TECHNIQUES FOR MONETIZING ANONYMIZED CONTEXT
An embodiment of the present invention provides a method of offering anonymous incentive based context to service providers, comprising delivering context information of a user to the service provider, wherein prior to delivery of the context information to the service provider, the context is anonymized by removing identifying information and aggregating it with context from additional users.
The present application is a continuation of U.S. patent application Ser. No. 12/754,643, filed on Apr. 6, 2010, entitled “TECHNIQUES FOR MONETIZING ANONYMIZED CONTEXT” which is hereby incorporated herein by reference in its entirety and for all purposes.
BACKGROUNDThe rapid development of wireless devices and their ever-improving mobile capabilities have enabled users to depend on them for increasing numbers of applications while the devices can obtain a wide variety of personal information. Users of such devices are increasingly able to capture contextual information about their environment, their interactions, and themselves on various platforms. These platforms include, but are not limited to, mobile computing/communication devices (e.g., PDAs, phones, MIDs), fixed and portable computing devices (laptops, desktops, and set-top-boxes), and cloud computing services and platforms. Both raw context and profiles derived from this context have a potentially high value to the user, if the user can properly manage and share this information with service providers. Service providers may use this information to better tailor offers to the user, to better understand their customers, or to repackage and sell (or otherwise monetize).
The user potentially stands to benefit through a better service experience or through a specific incentive. The user's ability to leverage this context is currently limited in the following ways: there is no automated way to share, combine, or integrate context across platforms owned by the same user; there is no automated and/or standardized way for the user to share this context with service providers, with or without compensation; and there is no simple mechanism for controlling access to context.
Currently this type of information may be collected and monetized in a variety of ways:
-
- Context is collected by cloud service providers, via web logs, credit card traces, and other artifacts of day-to-day life. Such context might identify life events or in-market interests. The user often has no knowledge or control over this information and gains nothing in its use.
- Context is collected automatically on the user's platforms and delivered back to a service provider. For example, set-top boxes often collect information about TV viewing patterns, and cell phones often track location.
- Users may explicitly share context by filling out a survey about their interests, demographics, or personal history.
In the above examples, users are not always aware their context is being collected. They may or may not be given the opportunity to opt-out and in most cases, the user will receive no compensation for their context. Also, users do not have a way to allow the gathering of their information anonymously. Thus, a strong need is present for techniques for anonymized monetizing of context information.
The subject matter regarded as the invention is particularly pointed out and distinctly claimed in the concluding portion of the specification. The invention, however, both as to organization and method of operation, together with objects, features, and advantages thereof, may best be understood by reference to the following detailed description when read with the accompanying drawings in which:
It will be appreciated that for simplicity and clarity of illustration, elements illustrated in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements are exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals have been repeated among the figures to indicate corresponding or analogous elements.
DETAILED DESCRIPTIONIn the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those skilled in the art that the preset invention may be practiced without these specific details. In other instances, well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the present invention.
Although embodiments of the invention are not limited in this regard, discussions utilizing terms such as, for example, “processing,” “computing,” “calculating,” “determining,” “establishing”, “analyzing”, “checking”, or the like, may refer to operation(s) and/or process(es) of a computer, a computing platform, a computing system, or other electronic computing device, that manipulate and/or transform data represented as physical (e.g., electronic) quantities within the computer's registers and/or memories into other data similarly represented as physical quantities within the computer's registers and/or memories or other information storage medium that may store instructions to perform operations and/or processes.
Although embodiments of the invention are not limited in this regard, the terms “plurality” and “a plurality” as used herein may include, for example, “multiple” or “two or more”. The terms “plurality” or “a plurality” may be used throughout the specification to describe two or more components, devices, elements, units, parameters, or the like. For example, “a plurality of stations” may include two or more stations.
As mentioned above, users are increasingly capable of capturing contextual information about their environment, their interactions, and themselves on various platforms. These platforms may include, but are not limited to, mobile computing/communication devices (e.g., PDAs, phones, MIDs), fixed and portable computing devices (laptops, desktops, and set-top-boxes), and cloud computing services and platforms. Both raw context and profiles derived from this context have a potentially high value to the user, if the user can properly manage and share this information with service providers. Further, embodiments of systems of the present invention may provide a platform that is an information assimilation and communication platform.
