holds only one web site and the terms "web site” and "server” are used herein interchangeably.
  • a web page in the Internet-related context is typically a collection of data available on wide area network 130, identified by a Uniform Resource Locator (URL), and stored on one or more servers.
  • the web server may generate web pages and objects dynamically in response to requests from clients 120.
  • Typical pages are written in HyperText Markup Language (HTML).
  • HTML HyperText Markup Language
  • Such pages are often referred to as HTML pages.
  • HTML HyperText Markup Language
  • tracking detection module 320 is a part of browser 330. In alternate embodiments, tracking detection module 320 may be a part of any other software or be a stand alone software application. In one embodiment, all data incoming to browser 330 and outgoing from browser 330 goes through tracking detection module 320. Tracking detection module 320 analyzes the incoming and outgoing data to identify potential tracking of the user's online activity. An indicator of potential tracking is the presence of certain persistent information in the data incoming to or outgoing from browser 330.
  • the persistent information may be a cookie, a text file, a persistent XML, or any other form of persistent information that is stored on client device 120 on behalf of server 110 or 140.
  • the persistent information is information that is created by server 110 or 140 and subsequently stored on client device 120.
  • servers 110 or 140 may send to client 120 a code object, such as Java applets, JavaScript or ActiveX, etc., that will execute on client 120, and will create and store persistent information on client 120.
  • the placement of persistent information on client 120 is referred to as "tagging", and is an indication of potential tracking of the online activity of client 120 by a server.
  • tracking detection module 320 finds the persistent information, it then may invoke tracking indicator 340 which notifies the user of the potential tracking.
  • tracking indicator 340 is an independent module. In alternate embodiments, tracking indicator 340 may be a part of browser 330, a part of tracking detection module 320, or a part of any other software.
  • tracking indicator 340 displays a message or a graphic indication on the display screen of client 120.
  • the display screen may include one or more browser windows.
  • the message is displayed on a toolbar in a browser window, (e.g. by flashing a toolbar icon).
  • the message does not require a response from the user (unlike a dialog box). Instead, the message warns the user in a friendly manner without interfering with the user's online activity.
  • the message may include a warning, an indication of the type of tracking (single or multi-site), the name of a source of potential tracking, the name of a web site at which the user was tracked, or any combination of this information. It will be recognized by one of ordinary skill in the art that any other relevant information may be included in the message without loss of generality.
  • tracking detection module 320 analyzes data outgoing from browser 330.
  • browser 330 may send a user request for a web page to server 110.
  • the user request may include persistent information (e.g. cookies) which has been created by server 110 (or another server in the same domain) and stored on user device 120.
  • Tracking detection module 320 identifies the persistent information in the user request and invokes tracking indicator 340 which notifies the user in the manner described above that server 110 may be tracking the online activity of the user.
  • tracking detection module 320 analyzes data incoming to browser 330. Upon receiving a user request, server 110 sends browser 330 a requested web page. Tracking detection module 320 searches the page for persistent information. It identifies the persistent information and invokes tracking indicator 340 which notifies the user in the manner described above that server 110 may be tracking the online activity of the user.
  • tracking detection module 320 interacts with browser 330 and with other software elements in client 120 instead of analyzing incoming and outgoing data directly.
  • Figure 3d is a block diagram of an embodiment for identifying the tagging of clients 120 and the potential tracking of the online activity of network users, and for informing users that they are being tracked.
  • browser 330 is used on client 120 and may be any browser described above. Browser 330 supports online activity of the user on client device 120.
  • tracking detection module 320 interfaces with browser 330 through API's (Application Programming Interfaces) 350 available from the browser, and also by intercepting some system services calls 360 of the browser.
  • API's Application Programming Interfaces
  • Tracking detection module 320 is made aware, through these interfaces, of actions performed by browser 330 for storage or retrieval of persistent information on client 120, as a result of requests sent to server 110 or 140, or objects received from server 110 or 140. Tracking detection module 320 determines if any of these actions represent tagging and potential tracking of client 120. If it so determines, it invokes tracking indicator 340 which notifies the user in the manner described above that server 110 or 140 may be tracking the online activity of the user. It will be understood by one of ordinary skill in the art that browser 330, tracking detection module 320 and tracking indicator 340 may interact in any manner other than that described above without loss of generality.
  • tracking detection module 320 can identify tracking by multi-site trackers.
