Transaction system for business and social networking
A wireless face-to-face bilateral communication method between at least two users of a service provider, each having a token device, and at least one having a user-defined profile, comprising: between a sending token device and a receiving token device, transmitting unique electronic transaction tokens between a consenting sending party and a consenting or optionally consenting receiving party wherein said transaction tokens may be used for single use, party-approved after-contact, computer-network facilitated access to each other's profile.
This application is a Continuation-in-Part of U.S. patent application Ser. No. 11/489,435 filed Jul. 20, 2006, and entitled “Electronic Business/Personal Card and Method of Use Thereof,” and claims the priority of U.S. patent application Ser. No. 11/489,435 filed Jul. 20, 2006, and U.S. Provisional Patent Application Ser. No. 60/996,307 filed Nov. 9, 2007, and entitled “A Transaction Token System for Business and Social Networking,” that are incorporated by reference herein in their entirety.FIELD OF THE INVENTION
The present invention relates generally to electronically aided exchange of information between social and business contacts using controlled access technologies, and more particularly, to the use of token authentication to control access to protected information in a contact's profile.BACKGROUND
The traditional way of exchanging information between parties who are in the same physical location is by the physical exchange of business or contact cards. An individual who is actively engaged in any sort of social or business networking will end up being encumbered by numerous business cards carrying no more than names, addresses and phone numbers and no other way of actively assessing the business or social compatibility of the card provider and there is no active tie to the party's online profile.
Where parties are not in the same physical location, on-line dating and social networking constitute internet-facilitated modalities for meeting persons particularly in social engagements.
In on-line dating, members complete user profiles that are kept in a central database. Users can then search the central database to further their social interests. Upon identifying compatible social interests, messages are exchanged via the intermediation of the service provider.
In social-networking services, users fill out profile information that is stored in a central database. Those profiles are associated with other users in an internodal network arrangement where each user is linked to one or more third-parties through another user with which they have a pre-existing personal or business relationship. Users employ various search criteria to identify a subset of other users whom they may be interested in meeting and are allowed to contact or view the profiles of other users.
The key limitation of both on-line dating and social networking services is that both are online dominated and do not easily tie in to a user's day to day interaction with the offline universe. In other words, cyber world contact precedes real world contact and there is always the danger that the cyber profile is overly embellished and at marked variance with the real world person.
U.S. Patent Application 20050174975 deals with a wireless communication methodology wherein real world contact coincides with cyber world contact whereby a user may access information about a specific unknown person in their general location in order to decide whether potential compatibilities (either business or personal) may exist between them. In the '975 patent application, a methodology is described whereby a user broadcasts a search for compatible social or business interests in their general physical vicinity, receives and electronically reviews information about a potential contact within his/her vicinity and initiates contact by sending the user's profile back to the potential contact, whereupon it is hoped that real world contact will then ensue. The drawback to this system is that the user spends their time broadcasting and sifting through a myriad of online social protocols, using intelligent devices having image and data display capabilities rather than spending valuable time making the far more profitable flesh to flesh contact.
There is therefore a need for a wireless internet-facilitated networking device and methods of use thereof wherein the real world contact precedes cyber world contact in both social and business intercourse. For socially or professionally active individuals who meet other social or business interests all the time, exchange of cards is often the most convenient way to perpetuate that contact. Even then, business cards as it were, carry very little information, often have no pictures, and remain bland and faceless long after the contact has faded from memory. In social situations in particular, cards are not often available resulting in the inconvenience of locating pen and paper or such. Further, there is often the need to revisit and reassess the social or business compatibility of a contact in a more dynamical setting.
Many electronically aided exchange of information between two previously unknown social or business contacts tend to be too device-dominated in that valuable face to face time is lost viewing and classifying information downloaded on the electronic device. Often, there also exists a need post-contact to further explore the contact in relative anonymity before deciding to share private as opposed to public data.
Nor is social or business contact necessarily limited to natural persons. In bilateral exchange of information facilitated by electronic means, one of the parties could very much be an establishment, such as a government, hospital, or business or event organizer where such electronically aided exchange of information may be used to further a business purpose.
Authentication tokens have been used to promote relatively quick access to secured data and other resources. Physical tokens include objects that are read by an access control device to determine whether a user presenting the token should be given access. As the token holder approaches or otherwise submits the token, the access control device interrogates the token to make the determination.
Tokens of varying costs and complexity have been developed. For instance, tokens routinely incorporate cryptographic mechanisms for authentication. Encrypted codes are commonly stored within token memory for eventual decryption by the access device. To this end, tokens additionally rely on dedicated processors and/or memory for use during authentication. Though not necessarily used for authentication, tokens additionally include a set of generally unalterable data that is set by manufacturers. Such data includes serial numbers, manufacturer identifier data, time of manufacture, and/or other manufacturer controlled information used for inventory, quality control and other accounting purposes.
Bilateral, per transaction, exchange of electronic or digital tokens between persons (natural, business or premises) desiring to further their contact will provide some measure of convenience and security in accessing each other's secured profile in a virtual environment and afford the persons opportunity to further their contact in a real world if mutuality exists.SUMMARY OF THE INVENTION
Embodiments of the present invention include a wireless device and a per transaction token based system for business and social networking by natural persons or businesses, in which actual contact precedes bilateral (or one way) exchange of tokens for after-contact, computer network facilitated access to each other's user profile, which may include user-defined data, to be followed, optionally by further exchange of private data. Private data as used herein refers to any information, such as profile identification, phone number, Internet address, contact information, financial information, or medical information, which may allow perpetuation of that contact outside the virtual token-enabled environment. As used herein, per transaction token is taken to mean that the token is a disposable, single-use token. In one embodiment, the token may be of finite use rather than a single use, wherein the token may be set to expire over time or may be set to expire after a defined incremental use.