Although several context collection mechanisms are in current use today, none provide all of the following features (1) automatic context collection, (2) user control, (3) user compensation, and (4) data privacy via anonymization.
Although existing mechanisms allow context collected on the user's personal platforms to be controlled by the user and monetized, this capability does not provide anonymization. Some embodiments of the present invention provide for aggregated context and provide anonymization services and a communication protocol that enables a user to choose to monetize aggregated context in a privacy-preserving way. This guarantees both anonymous aggregation of context and compensation to each context contributor.
In this way, users can monetize context collected on the platform, for both accuracy and user control and will be more likely to share context because it is shared in a more anonymous way. Service providers typically only need aggregated data, and can pay less for each individual user's data if it is aggregated and other parties to the transaction may receive recurring revenue by acting as a context aggregation service provider.
Embodiments of the present invention enable users to enter into an agreement with a service provider such that:
-
- The user contributes some personal context;
- Prior to delivery to the service provider, the context is anonymized by removing identifying information and aggregating it with context from many other users; and
- The user receives appropriate compensation for their contribution.
This may be provided by integrating an anonymization service with a context monetization capability. Looking now at
-
- The Client 110 delivers context and receives a reward;
- The Anonymization Service 120 knows the identities of the clients but has no access to context or monetary rewards;
- The Service Provider 130 receives anonymized context but cannot attribute it to specific clients. It also arranges for delivery of monetary rewards.
- The Reward Provider 140 generates rewards but has no immediate knowledge of recipients or what they are being compensated for.
The identity of the client that provided a given piece of context is protected unless two of more of the above participants collude. In an embodiment of the present invention, client 110 may send an offer request 105 to service provider 120 which may return an offer 115 back to client 110. Client may then send at 125 a context bundle to anonymizer 120 which aggregates the client's context with the context of other clients at 135 and sends at 145 to service provider 130. At 155 a reward request list is provided from service provider 130 to reward provider 140, which at 165 sends a reward list to anonymizer 120. At 175 anonymizer 120 sends reward to client 110.
Note that the Anonymization Service represents a recurring revenue opportunity. Such a service can work in conjunction with specific platforms (mobile, PC, set-top, cloud) that generate user context.
The Basic Protocol is shown in
Step 1: Offer Request 215: The client asks the Service Provider for a list of available offers. The user's identity is known at this point; however, no context is promised or delivered. Optionally, this request could be forwarded through the Anonymizer. Upon receipt, the Service Provider selects a set of offers to deliver to the Client. These offers may be filtered based on client identity or past client relationships, but they should not be unique to the specific client.
Step 2: Offer 225: One or more offers are returned. Each offer specifies:
-
- The set of desired context;
- The level of aggregation (over how many users) that this data will receive before delivery;
- The form and amount of compensation;
An offer may be signed using the private key of the Service Provider, for authenticity. Upon receipt of an offer, the Client chooses whether to participate. Selection of an offer may utilize a user interaction or a previously formulated user-defined policy.
Step 3 235: Context Bundle: To accept an offer, the Client sends the context bundle to the Anonymizer to be aggregated with the context of other users. This message is protected from tampering by signing with a private key tied to the client's ID, and accessible only by the Anonymizer, since it is encrypted with the anonymizer's public key. The message contains:
-
- The identity of the client;
- A timestamp (real or virtual) for freshness;
- A copy of the original offer, still signed for authenticity;
- A “context package” for the service provider, encrypted using the public key of the service provider (for privacy), containing:
- The original offer;
- The context requested in the offer;
- An obscured form of the node's identity (encrypted using the public key of the anonymizer); and
- A public key owned by the client that will be used to encrypt rewards data for delivery to the client. Note that for maximum privacy protection this should be a one-time use key to prevent correlation over time by the Service Provider and Rewards Provider.
Upon receipt, the Anonymizer unpacks the message. If the data is stale or inauthentic, it is discarded, otherwise, it is stored for later forwarding. Note that the offer specifies the number of users over which to aggregate the data before it is forwarded.
Step 4 245: Aggregation: Once context is collected from the required number of users for a given offer, the “context packages” are assembled in random order into an Anonymized Bundle List. Transmission of the Anonymized Bundle List could be randomly delayed to further protect the identities of the set of Clients whose data are contained in the bundle.
Alternatively, an Anonymized Bundle List can be sent to a given Service Provider at regular intervals. The subset and order of Client data included in a given Anonymized Bundle List would be determined randomly, with a random distribution weighted such that older data is more likely to be included (preventing data from becoming too stale). In this case, no Anonymized Bundle List should be sent to a Service Provider unless a sufficiently large number of entries are available.
In either case, the Anonymized Bundle List can include context packages from multiple offers (since each is labeled with the specific offer). If context packages for multiple offers are included in an Anonymized Bundle List, it is important that the aggregation constraints of each individual offer are satisfied.
Step 5 255: Anonymized Bundle List: The Anonymized Bundle List is sent from the Anonymizer to the Service Provider. It is signed using the Anonymizer's private key, for authenticity. Although not limited in this respect, it may include a timestamp (either real or virtual) for freshness, and a list of “context packages” in random order.
Upon receipt, the Service Provider unpacks the message, checking for authenticity and freshness. It then unpacks each “context package.” For each one, it takes the following steps:
-
- Validates the offer;
- Saves the context for further processing (application specific);
- Formulates a Reward Request using the obscured node identity and public key; and
All of the above reward requests are combined into a Reward Request List.
Step 6 265: The Reward Request List: The Reward Request List is sent from the Service Provider to the Reward Provider and contains a list of Reward Requests. Although the present invention is not limited in this respect, each Reward Request or the Reward Request List as a whole may be protected by signing with the Service Provider's private key (for authenticity) and encrypting with the Reward Provider's public key (for secrecy). Each reward request may contain:
-
- A timestamp for freshness;
- The value (and perhaps type) of the requested reward;
- The obscured identity of the recipient; and
- The public key provided by the recipient.
Upon receipt, the Reward Provider prepares a Reward List with one entry for each Reward Request.
Step 7 275: The Reward List: The Reward List is sent from the Reward Provider to the Anonymizer. It contains a list of Reward Messages. Each Reward Message or the Reward List as a whole may be signed using the Reward Provider's private key for authenticity and encrypted with the Anonymizer's public key for privacy. Each Reward Message in the Reward List contains:
-
- The reward, which may be an electronic certificate (application specific) with some value. It can be unique, but it is not linked to a specific user (the user is not known to the reward provider at this time). For example, the reward might be a code for an Itunes gift card or an Amazon gift certificate. In an embodiment of the present invention, the reward may be encrypted (for privacy) with the public key provided by the intended recipient.
It is noted that the obscured identity of the recipient and the public key provided by the recipient are obtained from the reward request and were originally provided by the client in the Context Bundle.
It may also be noted that while the Reward Provider may eventually (when the reward is redeemed) know the identity of the recipient (the Client), the Reward Provider never knows anything about the offer or the context delivered in response to that offer.
Upon receipt, in embodiments of the present invention, the Anonymizer validates the authenticity of each Reward Message. It can now decrypt the identity of the client node and caches each reward for later delivery.
Step 8: Aggregation 285: The Anonymizer caches each reward for a random amount of time to prevent correlation across rewards. Aggregation is accomplished in a manner similar to that set forth above relating to step 4.
Step 9 295: Reward: Each reward is then addressed to the specific recipient in a Reward message. It may contain the reward, still encrypted using the public key provided by the client for secrecy. Optionally, the reward could be signed by the Reward Provider for authenticity.
Note that one of two properties must hold: (1) the reward is generic (a single code given to all users), or (2) the Reward Provider must be independent of the Service Provider. Validation of these properties is the responsibility of the Client, though the Anonymizer could provide a service that assists Clients in determining the trustworthiness of rewards. Property (1) is difficult to validate and should be considered highly suspect.
Offer Constraints. As noted in Step 1 of the basic protocol, unique properties in an offer or offer signature could enable a bundle to be traced by the Service Provider back to the Client. To reduce this risk, the Anonymizer may choose to enforce some or all of the following rules during processing of bundles in Step 3:
-
- All responses being anonymized in satisfaction of a given offer must contain an identical copy of the offer and signature.
- All offers may follow a generic format that contains four fields: the context being requested, the level of aggregation, the amount of compensation, and the type of compensation. Each field would be restricted to a small set of fixed values.
- Valid offers (including their signature) must be registered in advance with the Anonymizer. The Anonymizer could then choose to track (and perhaps limit) the number of different offers currently valid for a given Service Provider.
Bundles containing offers that do not meet the desired set of criteria would be rejected. The Anonymizer may also choose to constrain offers to protect clients. For example, the Anonymizer could enforce a minimum level of aggregation or a minimum level of compensation required for release of a particular piece of context.
In some cases, the Anonymizer may not trust the Service Provider to deliver a reward to the recipient. In this case, prior to Step 5, the Anonymizer may signal the availability of the Anonymized Bundle List by sending a list of client public keys and obscured client identities to the Service Provider. The Service Provider can then follow Step 6, resulting in rewards being sent to the Anonymizer in Step 7. Once the Anonymizer has validated receipt of the rewards, the Anonymized Bundle List can be sent to the Service Provider. The choice between this version of the protocol and the basic protocol depends on the relative trustworthiness of the Anonymizer and the Service Provider. However, in general, the basic protocol is sufficient, because the Anonymizer can determine that a given Service Provider is not trustworthy, if rewards are not eventually received.
In some cases, users may wish to deliver context as part of the regular service delivery process. For example, the user may wish to utilize a video streaming web site, and deliver a list of their top 10 most frequently watched TV shows in exchange for some free content. To reduce the need to modify existing services and client software, embodiments of the present invention may integrate the anonymous context monetization capability with a typical service delivery mechanism. The resulting protocol is shown in
The resulting protocol utilizes the same core interactions between Anonymizer, Service Provider, and Reward Provider. For backward compatibility with existing services, the client contacts the Service Provider directly. The protocol proceeds with the following steps:
1. The Client makes a generic service request to the Service Provider.
2. The Service Provider makes a generic service reply (e.g., a content page that does not include any additional free content) to the client, but adds to the response an offer (similar to Step 2 in the basic protocol).
3. If the Client wishes to share some context, it sends a second service request to the Service Provider. This request includes a context bundle (similar to Step 3 in the basic protocol, but sent directly to the Service Provider).
4. The Service Provider cannot access the bundle. Instead, it sends the bundle to the Anonymizer.
5. The Anonymizer validates the bundle, caches it in the anonymization cache, and sends a context affidavit to the Service Provider attesting to receipt of the requested context. The Service Provider won't receive the context until later in the process, once it has been anonymized.
6. The Service Provider can now send an improved service reply to the Client (e.g., with the promised free content). This reply could provide the improved service itself, or a token that the Client can use to unlock an improved service, for either a limited or unlimited period of time.
7. At this point, the protocol proceeds with the basic protocol, starting at Step 4, aggregating data, and eventually sending anonymized context data to the Service Provider and delivering the resulting rewards.
The above procedure results in almost the same anonymization as the basic protocol, except that the Service Provider knows which clients contributed context. However, it still doesn't know which context each Client contributed. As a result, Clients of this version of the protocol will probably want to limit their participation to offers with a higher aggregation factor than the basic protocol.
The above protocol provides a good way for the user to receive preferred service, including delivery of a token that entitles the holder to preferred service. An alternative is to provide the token as the Reward in the Basic Protocol. However, in this case, the Service Provider is also acting as the Reward Provider, which violates an assumption that the Rewards Provider and the Service Provider do not collude. There is a danger that a redeemed token could be used by the Service Provider (who in the case is also the Reward Provider) to connect the Client with their anonymized context. The protocol above provides an alternative approach that does not have this disadvantage.
Continuing with the figures,
When received “reward list” message at 440, determine if message is authentic at 445. If YES, decrypt node identity at 450, cache reward and set random timer 455 and return to Anonymizer 405. If reward timer expires at 455, send reward messages to Client nodes at 460 and then return to Anonymizer start 405.
Some embodiments of the present invention may further provide a computer readable medium encoded with computer executable instructions, which when accessed, cause a machine to perform operations comprising offering anonymous incentive based context to service providers by delivering context information of a user to the service provider, wherein prior to delivery of the context information to the service provider, the context is anonymized by removing identifying information and aggregating it with context from additional users.
While certain features of the invention have been illustrated and described herein, many modifications, substitutions, changes, and equivalents may occur to those skilled in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the invention.
Claims
1. A method of offering anonymous incentive based context to service providers, comprising:
- delivering context information of a user to said service provider, wherein prior to delivery of said context information to said service provider, said context is anonymized by removing identifying information and aggregating it with context from additional users.
2. The method of claim 1, further comprising said user receiving compensation for their contribution to said aggregated context information.
3. The method of claim 2, wherein an anonymization service provides said anonymizing and knows the identities of users but has no access to context or monetary rewards and wherein said service provider receives said anonymized context but cannot attribute it to a specific source and optionally arranges for said compensation and wherein a reward provider generates rewards but has no immediate knowledge of recipients.
4. The method of claim 1, further comprising:
- said user submitting an offer request for a list of available offers from said service provider and upon receipt, said service provider selects a set of offers to deliver to said user; and
- wherein upon receipt of at least one offer, said user chooses whether to participate.
5. The method of claim 4, wherein if said user chooses to participate, a context bundle is delivered to an anonymizer in one of the following manners:
- a context bundle is sent from said user to said anonymizer to be aggregated with the context of other users; or
- a context bundle is sent from said user to said service provider, wherein context is initially provided by the client to the service provider in an obscured form as part of the service request, said service provider then forwards said obscured context to said anonymizer, said anonymizer attests to said service provider that said context has been delivered, said service provider provides an improved service response to the client.
6. The method of claim 5, wherein after receiving said context bundle said anonymizer removes identifying information, and once said context is collected from a required number of users for a given offer, context packages are randomly assembled into an anonymized bundle list and sent from said anonymizer to said service provider.
7. The method of claim 6, wherein upon receipt, said service provider unpacks each context package and reward requests are combined into a reward request list that is sent from said service provider to a reward provider and contains a list of reward requests, whereafter a reward list is sent from said reward provider to said anonymizer; and
- wherein said Anonymizer caches each reward for a random amount of time to prevent correlation across rewards and each reward is then addressed to a specific recipient in a reward message.
8. The method of claim 7, wherein if said service provider is not a trusted service provider, an anonymizer signals availability of a context bundle and waits for a reward prior to delivering said bundle to said service provider.
9. The method of claim 6, wherein said Anonymizer is adapted to choose to enforce some or all of the rules during processing of bundles from the rules group consisting of:
- All responses being anonymized in satisfaction of a given offer must contain an identical copy of the offer and signature;
- All offers follow a generic format that contains four fields: the context being requested, the level of aggregation, the amount of compensation, and the type of compensation;
- Valid offers must be registered in advance with said Anonymizer; and
- Bundles containing offers that do not meet the desired set of criteria would be rejected.
10. The method of claim 4, wherein each offer is signed using a private key of said service provider for authenticity and specifies: the set of desired context; the level of aggregation that this data will receive before delivery; and the form and amount of compensation and selection of an offer may utilize a user interaction or a previously formulated user-defined policy.
11. The method of claim 5, wherein said context bundle is protected from tampering by signing with a private key tied to the client's identity, and accessible only by said anonymizer since it is encrypted with said anonymizer's public key and wherein said context bundle contains: the client's identity, a real or virtual timestamp for freshness; a copy of an original offer, still signed for authenticity; a context package for said service provider, encrypted using the public key of the service provider containing said original offer; the context requested in said offer; an obscured form of a node's identity encrypted using the public key of the anonymizer; and a public key generated by said client.
12. The method of claim 6, wherein transmission of said anonymized bundle list is randomly delayed to further protect identities of a set of clients whose data are contained in said bundle.
13. The method of claim 6, wherein when said anonymized bundle list is sent from said anonymizer to said service provider, it is signed using said anonymizer's private key, for authenticity and further includes a timestamp for freshness, and a list of context packages in random order.
14. The method of claim 7, wherein upon receipt, said service provider unpacks said anonymized bundle list, checks for authenticity and freshness and then unpacks each context package and takes the following steps: validates the offer; saves said context for further processing; and formulates a reward request using an obscured node identity and public key
15. The method of claim 7, wherein said reward request is protected by signing with said service provider's private key for authenticity and encrypting with said reward provider's public key for secrecy and wherein each reward request contains: a timestamp for freshness; the value of the requested reward; the obscured identity of the recipient; and the public key provided by the recipient.
16. A computer readable medium encoded with computer executable instructions, which when accessed, cause a machine to perform operations comprising:
- offering anonymous incentive based context to service providers by delivering context information of a user to said service provider, wherein prior to delivery of said context information to said service provider, said context is anonymized by removing identifying information and aggregating it with context from additional users.
17. The computer readable medium encoded with computer executable instructions of claim 1, further comprising said user receiving compensation for their contribution to said aggregated context information.
18. The computer readable medium encoded with computer executable instructions of claim 16, wherein an anonymization service provides said anonymizing and knows the identities of users but has no access to context or monetary rewards and wherein said service provider receives anonymized context but cannot attribute to a specific source and arranges for said compensation and wherein a reward provider generates rewards but has no immediate knowledge of recipients.
19. The computer readable medium encoded with computer executable instructions of claim 16, further comprising said user submitting an offer request for a list of available offers from said service provider and upon receipt, said service provider selects a set of offers to deliver to said user;
- wherein upon receipt of an offer, said user chooses whether to participate;
- wherein if said user chooses to participate, either a context bundle is sent from said user to said anonymizer to be aggregated with the context of other users, or
- a context bundle is sent from said user to said service provider, wherein context is initially provided by the client to the service provider in an obscured form as part of the service request, said service provider then forwards said obscured context to said anonymizer to be aggregated with the context of other users, said anonymizer attests to the service provider that said context has been delivered, said service provider provides an improved service response to the client.
20. The method of claim 19, wherein once said context is collected from a required number of users for a given offer, context packages are randomly assembled into an anonymized bundle list and sent from said anonymizer to said service provider;
- wherein upon receipt, said service provider unpacks each context package and all reward requests are combined into a reward request list that is sent from said service provider to a reward provider and contains a list of reward requests, whereafter said reward list is sent from said reward provider to said anonymizer; and
- wherein said Anonymizer caches each reward for a random amount of time to prevent correlation across rewards and each reward is then addressed to a specific recipient in a reward message.
21. The computer readable medium encoded with computer executable instructions of claim 20, wherein said Anonymizer is adapted to choose to enforce some or all of the rules during processing of bundles from the rules group consisting of:
- All responses being anonymized in satisfaction of a given offer must contain an identical copy of the offer and signature;
- All offers follow a generic format that contains four fields: the context being requested, the level of aggregation, the amount of compensation, and the type of compensation;
- Valid offers must be registered in advance with said Anonymizer; and
- Bundles containing offers that do not meet the desired set of criteria would be rejected.
22. The computer readable medium encoded with computer executable instructions of claim 20, wherein when said context bundle is sent from said user client to said anonymizer to be aggregated with the context of other users, said message is protected from tampering by signing with a private key tied to the client's identity, and accessible only by said anonymizer by encrypting with an anonymizer public key.
23. The computer readable medium encoded with computer executable instructions of claim 22, wherein said message contains a timestamp for freshness; a copy of an original offer, still signed for authenticity; and a context package for said service provider, encrypted using the public key of the service provider.
24. A system, comprising:
- an information assimilation and communication platform adapted to offer anonymous incentive based context to service providers by delivering context information of a user to said service provider, wherein prior to delivery of said context information to said service provider, said context is anonymized by removing identifying information and aggregating it with context from additional users.
25. The system of claim 24, further comprising said user receiving compensation for their contribution to said aggregated context information.
26. The system of claim 25, wherein an anonymization service provides said anonymizing and knows the identities of users but has no access to context or monetary rewards and wherein said service provider receives anonymized context but cannot attribute to a specific source and arranges for said compensation and wherein a reward provider generates rewards but has no immediate knowledge of recipients.
27. The system of claim 24, further comprising:
- said user submitting an offer request for a list of available offers from said service provider and upon receipt, said service provider selects a set of offers to deliver to said user;
- wherein upon receipt of an offer, said user chooses whether to participate;
- wherein if said user chooses to participate, a context bundle is sent from said user to said anonymizer to be aggregated with the context of other users and once said context is collected from a required number of users for a given offer, context packages are randomly assembled into an anonymized bundle list and sent from said anonymizer to said service provider;
- wherein upon receipt, said service provider unpacks each context package and all reward requests are combined into a reward request list that is sent from said service provider to a reward provider and contains a list of reward requests, whereafter said reward list is sent from said reward provider to said anonymizer; and
- wherein said Anonymizer caches each reward for a random amount of time to prevent correlation across rewards and each reward is then addressed to a specific recipient in a reward message.
Type: Application
Filed: Oct 22, 2013
Publication Date: Feb 13, 2014
Inventors: Mark D. Yarvis (Portland, OR), Matthew D. Wood (Portland, OR)
Application Number: 14/060,116
International Classification: G06Q 30/02 (20060101);