  • a multi-site tracker is typically linked to multiple servers 110 in various domains.
  • multi-site trackers 140 typically provide web objects (e.g. banner ads) that are linked to servers 110 in different domains, and, consequently, these trackers are able to track clients 120 as they visit multiple web sites 110 in many different domains (and which are not located in the same domain as the tracking server).
  • web objects e.g. banner ads
  • Figure 3b illustrates an exemplary web page 370 residing on server 110.
  • page 370 is an HTML page.
  • page 370 may be any other page as described above.
  • Page 370 may include references to a variety of objects 372-378.
  • Objects 372-378 may include text, graphic images, advertising images such as banners, or any other objects.
  • Objects 372-378 may reside on the same server as the main page 370 or on any other server.
  • objects 374-378 may reside on various servers 110 in the domain of the URL of web page 370, and object 372 may reside on tracking server 140, which may be in a different domain from servers 110.
  • tracking detection module 320 maintains a record of requested objects and of a main web page with which the objects are associated.
  • one of the requested objects is object 372 (referred to as a "tracking object").
  • tracking server 140 attaches persistent information to object 372 and sends the object with the persistent information to browser 330. Tracking detection module 320 analyzes each object sent to browser 330 and detects persistent information included in tracking object 372.
  • Tracking detection module 320 invokes tracking indicator 340, which then warns the user about this tracking activity, and may specify which web site is tracking the user and at which web site the user was tracked.
  • tracking indicator 340 may notify the user that the web site tracking the user is a multi-site tracker.
  • Figure 3c is a flow diagram of one embodiment for detecting tracking in data incoming to a client device.
  • a web page from server 110 is received.
  • the web page includes one or more objects referred to tracking server 140.
  • each of these objects is analyzed to identify persistent information included by server 140. Further, the persistent information is detected, and at processing block 358, the user is notified that tracking server 140 may be tracking the online activity of the user.
  • tracking detection module 320 provides the user with an option to restrict or block the tracking activity of a server. In one embodiment, if the user decides to block tracking of a selected server 110 or 140, persistent information created by server 110 or 140 is erased from user device 120, which prevents the server from identifying the user in subsequent activity. In addition, the user may be provided with an option to retain the persistent information till the end of a session, and only then erase it. This will allow the user to browse sites that require cookies for their correct operation, and still prevent them from associating different browsing sessions with the same user.
  • tracking detection module 320 or another component of the invention, will prevent user device 120 from sending this persistent information back to the server, which will also prevent server 140 from identifying the user.
  • blocking of the tracking activity may be specified on a per-site or domain basis.
  • the user may request that all multi- site trackers be blocked, that all tracking be blocked for all sites, or for all sites except specified sites.
  • tracking detection module 320 may create a new mailbox for the user, that is dedicated for use with this server only, and is not used for any other communication with the user.
  • the email address cannot be used to correlate the user with activities he or she performed at other web sites, as they were done with different email addresses.
  • Figure 4 illustrates a block diagram of an embodiment for restricting tracking of an online activity of a user over a network.
  • the privacy of the user is enhanced by associating the user with a multiplicity of roles.
  • the user's online activity is separated according to a set of "roles".
  • Each role may be associated with a particular set of topics and areas of interest.
  • Each role is also associated with user privacy preferences, and with a set of user identifying information including personal details, such as a name, address, e-mail address, credit card, etc.
  • personal details such as a name, address, e-mail address, credit card, etc.
  • a manager in a car manufacturing company performs Internet activities related to the auto industry, and specifies his business address and company credit card.
  • the same manager accesses web sites relating to golf or fishing, and specifies his home address and his personal credit card.
  • the user accesses health and medical information, etc. Under this role, he may specify no name and address at all, or perhaps use fictitious name and address.
  • the user appears as a different entity (user) to the Internet.
  • a separate set of persistent information e.g. cookies
  • tracking server 140 cannot collect a comprehensive profile of the user's web-surfing habits, as it cannot correlate activities performed under one role with activities the same user performed under another role.
  • a separate mailbox with a unique e-mail address may be established by the role manager for use with each role, in order to prevent trackers from associating the user with his or her online activities performed under different roles.
  • other unique information items such as credit card number