In one embodiment, the present invention includes a wireless face-to-face, bilateral communication method comprising a one-to-one exchange of transaction tokens between at least one sending party and at least one receiving party who are both registered users of a service provider. As used herein, device refers to any wireless electronic token device of the present invention. Where carried by a natural person, said device may be any portable electronic device that is capable of transmitting and/or receiving transaction tokens. In the case of businesses, a token device may be stationary, preferably desktop device, which can communicate with an individual's portable device. Additionally, the information exchange transmission may be an intended transmission without the need for face-to-face proximity of one or more previously unknown or unconnected parties.
In another embodiment, client, a service provider's subscriber, provides credentials (e.g., username and password) for tokens to be preloaded to client's device. Upon verification of the credentials, the service provider issues to the client a plurality of digital transaction tokens. Each digital transaction token may be configured to provide proof of the client's authorization for a social or business contact or to a business premise, such as an event organizer, club house, and/or hospital, to access the corresponding client's profile.
In one implementation, the plurality of transaction tokens may include an authentication token that is configured to provide proof of identity at the service provider's portal and which may be provided by the client to the service provider to obtain additional transaction tokens without requiring the client to resubmit credentials. An application on a client device receives and loads the transaction tokens.
In one implementation, a network server generates the transaction tokens and provides the tokens to a client's device. The transaction token may be provided by the server as part of the code comprising a profile page.
The authentication module authenticates the client's token and returns to the requestor client, a user reply, at the option of the requestee, in the form of a profile of requestee client. In one embodiment, the authentication module verifies that the token is being submitted by a valid user; that the received token being submitted belongs to a valid requestee and that the token is still valid, etc—and then with permission of the requestee discloses the requestee's profile to whatever granular detail desired by the requestee. Additionally, the authentication module may watch for the other part of the transaction pair, i.e., the user submitting the token, should also have the mirror of the other user submitting his/her token to start the reciprocal to the transaction.
Upon encountering a potential social or business contact, exchange of transaction token takes place between the service clients. Preferably, the token exchange is at least a two-way exchange; however, the token exchange may be one way only, i.e., one client offers his/her token to another client, while the other client does not reciprocate with his/her token. Subsequently, the token device application may send a profile request to a service provider's network server. The profile request may include the transaction token optionally embedded in the profile page code of the requesting client rather than delivering the token separately. The server receives the profile request, determines whether the associated token is valid, and processes the request and informs the other party that a reply profile is needed. In the preferred embodiment, the exchange between users is accomplished with only click or button activation.
In one embodiment, the transaction token is embedded in profile page code provided in a profile response. When the profile page code is received and loaded by the browser application, the transaction token is loaded by the browser as well. Thus, the transaction token is optionally maintained in the code of the profile page rather than delivered separately. Once the profile page and token are loaded, the browser application may generate a profile request in response to receiving further user input. The browser application then includes the authentication token from the profile page code in the subsequent profile request.
In yet another embodiment, once the token device has received one or more tokens, typically at the end of the networking event, the client-subscriber or user uploads these tokens to a data server computer system using any suitable means of data communication such as cradles, Bluetooth, or WiFi. In a preferred embodiment, uploading to an Internet-connected computer is done via a universal serial bus (USB) interface on the wireless device In another embodiment, uploading may be done via a wireless communication to the Internet.
In one embodiment, the tokens stored in a receiver's wired or wireless token device may be uploaded to a central service which may include a website, a database and one or many servers. In another embodiment, the user who has uploaded the tokens to the data server logs into a world wide web-interface that allows them to classify their received profiles according to type, group, interest, and/or some other classification. Since the received profile(s) belongs to another registered user of the system, a picture and other general information, excluding private data, may be available to refresh the user's memory of the networking encounter and to determine what the levels of interaction should be. In a preferred embodiment, users may have the ability to determine the granulation of their profile that may be seen by other users, and to set the available channels for future communication, e.g., instant message, email, video teleconference (VTC), phone, gaming, collaboration and/or voicemail, or none at all.
Alternate embodiments include the cases where: 1) user's device communicates with the server via a cable, cradle, or other physical connection to a PC or other electronic apparatus which can relay tokens or other information to the server; or 2) through any form of wireless connection, such as Bluetooth Wi-Fi or 802.11, which may relay the tokens or other information either directly or through some intermediary (e.g., a cellular network or PC) to the server.
It is also an object of the invention to allow users in a business networking contact to classify or characterize the relationship, such that other service-subscriber contacts can electronically access at the option of the subscriber their business contact information, business resume, associates, vendors, product literature, pictures, and so on.
In one embodiment of the invention, an events organizer or business establishment can use a stationary version of this device to gather and store transaction tokens of attendee-subscribers of the event, upload the tokens and have a list of prospects to communicate relevant news and offerings or other information relevant to the event, including confirming the identity of the attendee. In a social networking embodiment, a list of locations frequented or patronized or groups joined may be dynamically visible to one's circle of online friends. Related online profile information may be such things as name, age, phone numbers, email address, zip codes of residence, activity, interests, blogs, photos, etc., depending on the nature and the type of the online community or application being used.
In another embodiment of the invention, facility managers can use stationary versions of the device to register the user's attendance or interest in a particular product or service or display. In that way, a business invitee can leave the location with tokens that allow access to more information and the business establishment has acquired transaction tokens from an inquiry and prospective client.
Similarly, in another embodiment, the stationary version of the token-device may be built into a radio or television receiver, such that when a user sends a token using a portable transaction token device, the user receives a token from the token-transmitting-enabled radio, which is linked within a service provider's database to communicate a particular point in the broadcast programming, for later retrieval by the user online. In this embodiment, it is contemplated that one of the data objects stored in the service provider's database is a time and date stamp for linking the transmitted token to a particular point in the broadcast
In another embodiment, the sender and receiver's wireless devices exchange transaction tokens using a first local wireless protocol, and the uploading wireless device and a remote web-connected computer are coupled together over a second wireless network.
In yet another embodiment, the present invention includes a computer system coupled to a network, the computer system including software for performing a method comprising storing a plurality of transaction tokens, storing profiles for one or more user-subscribers, associating the transaction tokens with the profile, receiving per-transaction access tokens from a wireless device via a computer interface and accessing the profile associated with the one or more transaction tokens. In one embodiment, the transaction tokens and profiles are stored in a database accessible over the Internet.
In another embodiment, accessing the profile comprises generating a query to a database using the transaction tokens and retrieving information associated with the transaction tokens either in response to the query, or in a preferred embodiment, upon further action by the requestee client.
In yet another embodiment, the present invention includes a wireless token device comprising an external case housing a power supply, a USB interface, a narrow-beam send/receive hardware component, a transmit button, one or more confirmation light-emitting diodes (LEDs), processor, memory, USB transaction software, selector switch, a token counter and internal clock/calendar. In other embodiments, the device is embedded in a watch, a broach, a pendant, a necklace, a ring, an earring, an article of clothing, a clothing label, a wallet or a key-chain. In other embodiments, the device is integrated into a smart card or the like.
The wireless token device of the present invention can be of multiple forms including ones with only the discrete functionality of the present invention, or integrated into or with other devices such as cell-phones, PDA's or music players either through embedded hardware or as a software application. In addition, the devices can have the capability to act as both “sender” and “recipient” (for users interested in sending and receiving tokens), to act only as a sender (for users not interested in receiving tokens) or to act only as a recipient (for users who are interested in receiving tokens). Additionally, particularly in the case of a recipient-only device, one embodiment of the present invention provides that the form-factor can be such that the device appears as a piece of jewelry such as a broach, pendant, ring, earring, or as a clothing label, a key-chain, integrated into a credit-card form-factor, integrated into clothing itself or as some other fashion statement which can be both aesthetically pleasing and alert others that a person is a user of the system.
Additional embodiments of the present invention also include medical applications where a user's online profile may contain medical or other information that may be accessed by a doctor, pharmacist, emergency services technician or other health care provider. Yet another embodiment of the present invention includes software, which can be downloaded into an existing platform to enable it to practice the present invention and perform in the techniques described herein. Thus, in the one case, the user's medical information is stored as their profile and the medical facilities are given granted access by user-initiated exchange of transaction tokens. In another case, the transaction tokens give the medical unit confirmation of identity within their internal data system.
Yet another embodiment of the present invention is the use of the transaction-token system by a retailer/business premises for targeted marketing whereby incentives, loyalty tracking and rewards management, coupons, referrals, ratings etc are part of the retailer's application interface and the consumer's user profile. Accordingly, in the token-enabled virtual environment, the business client always retains the ability to sever the business relationship or control the private information available to the business.
Embodiments of the present invention also include any and all business methods for generating revenue and income through the sales of hardware, software and services that include one or more embodiments of the invention described herein. These include (a) selling software for use on an existing hardware platform to enable the invention, (b) the sale of hardware (including jewelry or other form factors) to enable the invention, (c) charging users on an annual, monthly or per-message basis for use of the service/invention, and (d) a third party receiving links, advertorial content, or other business value in exchange for sponsoring mobile token devices or associated profile services for users. These business methods also include the ability to charge or reward users for the exchange of messages or information processed through one or many central servers based on tokens exchanged earlier between devices as described above. Users of the device and service (i.e., senders, recipients, or both), may include individuals, businesses, not-for-profit organizations, advertisers, political action groups, or any other organization.
A preferred embodiment of the present invention may also include (e.g., as part of the server) a web-based user interface for registration, and token and profile information management. Information managed by users through this interface may include, but is not limited to, the unique identifier (ID) of their mobile device, their name, address, billing information (if applicable), username, profile information, photo, preferences and names of friends. The user interface may also function as a messaging center in which the user can keep track of messages sent or received as well as the profiles that they have been viewed.
Additional embodiments will be evident from the following detailed description and accompanying drawings, which provide a better understanding of the nature and advantages of the present invention.
For the purpose of illustrating the invention, the drawings show aspects of one or more embodiments of the invention. However, it should be understood that the present invention is not limited to the precise arrangements and instrumentalities shown in the drawings, wherein:
In the following description, for purposes of explanation, specific details are set forth in order to provide a thorough understanding of different aspects of the present invention. It will be evident, however, to one skilled in the art that the present invention as defined by the claims may include some or all of the features or embodiments herein described and may further include obvious modifications and equivalents of the features and concepts described herein.
Embodiments of the present invention use wireless protocols and networks for implementing novel methods and algorithms that obviate the need for non-electronic business and contact cards and allow users to liberally, confidently, and anonymously distribute and gather per-transaction access tokens for use in later classifying and perpetuating the contact at the option of the user-subscriber. Additionally, the per transaction token offers a severability function that allows users to confidently qualify their contacts in a virtual environment and then decide whether to continue or terminate the exchange by denying or granting privileges to real-world contact information.
As used herein, profile refers to any information or resource about the user-subscriber and includes a wide range of resources (e.g., services and content) via a network. For example, profiles may include, but are not limited to, web pages, contact information, schedules, links, friends, activities, social affiliation, feeds, blogs and any combinations thereof. Additionally, profiles may contain tools that allow users to engage in communications via email or instant messaging, photos, use applications, and so forth. In a business setting, profiles may also include, but are not limited to, purchase history, interests, receipts, loyalty points, coupons, referrals, business or system ratings that allow a receiver to make decisions about a product or vendor based on transaction feedback or other system metrics, and so on. In a preferred embodiment, profiles may simply be access means to other communication channels, public or private, or access to health or financial information.
In the case of a business, a profile may include any business or marketing communication, such as product description, business resume, video clip, coupons, receipts, targeted advertisement, event promotion, targeted solicitation, and the like. A profile may be completely virtual in the sense that nothing in the profile bears the real identity of the profile owner. This feature allows the contacts to communicate in virtual anonymity and decide whether there is mutual need to perpetuate the contact by exchanging a real profile, such as a profile that contains private data. Alternatively, at least one contact may have a virtual profile while another contact may have a real (or non-virtual) profile.
The token device may be configured in a variety of ways for accessing the service provider's network. For example, one or more of the token devices may be configured as a computing device, such as a desktop computer, a mobile station, an entertainment appliance, a set-top box that is communicatively coupled to a display device, a wireless phone, a game console, and so forth. Thus, the token device may range from full resource devices that have substantial memory and processor resources (e.g., personal computers, game consoles) to low-resource devices that have limited memory and/or processing resources (e.g., traditional set-top boxes, hand-held game consoles, key fobs). Preferably, the portable token device (e.g., token devices 210A and 210B of
The system may include one or a plurality of application modules providing for instance, the ability of the users to switch over from a virtual environment to another communication channel. Application modules are executable to provide a variety of functionality to respective clients. For example, one or more of application modules may be configured to send and receive email. In yet another example, one or more of application modules may be configured to send and receive instant messages. And in yet another example, the system may allow a token to pass over an established communication channel, such as email, text messaging, web interface, and/or phone, so as to allow the users to reconnect in another communication channel via the token environment.
Additionally, a wide range of functionality may be made available to clients from one or more service providers as part of their profile. The resources, for instance, may be configured as a variety of content, such as web pages, music, video, images, user forums, templates, add-ins, web logs (i.e., blogs), and so forth. Further, service providers may provide resources which are services, such as instant messaging service, email service, financial service, collaboration environments and so forth. For example, plurality of services may include a web search service (e.g., a search engine) that is provided to search the Internet, an email service that is provided to send and receive email, an instant messaging service that is provided to send instant messages between the clients, and so on.
In one embodiment, a client executes an application module, which generates a request to an authentication server. The request may be configured to seek authentication and a plurality of transaction tokens. The authentication service authenticates the request using credentials of the user. The authentication service, in response to the request, provides the user with one or more single use transaction tokens, each of which may then be transmitted to a social or business contact for use for party-approved access to the client's corresponding user profile. In the preferred embodiment of the stationary token device that is located in a business/premises with which a business invitee exchanges tokens, the stationary device is expected to maintain a live connection to the service provider database that then returns the identity, perhaps a picture, for two-factor security and an approval code of some kind.
One embodiment of this invention uses a token that requires a one-time transaction encryption. A one-time transaction algorithm generates a password that can be used once only to authenticate a request for the other party's profile. In another embodiment, passwords, user names, and/or other data is used in addition to the device ID, such as serial number or manufacturer ID, as controlled information for realizing token authentication. In one such embodiment, the password is stored in the token and is automatically transmitted to the token device, possibly along with the user ID.
In the preferred embodiment, a given token can be passed once only so as to protect the authenticity of the exchange. To preserve transaction token uniqueness, the token generation server may keep a record of tokens as they are issued to users and as they are returned by contacts with whom they are exchanged. As tokens are submitted with request profiles, the authentication server is then able to (1) ensure that the given token is valid and (2) ensure that the token has not been previously uploaded.
The authentication service may comprise an authentication module and a service module. Authentication module is representative of functionality which may be utilized in order to authenticate a client, which may include verification of client credentials. Authentication module may also comprise client credentials that correspond to respective clients. Client credentials may be used to verify that the clients “are who they say they are” or in other words authenticate the client's identity. The client credentials, for example, may be a user name and password that is supplied by the client. Other client credentials are also contemplated, such as a shared secret, biometric, an encryption key and so forth.
A profile module comprises the functionality that may be utilized to determine profile granulation and which granulated profile a client-contact having the requestee's token is authorized to access. For instance, a profile module of an authentication service may be configured to generate reply profiles that grant access to or re-direct the other party to another communication channel. See
Naturally, functionality for authentication, token issuance, profile generation, and so forth may be divided differently among various modules of authentication service in different implementations without departing from the spirit and scope thereof.
Generally, any of the functions described herein can be implemented using software, firmware (e.g., fixed logic circuitry), manual processing, and any combinations thereof. The terms “module,” “functionality,” and “logic” as used herein generally represent software, firmware, or a combination of software and firmware. In the case of a software implementation, the module, functionality, or logic represents program code that performs specified tasks when executed on a processor (e.g., central processing unit (CPU) or CPUs). The program code can be stored in one or more computer readable memory devices. The features of the transaction token techniques herein described are platform-independent, meaning that the techniques may be implemented on a variety of commercial computing platforms having a variety of processors.
Regarding implementation, the authentication module, when executed on a processor of server, authenticates an authentication request that is sent by a client seeking transaction tokens. For instance, authentication of a request may include accessing and verifying the true use of client credentials. The plurality of client credentials corresponding to a plurality of clients are maintained in storage of memory provided on the server. It is noted that credentials may be maintained on another server of the authentication service or otherwise located remotely in storage. The credentials that are located remotely may be accessible via network.
Credentials indicated in the authentication request may be checked against credentials stored by the authentication service to authenticate the request. In general, credentials are verified by comparing credential information (e.g., name and password) that is provided by the client with client credentials that are accessible to the authentication service (e.g., stored in memory). Client credentials may be verified using numerous authentication schemes, such as by challenge/response, digest, negotiate, NT LAN Manager (NTLM), kerberos, basic (clear text), and so forth. This may include transferring credentials (e.g., clear text) between client and server via the network. Alternatively, a scheme in which user credentials are not sent over the network (e.g., challenge/response) may be used for enhanced security.
Once the authentication request, preferably configured to seek multiple transaction tokens, is authenticated, authentication service is further configured in order to generate a response that corresponds to the request for communication to the client. In particular, the responses are configured to deliver a plurality of transaction tokens in a single request and response round trip between a client and an authentication server. In other words, a plurality of transaction tokens may be obtained in a single transaction.
Naturally, the set of tokens that are requested and received may be configured in a variety of ways. The set of tokens requested and received in a transaction may be specified by default, for instance, in the default configuration of an application module. Further, an option may be provided to a client for specifying which tokens to obtain in an authentication transaction, e.g., one requiring input from requestee before a reply profile is sent, one that sends a reply profile automatically without further input from the user, and/or a token that degrades over time. Accordingly, the token device may optionally contain a switch to select which type of token is to be delivered on a given occasion.
In the face to face interaction, one embodiment of the token process flow in
The last portion of the token flow process under one embodiment would be where the users process the relationship connection between them by the system verifying the authenticity of the two-way exchange (Step 511), then the person to person approval of the connection (Step 512) and then the ongoing communication that may occur (Step 513). In a secure connection the final step with the token server would be to deactivate the particular tokens (Step 514) as a method for ensuring that each transaction is unique in the token address space.
The token device can have various other components including, for example, a processor 238, biometric components 240, and a power source 242. Processor 238 may be any controller, microcontroller, or DSP device. Biometric components 240 may include, for example, fingerprinting, a breath analyzer, and/or a retina scanner. The portable token device can be in the form of a USB device, a Smart Card, or other easily portable small embedded device. In general, the portable token device, as opposed to a premises/retailer desk-top token device, may operate without a keyboard, a display screen, or other input/output functionality.
In one embodiment, the biometric element may used to verify the rights of the user to operate the token device. In another embodiment, the biometric element may be used to verify the permission rights of the user to the token service provider or to a third-party for the purposes of conducting a token related transaction.
A memory 244 of token device 210 can include, for example, read-only memory (ROM), Flash memory, and/or random access memory (RAM) in accordance with various embodiments. Memory 244 may include one or more physical memory storage devices and/or memory that is directly associated with a processor circuit, such as a circuit of processor 238. Stored on memory 244 may be, for example, a device ID 246, one or more preloaded tokens 248, one or more received IDs/tokens 252, and a data server internet address 254.
In contrast to many USB devices, the portable token device includes processor 238 for running token device applications on portable token device 210. Processor 238 of token device 210 may be a specialized micro-processor in accordance with one embodiment. Optionally, token device 210 may include a secure processor that runs an operating system or a specialized secure micro-processor that is designed for running a specialized application.
Referring to again
Additionally, the token device 210 that is shown in
While more sophisticated tokens known in the art may be used in accordance with the principles of the present invention, so-called “dumb” tokens, such as any unique digital string may suffice. As such, a token device for purposes of the invention may include any portable device having computer-readable manufacturer controlled information. Where desired, the token device may include a processor. Alternatively, instead of the token being an entirely unique digital string, the token generator may generate certain tokens that have a portion only of the digital string that is unique. The software for accepting/identifying the transmission may be adjusted accordingly.
Device ID 246 that is stored in memory 244 may be a fixed unique device ID, such as a unique serial number or manufacturer ID or a profile ID within the profile database. As is the case of Ser. No. 11/489,435, the token of these embodiments may be entirely derived from more bits of information. Alternatively, in another embodiment, token device 210 may include a built-in random number generator (not shown) for generating a unique device ID. For example, an algorithm for random number generation may be implemented in processor 238.
The token device may include its own receiver, such as a token receiver 256, and/or transmitter, such as a token transmitter 258. Suitable tokens devices may passively or actively transmit tokens. Rather than preloading tokens, such as preloaded tokens 248, from a server, a token device of the present invention may be programmed to internally generate and store tokens so that a given user may have a queue for to-be transmitted tokens (not shown) and another queue for received tokens, such as received ID/tokens 252. Token devices that are capable of internally generating tokens may include memory having random code, such as a random diversifier, which may be used independently of any manufacturer-controlled data to generate a cryptographic key. The key may alternatively be supplied by the token server or may be capable of being recognized by the token server.
In terms of mobile token exchange between social or business contacts, any appropriate wireless signaling protocols may be used to exchange transaction tokens. However, it is preferred that transaction tokens be exchanged between mutually consenting parties. Alternatively, a consenting sending party transmits his/her token to at least one receiving party that may optionally consent to the token exchange. Infrared transmission may be to a certain extent directionally specific (e.g., between one intended user and another), short range, and can be implemented by any signaling methods known in the art, for example, as those described on the website of the Infrared Data Association. Alternatively, a short range RF signaling protocol may be used to transmit the tokens from one user to another, e.g., Near-Field Communications (NFC) such as those discussed online at the Near Field Communication Forum. NFC is of particular value because the specific communication is established by physical proximity—inches in the case of NFC.
The preferred mode of communication between the devices is a wireless signal sent between one sending and one receiving device. Since the intent is to support one to one personal contact, the design is such as to prevent the exchange of IDs other than to/from the intended physically proximate party. The same or different wireless technology may be used for a reply made by the receiving device to the sending device. However, embodiments of the presented invention are not limited to any specific currently existing or future wireless technologies. Additionally, the communication between the devices is not limited to wireless communication. For example, more details of an example of wired communication between devices is described with reference to
As illustrated in
An additional embodiment of the present invention includes the use of the service and/or hardware for the electronic commerce applications including micropayments. Micropayments are prepaid accounts that may be used for low dollar amount purchases.
The method of the present invention can be adapted for secure data retrieval system in a business context using non-secure tokens wherein one of the registered users is a business premises, event organizer or health-care provider having a display-capable stationary transaction token device, said stationary token device capable of real time download and display of profile associated with received transaction tokens and wherein business data associated with owner of said profile may be securely accessed to facilitate a business transaction.
Referring again to
In one example, the service provider may store a reference only to the user's bank account on the external database 830. Then over the secure channel they inform the associated vendor which of their clients is making the request. One advantage of the architecture may be that these indexes may be updated as often as the vendor wants, and are of no use outside of the secure channel between the service provider and external database 830. In turn the account numbers are also protected, because they never need to be revealed publically in order to conduct a transaction and, thus, are protected from being stolen and used in an unauthorized fashion. Another privacy benefit of the index of the external database 830 is that every bank/vendor may have their own reference index within the system, without relying on, for example, a social security number to keep the information aligned.
Yet another embodiment of the present invention includes software, which can be downloaded into an existing platform to enable it to practice the present invention and perform in the techniques described herein.
Embodiments of the present invention may also include business methods for generating revenue and income through the sales of hardware, software and services using the techniques described herein. These include, but are not limited to, (a) selling software for use on existing hardware platforms to enable the invention, (b) the sale of hardware (including jewelry or other form factors described below) to enable the invention, (c) charging users on an annual, monthly or per-message basis for use of the services described herein, and (d) a third party receiving links, advertorial content, or other business value in exchange for sponsoring mobile token devices or associated profile services for users. These business methods also include the ability to charge or incentivizing users for the exchange of messages or information processed through one or many central servers based on tokens exchanged between mobile devices and then uploaded as described above. It is to be understood that a variety of users (i.e., senders, recipients, or both) may benefit from various applications of the present invention. Users of the devices and services may include individuals, businesses, not-for-profit organizations, advertisers, political action groups, or any other organization.
In a preferred embodiment, the token device is ruggedized by any means known in the art so that it can withstand the jostle and tumble of everyday life. The wireless token device of this invention is preferably a portable stand alone device having no display capabilities preferably weighs less than one ounce. It may be embedded in a watch, a cell-phone, a broach, a pendant, a necklace, a ring, an earring, an article of clothing, a clothing label, a wallet or a key-chain.
In another embodiment, the hardware interface of the device may have a retractable, foldable, or otherwise physically protected male USB interface, such that the device can quickly interface to a computer. The USB interface shall be discrete and protected when not in use. Also, in one embodiment, the wireless interface of the device may have an IR/RF emitter for sending and receiving short bursts of data to/from a sister device. In a preferred embodiment, the transmitter may use data-transmission protocols that are suitable for successful delivery of 512 bits of data. The device shall have a single button to activate the IR/RF send/receive function and the exchange of wireless identifications shall be accomplished by single button exchanges so that the flavor of the moment is not diluted by multiple clicks and button exchanges. When pressed, the emitter shall transmit a single token. It may be that if the transmit button is held down longer than, for example, about 15 seconds it will need to be released and re-pressed for the device to begin the cycle again. It is to be understood that longer or shorter transmission times are part of the invention. In the stationary embodiment, the device may be set to always receive via an on/off switch.
While the device is transmitting data using the IR/RF interface the LED(s) may use a signal pattern (e.g., blinking) to indicate to the user the device's activity. When the RF receiver successfully receives data from another device the LED may show an alternate signal pattern (e.g., solid for 2 seconds) to indicate the reception. Also, devices shall have an internal processor to control the interaction of the various electronic components, including, but not limited to, the inter-device signaling protocol (IR or otherwise), error checking to prevent multiple copies of the same data being written successively, the LED signal pattern, the USB upload protocol, the initial process of linking the device to the data server and assigning or registering it's unique ID, and the initiation process of the device to upload the particular users profile to the data server.
Portable token devices 910 are not limited to the use of USB connectors for providing the wired communications, as shown in
Ultrasonic data communication module 1020 may include any suitable components for transmitting/receiving acoustic waves, such as transducers for converting electronic data to pulsed ultrasonic data and vice versa. In one example,
Referring again to
In another embodiment, the portable token device of the invention may include wireless broadband technology, such as Wi-Fi technology, IEEE 802.11 technology, ZigBee® technology, and/or Bluetooth® technology, that enables wireless communication via, for example, a wireless WAN and/or LAN. The inclusion of broadband technology in the portable token device allows for device-to-device and/or device-to-networked computer communication, an example of which is shown in
In the case where there is a party line or broadcast or medium/meeting room wherein two or more users wish to exchange tokens with each other (e.g., a one-way or two-way exchange). The devices may be put into a discovery mode to identify all of the other token devices in the space or communications channel, before beginning token transactions with each of the discovered devices. Such bounded discovery operation may be controlled based on signaling range, a select channel, a shared secret, a user selection interface or other means to prevent unauthorized persons from participating in the group token exchange. In a physical meeting space, this token method avoids the archaic business card exchange ritual at new meetings.
Because wireless broadband technology 1120 may allow a certain token device to discover multiple other token devices that may be also within the range of a wireless broadband network, an additional operation may be required to establish a one-to-one connection. That is, another level of functionality and/or navigation may be required. For example, the token device may be equipped with a small display and/or keypad. In one example, once a certain device queries the wireless broadband network and discovers multiple token devices, a set of pictures of all the discovered users may be displayed. The user of the certain token device may then scroll through the user pictures and select one or more users of interest with whom to exchange tokens.
Another method of communicating with one of several users that have been discovered may be by transmitting a mutually known code between at least two consenting parties. Upon the two or more token devices detecting matching codes, the at least two consenting parties may perform a one-to-one exchange of tokens. Any of various methods of generating a code may be utilized. In one example, the sender presses a certain number sequence on a keypad of his/her token device, which is transmitted over the wireless broadband network. Alternatively, the sender presses a certain key (e.g., transmit button 222) multiple times with a certain sequence of short and long pulses, like Morse code. All devices within range of the network may receive the code. However, the code is known to a certain one or more intended receivers only who must act to enter the same sequence, perhaps within a certain limited timeframe (e.g., within 1 minute of receiving the code), using their token device. If the codes that are entered by both the sender and the one or more intended receivers match, tokens may be exchanged. However, if the codes that are entered by both the sender and the one or more intended receivers do not match, tokens may not be exchanged. The longer the sequence in the code, the more authentication is provided, and the more secure the transaction.
By use of microphone 1230 and digital sound recorder 1220, ambient sound in the physical environment of token device 1210 may be captured and stored in audio file 1240. Alternatively, the user's voice may be captured and stored. In either case, the captured audio may be used as a non-spoofable unique identifier and, thus, provides an additional means for a unique security or authentication layer.
In the case of local authentication, if the audio that is captured on both the sender's (e.g., User A) and receiver's (e.g., User B) local portable token device 1210 substantially matches, a one-to-one token exchange between devices is allowed. In this example, the ability to capture ambient sound gives context to the exchange process.
Furthermore, the inclusion of a digital sound recorder, such as digital sound recorder 1220, may provide additional usefulness. For example, the digital sound recorder may allow a user to capture a voice recording of specific comments or notes that the sender and/or recipient may want to recall.
In yet another embodiment, the principles of recording sound that are described in
The information from the user that drops-off his/her information at third party device 1310 may be tagged (e.g., with certain authorization criteria) in such a way as to allow an intended user only to pick up the information at third party device 1310. Additionally, there may be a time limit (e.g., within 10 minutes of drop-off) within which the intended receiving user must pick-up the sending user's information. Optionally, once an exchange transaction has occurred via third party device 1310, a paper receipt may be printed for the receiving user. Additionally, User A, for example, may return to third party device 1310 and verify whether User B has picked up his/her token.
In another embodiment of the invention, the third party device 1310 of
By use of third party device 1410, which may be a third party service provider, any user-subscriber may approve the exchange of information with another user-subscriber by contacting third party service provider who then authenticates the exchange operation. In this example, the portable token device may be a device that has enhanced functionality, such as, but not limited to, sound recording capability, email capability, TXT messaging capability, and/or GPS capability. By way of example,
In one example and referring to
Referring again to
The embodiment shown in
Furthermore, as described in
Accordingly, a timestamp may be attached to any data transmission, such as to any exchange of tokens, adding further uniqueness to the token ID as the timestamp changes with every transmission. In one example, the token devices of two or more users capture a timestamp via any of the above-mentioned methods. For example, two parties may capture substantially the same time and date and generate a token that has substantially the same timestamp. The users may then return to their personal computer and exchange tokens based on a substantially matching timestamp, within some tolerance. Optionally, the local IP address of the network entity from which the date and time is captured may be attached to the timestamp for further matching.
In the case of an internal timer, the internal timer may record, for example, the elapsed time that User A is in communication with User B, such as during a one-to-one token exchange operation. By monitoring the communications protocol, the timer may be activated upon the data transfer between two devices being initiated and deactivated upon completion of the data transfer. The timer value may be appended to the end of the transmission and included in the token exchange data. The users may then return their personal computer and exchange tokens based on a substantially matching timer values, within a practical tolerance. Alternatively, each token device may include a dedicated mechanism for generating a time value, such as a dedicated button or switch. In this example, two or more users may have to coordinate their actions to substantially synchronize (within a practical tolerance) the activation of the dedicated timer mechanism.
Alternatively, the pre-acquired tokens may be locked, and upon meeting at the event, the tokens may be unlocked. Alternatively, the event sponsor or service provider has the user profiles, which are initially locked, and upon meeting the users verify identity and then may return to their personal computer and use the token to unlock the user profiles of interest.
Additionally, this embodiment of the invention may allow each user to control his/her outgoing profile information, such as to provide one-time profile information and/or provide perpetual profile updates. For example, each user may have multiple levels of control, such as to (1) turn on and off the ability of another user to access my his/her profile, (2) turn on and off the ability of another user to receive automatic profile update information, and (3) determine the granulation of their profile that may be seen by other users (e.g., provide a certain email address, physical address, and/or phone number only).
In this embodiment, user-subscribers may have a QR code on any of their respective physical devices, such as on the surface of a cell phone, PDA, business card, keychain, and so on. The QR code may be used as the mechanism to provide unique wireless electronic device identification. Any user that has, for example, a camera phone that is equipped with the correct reader software may scan the image of the QR code of another user, which, in the context of the invention, may be used for verifying user identity. More specifically, stored on the database of the authentication server are the QR codes of the user-subscribers. Following the physical meeting of two or more users, the QR codes are used for making contact between users via the service provider, in substantially the same way that the exchange of tokens allows two or more users to make contact.
Portions of the present invention may be conveniently implemented using a conventional general purpose or a specialized digital device, computer system, server, computer or microprocessor programmed according to the teachings of the present disclosure, as will be apparent to those skilled in the art of communication, computer and e-commerce.
Appropriate software coding can readily be prepared by skilled programmers based on the teachings of the present disclosure, as will be apparent to those skilled in the software art. The invention may also be implemented by the preparation of application specific integrated circuits or by interconnecting an appropriate network of conventional component circuits, as will be readily apparent to those skilled in the art.
The present invention includes a computer program product which is a storage/recording medium (media) having instructions stored thereon/in which can be used to control, or cause, a computer to perform any of the processes of the present invention. The storage medium can include, but is not limited to, any type of disk including floppy disks, mini disks (MD's), optical discs, DVD, CD-ROMS, micro-drive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices (including flash cards), magnetic or optical cards, nanosystems (including molecular memory ICs), RAID devices, remote data storage/archive/warehousing, or any type of media or device suitable for storing instructions and/or data.
Stored on any one of the computer readable medium (media), the present invention includes software for controlling both the hardware of the general purpose/specialized computer or microprocessor, and for enabling the computer or microprocessor to interact with a human user or other mechanism utilizing the results of the present invention. Such software may include, but is not limited to, device drivers, operating systems, and user applications. Ultimately, such computer readable media further includes software for performing the present invention, as described above.
Included in the programming (software) of the general/specialized computer or microprocessor are software modules for implementing the teachings of the present invention.
The above description illustrates various embodiments of the present invention along with examples of how aspects of the present invention may be implemented. The above examples and embodiments should not be deemed to be the only embodiments, and are presented to illustrate the flexibility and advantages of the present invention as defined by the following claims. Additionally, embodiments of the present invention may cover the operation of a wireless device, including software algorithms performed on a wireless device, or the operation of a computer system, including software algorithms performed on a server, database or other computer network configuration for implementing backend processing. Based on the above disclosure and the following claims, other arrangements, embodiments, implementations and equivalents will be evident to those skilled in the art.
1. A wireless face-to-face bilateral communication method between two registered users, of a service provider each having a virtual profile and a token device, comprising: between a sending token device and a receiving token device, transmitting unique electronic transaction tokens between a consenting sending party and a consenting receiving party wherein said transaction tokens are used for a single-use, after-contact, computer-network facilitated access to each party's virtual profile.
2. The wireless face-to-face bilateral communication method of claim 1, wherein the receiving party is an event organizer, retailer or business premise and the sending party is a business or social invitee, and
- wherein the receiving token device is stationary and used to receive and process wireless electronic tokens of the invitees.
3. The wireless face-to-face bilateral communication method of claim 2, wherein the receiving party is a medical services provider and the sending party is a patient.
4. The wireless face-to-face communication method of claim 1, between a profile requestor and a profile requestee who had previously met at a business or social event, further comprising uploading of said single use transaction tokens to a data server computer system wherein said system authenticates said transaction tokens and said computer system prompts the requestee upon request by requester, to send requestee's virtual profile to requester.
5. The method of claim 4, wherein either the profile requestor or the profile requestee is a business premises.
6. The method of claim 4, wherein the virtual profile is granulated.
7. The method of claim 4, wherein the virtual profile includes information in text, audio, video, images, blogs, website links, schedules, friends, activities, social affiliations, feeds, product description, brochures, coupons, incentive programs, medical records, receipts, purchase history, loyalty points, or items or services for discounted sale.
8. The method of claim 4, wherein the profile information includes an access to another communication channel—public or private.
9. The method of claim 4, wherein the profile contains medical or other information and wherein the sending party is a patient in need of healthcare services and the receiving party is a health care provider.
10. A computer software embedded in a computer readable storage medium, comprising:
- a module for generating a plurality of unique single-use transaction tokens to be uploaded to wireless token devices;
- a module for storing profiles for a plurality of users;
- a module for associating said transaction tokens with the profiles;
- a module for receiving one profile request associated with a received transaction token uploaded from a wireless token device connected to a user's computer;
- a module for accessing a profile associated with the received transaction token; and
- a module for, upon approval by a profile owner, displaying the profile associated with said transaction token to another user's computer.
11. The computer software of claim 10, wherein the transaction tokens and the profiles are stored in a database accessible over the Internet.
12. The computer software of claim 10, wherein the step of accessing a profile involves generating a query to a database using the received transaction token, and retrieving the profile associated with the associated token device in response to the query.
13. A wireless token device for exchanging social or business networking transaction tokens comprising: an external case housing a power supply, a USB interface, a targetable narrow-beam send/receive hardware component, a transmit button, a confirmation LED, processor, a memory, USB transaction software, a selector switch, an internal clock/calendar, and a token counter, wherein exchange of said tokens is accomplished by single button exchanges between a sending party and a receiving party.
14. The wireless token device of claim 13, wherein the wireless token device is a portable standing-alone device without display capability and with an external ruggedized case, and weighs less than one ounce.
15. The wireless device of claim 13, wherein the wireless device is embedded in a watch, a cell-phone, a broach, a pendant, a necklace, a ring, an earring, an article of clothing, a clothing label, a wallet or a key-chain.
16. The wireless device of claim 13, wherein the wireless device is integrated into a smart card.
17. A method for wireless face-to-face bilateral communication between two registered users of a service provider comprising:
- generating a plurality of unique electronic single-use transaction tokens each associated with a user-profile stored in a network database;
- uploading said plurality of transaction tokens into a user's wireless transaction token device;
- wherein said users exchange said unique single use transaction tokens by single button engagement of said user's token devices to transmit and receive said single use transaction tokens; and
- wherein said transmission is by means of a directionally targeted narrow electromagnetic beam.
18. The method of claim 17, wherein said transmission is by means of a short range radio frequency link between parties in very close proximity.
19. The method of claim 17, wherein said transmission is adapted for secure data retrieval in a business context using non-secure tokens,
- wherein one of the registered users is in a business premises, and one of the users is an event organizer or health-care provider having a display-capable stationary transaction token device,
- wherein said stationary token device real time downloads and displays profile associated with received transaction tokens in a real-time manner, and
- wherein business data associated with an owner of said profile is securely accessed to facilitate a business or payment transaction.