  • role manager 420 associates the user with a plurality of roles. For each active browser window, role manager 420 sets the "active" role, and provides the user with a textual or graphic indication of the active role. In one embodiment, if several browser windows are open, each window may have a different active role. Alternatively, several windows may be under the same active role In either embodiment, the active role for a given window may be changed by the user at will, or it may be changed automatically by role manager 420 as the user browses another site.
  • role manager 420 analyzes data incoming to and outgoing from browser 330 and automatically sets the "active" role of the browser window.
  • the setting may be based on a topic associated with a web page requested by the user, or on other criteria.
  • role manager 420 sets the user's current role based on an explicit command from the user. That is, the user may specifically identify the role that should be associated with the user's current online activity. For example, a manager in a car manufacturing company may specify that his current online activity must be associated with his "manager" role. Some time later (or at the same time but through a different browser window), the manager may want to have his online activity to be associated with his "hobby" role.
  • Cookie manager 440 maintains multiple sets of persistent information, such that each role has a separate set of persistent information (sometimes referred to as a "cookie jar” or “cookie set”) associated with it. Whenever role manager 420 sets an active role for a browser window, it instructs cookie manager 440 to activate the relevant cookie set for that window.
  • cookie manager 440 retrieves persistent information that needs to be included in a user request from a cookie set which is associated with the current role. In addition, cookie manager 440 takes care of storing persistent information from incoming web pages and objects in the corresponding cookie set. As a result, persistent information that has been stored on behalf of a server
  • role manager 420 may verify that the user has not manually sent identifying information relating to role A when he is assuming role B.
  • cookie manager 440 is a part of browser 330. In alternate embodiments, cookie manager 440 is a part of role manager 420, a stand-alone software application, or a part of any other software. Role manager 420 may also be an independent application or a part of another application. It should be understood by one of ordinary skill in the art that any function described herein can be performed by any software application or module described herein without loss of generality.
  • FIG. 5 is a flow diagram of one embodiment for controlling and restricting tracking of user's online activity over a network.
  • a user is associated with a plurality of roles. As described above, each role corresponds to a set of topics or areas of interest and is associated with a set of user identifying information.
  • the user online activity is configured differently depending on one of the plurality of roles. That is, each role is associated with a separate cookie set. In one embodiment, when more than one browser window is active, each browser window may correspond to a separate active role. Alternatively, more than one active browser window may be associated with a single active role.
  • an active role is set for the current online activity of the user. As described above, the setting is done either automatically or according to a user request.
  • Figure 6a illustrates one embodiment, in which cookie manager
  • cookie manager 440 performs the actual storing and retrieving of persistent information on behalf of browser 330.
  • browser 330 may send this information to cookie manager 440 with the request to store it.
  • This request may include information about the main URL (the "skeleton page") and tracking URL.
  • the information about the main URL is also sent to role manager 420 which identifies the current role of the user and informs cookie manager 440 which cookie set is associated with this role.
  • Cookie manager 440 uses this cookie set to store persistent information of all objects related to the main web page.
  • cookie manager 440 stores in this cookie set information identifying a web site associated with the main URL.
  • records maintained by cookie manager 440 that identify relationship between the tracking URL and the main URLs are used to specify to the user a list of web sites at which the user has been tracked, and the identity of the tracking site.
  • Figure 6b illustrates another embodiment for storing and retrieving persistent information.
  • cookie manager 440 performs control actions on the file system of client 120 each time a role is changed, in such a manner that browser 330 accesses the "correct" cookie set automatically.
  • Figure 6c illustrates a third embodiment for storing and retrieving persistent information.
  • cookie manager 440 does not directly communicate with browser 330.
  • cookie manager 440 intercepts the web pages and objects arriving from remote servers, identifies persistent information included with these objects, and stores this persistent information in the cookie set associated with the active role.
  • cookie manager 440 intercepts requests sent by browser 330 to the server and analyzes the request to identify persistent information included in the request. Subsequently, the cookie manager replaces this persistent information with another persistent information, retrieved from a cookie set associated with an active role of the user in the same manner as described above. The request with the new persistent information is then sent to the server.

Abstract

L'invention concerne un procédé et un appareil de commande de suivi des activités en réseau. Dans l'un des modes de réalisation, l'identification d'un dispositif d'accès au réseau et le suivi potentiel des activités en ligne d'un utilisateur sont identifiés. En outre, l'utilisateur est avisé qu'il est suivi dans ses activités. Dans un autre mode de réalisation, l'étendue du suivi est restreinte jusqu'à la capacité d'empêcher complètement le suivi des activités en ligne de l'utilisateur.
PCT/US2001/003281 2000-02-01 2001-01-31 Procede et appareil de commande de suivi des activites en reseaux WO2001057615A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001238010A AU2001238010A1 (en) 2000-02-01 2001-01-31 Method and apparatus for controlling tracking activities on networks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US49598100A 2000-02-01 2000-02-01
US09/495,981 2000-02-01

Publications (2)

Publication Number Publication Date
WO2001057615A2 true WO2001057615A2 (fr) 2001-08-09
WO2001057615A3 WO2001057615A3 (fr) 2002-03-07

Family

ID=23970759

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/003281 WO2001057615A2 (fr) 2000-02-01 2001-01-31 Procede et appareil de commande de suivi des activites en reseaux

Country Status (2)

Country Link
AU (1) AU2001238010A1 (fr)
WO (1) WO2001057615A2 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2364408A (en) * 1999-12-14 2002-01-23 Ibm Web browser cookie management
EP1546900A1 (fr) * 2002-09-30 2005-06-29 Samsung Electronics Co., Ltd. Systeme d'acces au reseau, procede de securisation du systeme, et support de stockage de donnees pouvant etre lu par le systeme
WO2005099225A1 (fr) * 2004-04-02 2005-10-20 Netiq Systemes et procedes pour le suivi d'activite sur le web
EP1783634A1 (fr) * 2005-11-02 2007-05-09 Sap Ag Méthode et procédé pour la gestion et/ou l'extraction de données relatives à un utilisateur
US8818959B2 (en) 2008-12-02 2014-08-26 Adobe Systems Incorporated Virtual embedding of files in documents
US9448976B2 (en) 2008-05-20 2016-09-20 Adobe Systems Incorporated Package file presentation including reference content

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5966705A (en) * 1997-06-30 1999-10-12 Microsoft Corporation Tracking a user across both secure and non-secure areas on the Internet, wherein the users is initially tracked using a globally unique identifier
US6006197A (en) * 1998-04-20 1999-12-21 Straightup Software, Inc. System and method for assessing effectiveness of internet marketing campaign
US6018619A (en) * 1996-05-24 2000-01-25 Microsoft Corporation Method, system and apparatus for client-side usage tracking of information server systems
US6073241A (en) * 1996-08-29 2000-06-06 C/Net, Inc. Apparatus and method for tracking world wide web browser requests across distinct domains using persistent client-side state
US6085242A (en) * 1999-01-05 2000-07-04 Chandra; Rohit Method for managing a repository of user information using a personalized uniform locator
US6112240A (en) * 1997-09-03 2000-08-29 International Business Machines Corporation Web site client information tracker
US6138155A (en) * 1997-03-21 2000-10-24 Davis; Owen Method and apparatus for tracking client interaction with a network resource and creating client profiles and resource database

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6018619A (en) * 1996-05-24 2000-01-25 Microsoft Corporation Method, system and apparatus for client-side usage tracking of information server systems
US6073241A (en) * 1996-08-29 2000-06-06 C/Net, Inc. Apparatus and method for tracking world wide web browser requests across distinct domains using persistent client-side state
US6138155A (en) * 1997-03-21 2000-10-24 Davis; Owen Method and apparatus for tracking client interaction with a network resource and creating client profiles and resource database
US5966705A (en) * 1997-06-30 1999-10-12 Microsoft Corporation Tracking a user across both secure and non-secure areas on the Internet, wherein the users is initially tracked using a globally unique identifier
US6112240A (en) * 1997-09-03 2000-08-29 International Business Machines Corporation Web site client information tracker
US6006197A (en) * 1998-04-20 1999-12-21 Straightup Software, Inc. System and method for assessing effectiveness of internet marketing campaign
US6085242A (en) * 1999-01-05 2000-07-04 Chandra; Rohit Method for managing a repository of user information using a personalized uniform locator

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2364408B (en) * 1999-12-14 2003-11-19 Ibm Web browser cookie management
GB2364408A (en) * 1999-12-14 2002-01-23 Ibm Web browser cookie management
EP1546900A4 (fr) * 2002-09-30 2010-01-27 Samsung Electronics Co Ltd Systeme d'acces au reseau, procede de securisation du systeme, et support de stockage de donnees pouvant etre lu par le systeme
EP1546900A1 (fr) * 2002-09-30 2005-06-29 Samsung Electronics Co., Ltd. Systeme d'acces au reseau, procede de securisation du systeme, et support de stockage de donnees pouvant etre lu par le systeme
WO2005099225A1 (fr) * 2004-04-02 2005-10-20 Netiq Systemes et procedes pour le suivi d'activite sur le web
EP2000928A1 (fr) 2004-04-02 2008-12-10 WebTrends, Inc. Systèmes et procédés de suivi d'activité sur le Web
AU2005232076B2 (en) * 2004-04-02 2010-03-18 Webtrends, Inc. Systems and methods for tracking web activity
US7792954B2 (en) 2004-04-02 2010-09-07 Webtrends, Inc. Systems and methods for tracking web activity
US8024463B2 (en) 2004-04-02 2011-09-20 Webtrends, Inc. Systems and methods for tracking web activity
US8127007B2 (en) 2004-04-02 2012-02-28 Webtrends, Inc. Systems and methods for tracking web activity
EP1783634A1 (fr) * 2005-11-02 2007-05-09 Sap Ag Méthode et procédé pour la gestion et/ou l'extraction de données relatives à un utilisateur
US9448976B2 (en) 2008-05-20 2016-09-20 Adobe Systems Incorporated Package file presentation including reference content
US8818959B2 (en) 2008-12-02 2014-08-26 Adobe Systems Incorporated Virtual embedding of files in documents
US10025761B2 (en) 2008-12-02 2018-07-17 Adobe Systems Incorporated Virtual embedding of files in documents

Also Published As

Publication number Publication date
AU2001238010A1 (en) 2001-08-14
WO2001057615A3 (fr) 2002-03-07

Similar Documents

Publication Publication Date Title
US7219139B2 (en) System and method for using continuous messaging units in a network architecture
US10861047B2 (en) Systems and methods for accessing first party cookies
US6968507B2 (en) Method and apparatus for defeating a mechanism that blocks windows
US7240110B2 (en) Internet service error tracking
US6442577B1 (en) Method and apparatus for dynamically forming customized web pages for web sites
US7162739B2 (en) Method and apparatus for blocking unwanted windows
US8700603B2 (en) Computerized system and method for advanced advertising
US6983311B1 (en) Access to internet search capabilities
US7624351B2 (en) Methods and apparatus for controlling a plurality of applications
US6871213B1 (en) System and method for web co-navigation with dynamic content including incorporation of business rule into web document
US6999987B1 (en) Screening and survey selection system and method of operating the same
US6847992B1 (en) Data pass-through to sponsors
CA2299773C (fr) Surveillance de l'utilisation d'internet par un particulier
US20020059369A1 (en) Method and apparatus for creating and distributing non-sensitized information summaries to users
US20110041168A1 (en) Systems and methods for targeting online advertisements using data derived from social networks
US6832240B1 (en) Method, system, and program for connecting to an electronic commerce web site
US7020690B1 (en) Inactivity timer for an internet client
US20020112048A1 (en) System and method for providing behavioral information of a user accessing on-line resources
WO2000075850A2 (fr) Surveillance des activités internet d'un utilisateur
JPH11312190A (ja) 商品情報表示方法
JP2009527032A (ja) ウェブブラウザが望ましくないソースからのコンテンツをロードするのを防止すること
KR20050010829A (ko) 컴퓨터 시스템에서 메시지를 디스플레이하기 위한 방법 및장치
WO2006132834A1 (fr) Architecture de base de donnees en temps reel
WO2001050299A2 (fr) Systeme et procede pour la divulgation incrementielle d'informations personnelles a des fournisseurs de contenus
WO2001057615A2 (fr) Procede et appareil de commande de suivi des activites en reseaux

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION PURSUANT TO RULE 69 EPC (EPO FORM 1205A OF 261102)

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP