U.S. patent application number 14/042667 was filed with the patent office on 2015-04-02 for method, system and apparatus for effecting targeted access to anonymous users of a network.
The applicant listed for this patent is Paul R. Goldberg. Invention is credited to Paul R. Goldberg.
Application Number | 20150095104 14/042667 |
Document ID | / |
Family ID | 51229156 |
Filed Date | 2015-04-02 |
United States Patent
Application |
20150095104 |
Kind Code |
A1 |
Goldberg; Paul R. |
April 2, 2015 |
METHOD, SYSTEM AND APPARATUS FOR EFFECTING TARGETED ACCESS TO
ANONYMOUS USERS OF A NETWORK
Abstract
A method, system, and apparatus for effecting targeted access to
anonymous users of a network is provided. A second entity
delineates parameters of an audience with heightened interest in an
offering, and a first entity provides the second entity with access
to an audience accordant with these parameters. Consumer data
collected by a network connected appliance used by an appliance
user is linked with an appliance user anonymous identifier, and
communicated to the first entity. Using the parameters, the first
entity analyzes the collected consumer data and aggregates the
appliance user's anonymous identifier with anonymous identifiers of
other appliance users, thereby generating an aggregate set of
anonymous identifiers that point to members of the audience. This
set is marked with an identification code that is communicated to
the second entity that can be used by the second entity to gain
access to the audience through the first entity.
Inventors: |
Goldberg; Paul R.; (Palo
Alto, CA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Goldberg; Paul R. |
Palo Alto |
CA |
US |
|
|
Family ID: |
51229156 |
Appl. No.: |
14/042667 |
Filed: |
September 30, 2013 |
Current U.S.
Class: |
705/7.29 |
Current CPC
Class: |
G06Q 30/0255 20130101;
G06Q 30/0269 20130101; G06F 21/6254 20130101; G06Q 30/0201
20130101 |
Class at
Publication: |
705/7.29 |
International
Class: |
G06Q 30/02 20060101
G06Q030/02 |
Claims
1. A computer implemented method for effecting targeted access to
anonymous users of a network, comprising: communicating to a
computer processor unit at a first entity consumer data resulting
from a user's use of a network connected appliance, the consumer
data being linked with an appliance user anonymous identifier,
wherein processing by the computer processor unit comprises:
analyzing the consumer data by use of one or more delineated
parameters, wherein said delineated parameters define an audience
with heightened interest in an offering of a second entity;
aggregating in accordance with the results of the analysis the
appliance user's anonymous identifier with a set of appliance user
anonymous identifiers linked with the consumer data of other
appliance users, such that each appliance user anonymous identifier
included in the aggregate set points to an appliance user whose
collected consumer data corresponds to at least one delineated
parameter in common with the collected consumer data of the other
appliance users whose anonymous identifiers are included in the
aggregate set, generating an aggregate set of anonymous
identifiers, each anonymous identifier in the aggregate set
pointing to a member of the audience, wherein said audience
includes the appliance user; marking the aggregate set with an
identification code; communicating the identification code from the
first entity to the second entity; and providing the second entity
with access to the audience through the first entity by use of the
aggregate set identification code.
2. The method of claim 1 wherein the electronic network is the
Internet.
3. The method of claim 1 wherein at least one delineated parameter
used to analyze the consumer data is provided by the second
entity.
4. The method of claim 1 wherein the first entity communicates to
the appliance user an offer available from the second entity.
5. The method of claim 1 wherein the appliance communicates with
the first entity when the appliance user initiates communication
with a website where a second entity offering is available.
6. The method of claim 1 wherein the first entity communicates the
aggregate set identification code to the appliance.
7. The method of claim 1 wherein the appliance communicates the
aggregate set identification code to the second entity while
communicating with a website where a second entity offering is
available, and the aggregate set identification code is used by the
second entity to verify that the appliance user is a member of the
audience.
8. A system for effecting targeted access to anonymous users of a
network, comprising: a computer at a first entity, the computer
being comprised of: a data storage unit a processor unit a network
communications interface; and software stored on the data storage
unit that control processes executed on the processor unit,
wherein: the processor unit receives consumer data linked with an
appliance user anonymous identifier resulting from the user's use
of a network connected appliance, communicated to the processor
unit through use of the network communications interface; the
processor unit analyzes the consumer data by the use of one or more
delineated parameters, wherein said delineated parameters define an
audience with heightened interest in an offering of the second
entity; the processor unit aggregates in accordance with the
results of the analysis the appliance user's anonymous identifier
with a set of appliance user anonymous identifiers linked with the
consumer data of other appliance users, such that each appliance
user anonymous identifier included in the aggregate set points to
an appliance user whose collected consumer data corresponds to at
least one delineated parameter in common with the collected
consumer data of the other appliance users whose anonymous
identifiers are included in the aggregate set, and generates an
aggregate set of anonymous identifiers, each anonymous identifier
in the aggregate set pointing to a member of the audience, wherein
said audience includes the appliance user; the processor unit marks
the aggregate set with an identification code; the processor unit
communicates the identification code from the first entity to the
second entity; and the processor unit provides the second entity
with access to the audience by use of the identification code.
9. The system of claim 8 wherein the electronic network is the
Internet.
10. The system of claim 8 wherein the first entity obtains at least
one delineated parameter used to analyze the consumer data from the
second entity.
11. The system of claim 8 wherein the first entity communicates to
the appliance user an offer available from the second entity.
12. The system of claim 8 wherein the appliance communicates with
the first entity when the appliance user initiates communication
with a website where a second entity offering is available.
13. The system of claim 8 wherein the first entity communicates the
aggregate set identification code to the appliance.
14. The system of claim 8 wherein the appliance communicates the
aggregate set identification code to the second entity while
communicating with a website where a second entity offering is
available, and the second entity uses the aggregate set
identification code to verify that the appliance user is a member
of the audience.
15. A network connected appliance for effecting targeted access to
a user of the appliance, comprising: a processor; a memory; a
network communications interface; and a computer program stored in
said memory and executed on said processor wherein: the processor
obtains authorization from the appliance user to collect and
communicate the appliance user's consumer data to a first entity;
the processor generates an appliance user anonymous identifier; the
processor collects the appliance user's consumer data; the
processor links the generated appliance user anonymous identifier
with the collected consumer data; the processor communicates the
consumer data and appliance user's anonymous identifier to the
first entity by use of the network communications interface; the
processor receives an offer from a second entity communicated by
the first entity by use of the network communications interface;
and the processor receives the identification code of an aggregate
set of anonymous identifiers in which the appliance user's
anonymous identifier is included from the first entity by use of
the network communications interface.
16. The appliance of claim 15 wherein the electronic network is the
Internet.
17. The appliance of claim 15 wherein the computer program is
downloaded from the first entity.
18. The appliance of claim 15 wherein the processor encrypts the
consumer data prior to the network communications interface
communicating the consumer data and appliance user's anonymous
identifier to the first entity.
19. The appliance of claim 15 wherein the processor establishes a
communication session with the first entity by use of the network
communications interface and receives a communication from the
first entity that includes the offer from the second entity.
20. The appliance of claim 15 wherein the network communication
interface sends a communication to the first entity when the
appliance user initiates communication with a website of the second
entity.
Description
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] This application is a continuation-in-part of co-pending
U.S. Non-Provisional application Ser. No. 13/802,243 filed Mar. 13,
2013.
BACKGROUND OF INVENTION
[0002] 1. Field of Invention
[0003] In general this invention relates to the promoting of
content, products or services through use of an electronic network,
without compromising the privacy and security of the users of the
network. In particular, it relates to accessing anonymous users of
a network and communicating to these users offers for content,
products or services targeted to their interests.
[0004] 2. Discussion of Related Art
[0005] Consumer data, that is data collected by a network connected
appliance as a result of a consumer's use of the appliance, is
being provided to a wide range of entities for the purpose of
promoting content, products or services offered by many of these
entities. Such promotion may be effected by delivering promotional
campaigns, often in the form of advertisements, from suppliers of
goods or services; publishers of news, commentary or entertainment
content; creators of news, commentary or entertainment content; or
advertising agencies, among others, to individual consumers, or
groups of consumers, that are targeted through use of such
collected consumer data. The collected consumer data are analyzed
to determine the interests of individual consumers or groups of
consumers, and those consumers that are believed to possibly have a
particular interest in the content, products or services being
offered are targeted with the advertisement, or advertisements,
that comprise the promotional campaign. These advertisements may
accompany, or be embedded within, content such as news, multimedia
entertainment, and searched for information viewed by the
consumer.
[0006] The collected consumer data used to determine the
characteristics of advertisements or promotional campaigns that
best target particular consumers or consumer groups include
consumers' product interests, product preferences, network browsing
history, physical location and personal data. The appliance used
for delivering such targeted advertisements is often the same
appliance that is employed to collect the consumer's data. Since
the collection of this data is carried out, in many cases, without
the consumer's knowledge or consent, the entity collecting such
data is often accused of compromising the consumer's privacy and
security while attempting to promote their content, products or
services. Therefore, this practice has caught the attention of
lawmakers around the world, especially in the 30 states of the
European Economic Area, the United States, Australia and South
Korea, and has led to legislation directed to controlling the
collection, secure use, and storage of consumer data. Although
there can be a high economic cost associated with violating these
laws, due to an increasing number of strict regulations with harsh
penalties being enacted, and there is consumer opposition to the
unauthorized use and sharing of consumer data, a large number of
organizations have chosen to work toward complying with the often
conflicting government regulations, instead of discontinuing the
practice of collecting consumer data from network connected
appliances. This course of action has, in many cases, been chosen
because collected consumer data provides much of the business
intelligence needed to achieve the organization's business
objectives and product promotion goals. These organizations are
therefore working towards incorporating meaningful data security
and privacy policies into their business practices, at great
expense, in an effort to achieve sufficient compliance with the
government privacy regulations in the regions of the world in which
they operate.
[0007] However, due to the many entities currently participating in
each on line advertising transaction that employ and share consumer
data, attempting to comply with government privacy regulations is
problematic. FIGS. 1 and 2 illustrate why this is so. FIG. 1 is a
block diagram of a current example on line advertising transaction,
and FIG. 2 is a flowchart of a current example on line advertising
transaction. In the following discussion, all reference numbers
between 100 and 199 designate elements of FIG. 1 and all reference
numbers between 200 and 299 designate elements of FIG. 2. As can be
seen from FIG. 1, the participants in an on line advertising
transaction may include: Advertiser 105, Media Agency 110, Demand
Side Platform (DSP) 115, Data Management Platform (DMP) 120, Supply
Side Platform (SSP) 125, Ad Exchange 130, Content Delivery Network
135, Publisher 140, Data Sources 150, and Network Connected
Appliance 145. Advertiser 105, Media Agency 110 and Publisher 140
are shown in FIG. 1 as separate participants, although Advertiser
105 could possibly be a supplier of goods or services, a publisher
of news, commentary or entertainment content, a creator of news,
commentary or entertainment content, or an advertising agency, and
thus encompass the roles played by Media Agency 110 and Publisher
140. However, in many on line advertising transactions these
participants are separate actors, thus, for reasons of
completeness, they are called out separately. Consumer data
collected by Network Connected Appliance 145 as a result of a
consumer's use of the appliance, tracks many aspects of the
appliance user's on line behavior. This data is communicated over
line 139 of FIG. 1 to Data Sources 150, where it is often augmented
with additional specific real world appliance user data collected
by the entities that comprise Data Sources 150. Such entities
include data services that collect and amass offline (real world)
consumer data, consumer demographics, and web analytics, in
addition to data services that collect and amass on line consumer
data. Such data services can include credit card suppliers,
financial institutions, credit scoring agencies, social networking
sites, gaming sites, on line e-tailers, brick and mortar department
stores, energy companies, utilities and super markets, among many
others. DMP 120 receives augmented consumer data over line 127 from
Data Sources 150, and provides raw and processed versions of the
data to Advertiser 105, Media Agency 110, DSP 115, SSP 125, and
Publisher 140. over lines 111, 113, 109, 123, and 153
respectively.
[0008] In Block 200 of FIG. 2, Advertiser 105 of FIG. 1 initiates
an on line advertising campaign with the goal of promoting their
content, product or service to the maximum degree possible. In
addition, Advertiser 105 defines targeted consumer attributes of an
audience with a heightened interest in their content, product or
service and therefore would be susceptible to their advertising
campaign. In Block 202, Media agency 110 creates the advertising
campaign in accordance with Advertiser 105's targeted consumer
attributes. In Block 204 Supply Side Platform (SSP) 125 determines
audience reach of publishers on their platform using data from
Publisher 140 and DMP 120, and obtains ad space availability, along
with the specifications of the ad space, from publishers. These
specifications may include the size of the available ad space, the
location of the ad space with respect to other web page elements,
and the content being published in the space located adjacent to
and surrounding the available ad space, among others. In the
example of FIGS. 1 and 2 this information is communicated to DSP
115 through DMP 120. Going through DMP 120 provides the opportunity
for DMP-120 to augment the information with processed data and data
from Data Sources 150 before it is communicated to DSP 115. Such
processed data may include an analysis of consumer data collected
from appliance users who have previously visited the publisher's
website, an analysis of the demographics of the audience usually
served by the publisher, an analysis of the possible affect on the
advertiser's brand by the content in close proximity to the
location of the available ad space, and an analysis of how
advertising content and content layout can be optimized for
effectiveness in the available ad space. In Block 206 DSP 115
determines an appropriate advertising campaign publisher utilizing
the ad campaign received from Media Agency 110, and data from DMP
120. In Block 208 Ad Exchange 130 manages negotiations between DSP
115 and SSP 125 for the buying of ad space from a publisher on the
SSP. At the conclusion of negotiations, DSP 115 selects a publisher
to publish the ad campaign. In the example of FIGS. 1 and 2
Publisher 140 is selected. DSP 115 then delivers the ad campaign to
Ad Exchange 130, Ad Exchange 130 delivers the ad campaign to
Content Delivery Network 135 and Publisher 140 delivers the
available ad space to Content Delivery Network 135, as shown in
Block 210. In Block 212 Content Delivery Network combines the ad
campaign from Ad Exchange 130 with the ad space from Publisher 140
and delivers the result to Publisher 140. The combined ad campaign
and ad space is then published by Publisher 140 to the Web in Block
214 and the appliance user views the web published ad campaign on
Network Connected Appliance 145 in Block 216.
[0009] In the above example at least 6 different entities could
receive the consumer data collected by Network Connected Appliance
145, thus placing the users of the network from which the consumer
data was collected at a risk of having their privacy and security
compromised. These entities include: DMP 120, Advertiser 105, Media
Agency 110, DSP 115, SSP 125 and Publisher 140. In addition, the
entities that comprise Data Sources 150, entities that collect and
supply consumer data from both a consumer's use of their network
connected appliance and from real world consumer activities, have
access to the consumer data they collect. It is therefore clear
that there exists a need for a network based consumer data
collection and provisioning approach that allows organizations to
obtain the consumer data derived business intelligence they require
to promote their content, products or services, while minimizing
the risk of compromising the privacy and security of the consumers
who use the network.
SUMMARY OF INVENTION
[0010] The present invention provides a method, system, and
apparatus for effecting targeted access to anonymous users of a
network. It performs this function by obtaining authorization from
a user of a network connected appliance to collect and communicate
to a first entity consumer data resulting from the user's use of
the appliance; collecting the consumer data by use of the network
connected appliance; linking the collected consumer data with an
appliance user anonymous identifier; communicating the consumer
data and appliance user's anonymous identifier to the first entity;
analyzing the data at the first entity by the use of one or more
delineated parameters, where the delineated parameters define an
audience with heightened interested in an offering of a second
entity; aggregating at the first entity the appliance user's
anonymous identifier with a set of appliance user anonymous
identifiers linked with consumer data of other appliance users,
such that each appliance user anonymous identifier included in the
aggregate set points to an appliance user whose collected consumer
data corresponds to at least one parameter in common with the
collected consumer data of the other appliance users whose
anonymous identifiers are included in the aggregate set, thus
generating an aggregate set of appliance user anonymous identifiers
that point to the audience, where the audience includes the
appliance user; marking the aggregate set with an identification
code; communicating the identification code from the first entity
to the second entity; and providing the second entity with access
to the audience through the first entity by use of the aggregate
set identification code. The second entity could, for example, be a
supplier of goods or services, a publisher of news, commentary or
entertainment content, a creator of news, commentary or
entertainment content, or an advertising agency, among others. This
provides the second entity with access to an audience meeting
desirable parameters, without disclosing to the second entity any
audience member consumer data, thus preserving the audience members
anonymity, privacy and security. The second entity may use this
access to promote content, products or services of particular
interest to the qualified anonymous audience, using the electronic
network. The electronic network employed by the network connected
appliance of the present invention may, for example, be the
Internet. In addition, one or more parameters used by the first
entity to analyze the collected network connected appliance user
consumer data, and define an audience with heightened interested in
an offering of the second entity, may be provided by the second
entity. In this case, the resulting audience may be wholly, or in
part, defined by the second entity.
[0011] The network connected appliance for collecting and
communicating to the first entity an appliance user's consumer data
resulting from the user's use of the appliance can be comprised of
a processor, a memory, a network communications interface and a
computer program stored in the memory and executed on the
processor. Such a computer program could, for example, be
downloaded from the first entity in the form of a software
application. When these elements are employed to implement the
network connected appliance of the present invention, the processor
obtains authorization from the appliance user to collect and
communicate the appliance user's consumer data to the first entity;
the processor generates an appliance user anonymous identifier; the
processor collects appliance user's consumer data; the processor
links the generated appliance user anonymous identifier with the
collected consumer data; and the network communications interface
communicates the consumer data and appliance user anonymous
identifier to the first entity. Prior to communication to the first
entity, the processor may also encrypt the collected consumer data
and/or perform in-appliance de-identification of the collected
consumer data. The de-identification removes personally
identifiable information (PII) from the collected consumer data and
the encryption protects consumer data privacy and security.
[0012] The network communications interface of the appliance of the
present invention, can also be used to receive communications from
the first entity. Included in these received communications can be
product, service or other offer descriptions provided to the first
entity from the second entity for dissemination to an audience that
meets delineated parameters and therefore has a heightened
interested in an offering of the second entity, as discussed above.
These communications from the first entity provide the second
entity with access to the audience. In this example, the appliance
user is a member of the audience, thus the second entity is
provided access to the appliance user. Such a communication may be
in the form of a simple list of second entities with offer
descriptions that includes information as to how the user of the
networked connected appliance can take advantage of the offer, such
as the ad campaign website address where the offer is available.
This would allow the appliance user to click on, or touch, a list
item and be connected to the ad campaign website where the
appliance user can obtain further information on the offer and, if
desired, purchase the offered product or service. The communication
may also be significantly more elaborate, including promotional
materials provided by the second entity, or on behalf of the second
entity, designed to motivate the appliance user to engage with the
content, service or product being offered. Such material may
include games, videos, short or long form multimedia entertainment
content, or audio visual presentations synchronized with, or
related to, presentations appearing on other appliances employed by
the appliance user.
[0013] As previously described, an aggregate set of anonymous
appliance user identifiers, that point to a defined audience that
includes the appliance user, is generated by the first entity. The
aggregate set is marked with an aggregate set identification code,
and the code is communicated to the second entity by the first
entity. This code can be used by the second entity to inform the
first entity the particular audience the second entity would like
to address, with, for example, offers or promotional materials
communicated to the first entity. It can also be used to verify
that an appliance user in communication with a second entity's ad
campaign website is a member of the selected audience. However, the
code cannot be employed by the second entity to directly contact
the appliance user.
[0014] At the time that the appliance user initiates communication
with a second entity's ad campaign website, for example by clicking
on an offer description, the network communication interface of the
appliance of the present invention can communicate a message that
includes the appliance user's anonymous identifier to the first
entity, such message indicating that the appliance user has
initiated communication with an ad campaign website of the second
entity, and the second entity website the appliance user is in
communication with. The first entity can then communicate to the
network communication interface of the appliance a message that
includes the identification code communicated to the second entity
that identifies the audience in which the appliance user is a
member and to which the second entity's offer description has been
communicated to. The network communication interface of the
appliance can in turn communicate this identification code to the
second entity through the second entity's campaign website. This
allows the second entity to compare the identification code
communicated by the appliance's network communication interface
with the identification code communicated to the second entity by
the first entity and verify that the appliance user who is
communicating with the second entity's campaign website is a member
of the audience the second entity wishes to address. This verifies
the authenticity of the appliance user as a qualified potential
buyer of the second entity's offerings.
[0015] Thus, without compromising appliance user privacy or
security, the present invention provides the second entity with
verifiable access to a set of qualified appliance users who are
members of an audience that have indicated by their consumer data
that they are potentially interested in an offering of the second
entity, thus greatly enhancing the second entity's ability to
promote their content, product or service.
BRIEF DESCRIPTION OF THE DRAWINGS
[0016] The accompanying drawings are not intended to be drawn to
scale. In the drawings, each identical or nearly identical
component that is illustrated in various figures is represented by
a like numeral. For purposes of clarity, not every component may be
labeled in every drawing. In the drawings:
[0017] FIG. 1 is a block diagram of a current example on line
advertising transaction [Prior Art];
[0018] FIG. 2 is a flowchart of a current example on line
advertising transaction [Prior Art];
[0019] FIG. 3 is an on line advertising transaction block diagram
of the preferred embodiment of the present invention;
[0020] FIG. 4 is an on line advertising transaction flowchart of
the preferred embodiment of the present invention;
[0021] FIG. 5 is a block diagram of a Secure Consumer Data Exchange
of the preferred embodiment of the present invention;
[0022] FIG. 6 is a block diagram of a network connected appliance
of the preferred embodiment of the present invention;
[0023] FIG. 7 is a process flowchart of a network connected
appliance of the preferred embodiment of the present invention;
[0024] FIGS. 8A and 8B illustrate example offer display screens
presented to a user of a network connected appliance of the
preferred embodiment of the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENT
[0025] The present invention will now be described more fully
hereinafter with reference to the accompanying drawings, which form
a part thereof, and which show, by way of illustration, a specific
embodiment by which the invention may be practiced. The invention
may, however, be embodied in many different forms and should not be
construed as limited to the embodiment set forth herein; rather,
this embodiment is provided so that this disclosure will be
thorough and complete, and will fully convey the scope of the
invention to those skilled in the art. Among other things, the
present invention may be embodied as methods or devices.
Accordingly, the present invention may take the form of an entirely
hardware embodiment, and entirely software embodiment or an
embodiment combining software and hardware aspects. The following
detailed description is, therefore, not to be taken in a limiting
sense.
[0026] Throughout the specification and claims, the following terms
take the meanings explicitly associated herein, unless the context
clearly dictates otherwise. The phrase "in one embodiment" as used
herein does not necessarily refer to the same embodiment, though it
may. As used herein, the term "or" is an inclusive "or" operator,
and is equivalent to the term "and/or", unless the context clearly
dictates otherwise. The term "based on" is not exclusive and allows
for being based on additional factors not described, unless the
context clearly dictates otherwise. In addition, throughout the
specification, the meaning of "a", "an", "and" and "the" include
plural references. The meaning of "in" includes "in" and "on".
Also, the use of "including", "comprising", "having", "containing",
"involving", and variations thereof herein, is meant to encompass
the items listed thereafter and equivalents thereof as well as
additional items.
[0027] The present invention effects verifiable targeted access to
a set of anonymous users of a network. Such users are members of a
defined audience, where such audience is defined by use of consumer
data collected by the appliances used by the anonymous network
users to connect and interact with the network. Collected consumer
data is employed to select audience members that have shown a
heightened interest in, for example, particular content, products
or services. A second entity, such as a provider of content,
products or services, seeking access to a pre-qualified audience,
or a media agency working on behalf of such a provider, defines
targeted consumer attributes. These consumer attributes are
employed to derive delineated parameters that are communicated to a
standalone service provider called a Secure Consumer Data Exchange,
or SCDE. This first entity employs the delineated parameters, along
with consumer data communicated to the first entity by the
appliances used by anonymous network users, to generate the desired
audience member set, and thereafter effect second entity access to
the members of the set. Although the first entity is described as a
"standalone service provider" in the following discussion of the
present invention's preferred embodiment, the first entity may take
many forms. For example, the first entity could be an operating
unit of a multidisciplined company, such as AT&T Cloud
Services, Amazon Web Services, or Google Cloud Platform.
[0028] FIGS. 3 and 5, in conjunction with the flow chart of FIG. 4,
are employed in the following discussion to illustrate the
operation of the preferred embodiment of the present invention in
the context of an on line advertising transaction. Although an on
line advertisement transaction is used for purposes of clarity, the
present invention is directed towards targeted access for the
purpose of data delivery in general, therefore the following
discussion should not be read as being limited to targeted access
for the purpose of only advertisement delivery. FIG. 3 is an on
line advertising transaction block diagram of the preferred
embodiment. FIG. 5 is a block diagram of a Secure Consumer Data
Exchange of the preferred embodiment, and FIG. 4 is an on line
advertising transaction flowchart of the preferred embodiment. In
this discussion, all reference numbers between 300 and 399
designate elements of FIG. 3, all reference numbers between 400 and
499 designate elements of FIG. 4, and all reference numbers between
500 and 599 designate elements of FIG. 5.
[0029] As can be seen from FIG. 3, the entities participating in an
on line advertising transaction of the present invention are
Advertiser 305, Media Agency 310, Data Management Platform (DMP)
320, Data Sources 325, Content Sources 330, Publisher 340 in
conjunction with Ad Campaign Website 350, Network Connected
Appliance 345, Proxy Server 315, and Secure Consumer Data Exchange
(SCDE) 360. In following discussion of the preferred embodiment of
the present invention, Media Agency 310 works on behalf of
Advertiser 305. Consumer data is collected by Network Connected
Appliance 345 as a result of a consumer's use of the appliance and
linked by Network Connected Appliance 345 with an appliance user
anonymous identifier, as shown in Block 450 of FIG. 4. Collected
consumer data may include, for example: the websites the appliance
user visited; what news articles, entertainment content product
descriptions and advertisements were clicked on by the appliance
user; the search terms used by the appliance user while searching
for Internet content; what products or services were purchased by
the appliance user on line; what social networking websites,
association websites, and blogs the appliance user visited; how
long the appliance user remained connected to each website; the
physical location of the appliance user at predetermined time
intervals; and what "brick and mortar stores" the appliance user
visited.
[0030] In FIG. 3. the appliance user's collected consumer data and
anonymous identifier is communicated over line 395 to Proxy Server
315, and then from Proxy Server 315 this data are communicated over
line 365 to first entity SCDE 360. Proxy Server 315 is employed to
reduce the possibility that information regarding the Internet
Protocol address (IP address) employed by the network connected
appliance used by the appliance user will be available to SCDE 360.
This can enhance the appliance user's anonymity and thereby provide
the appliance user with increased security, reducing appliance user
concerns that their collected consumer data may be associated with
them. Strictly speaking Proxy Server 315 is not necessary for the
proper operation of the present invention. SCDE 360 analyzes the
consumer data and aggregates the appliance user's anonymous
identifier with a set of other appliance user anonymous identifiers
whose collected consumer data corresponds to at least one common
delineated parameter. The aggregation process is based on the
results of the analysis. These actions are indicated in Block 452.
Delineated parameters used in the analysis and aggregation
processes can be communicated to SCDE 360 from Media Agency 310,
working on behalf of Advertiser 305, the Second Entity in this
discussion This data is communicated between Media Agency 310 and
SCDE 360 over line 380.
[0031] As used in this discussion, the term consumer attributes
denotes characteristics inherent in the group of consumers
Advertiser 305, or Media Agency 310 on behalf of Advertiser 305,
wishes to target with an advertising campaign. Therefore, if
Advertiser 305 asks Media Agency 310 to promote a new restaurant in
Palo Alto, Calif., henceforth referred to as the "Palo Alto
example", such consumer attributes could include: liking a wide
variety of cuisines; enjoying 2 star or above restaurants; living,
working, shopping, or dining in or in the vicinity of Palo Alto,
Calif.; and, eating at restaurants often. Delineated parameters are
numeric quantities assigned to actions associated with individuals
who display particular consumer attributes. Therefore in the
current example, delineated parameters could include: visiting
restaurant review websites (Yelp for example) at least once a week;
viewing menus from Palo Alto restaurants whose prices range from
$11 to $60 per meal without drinks; viewing 2 or more restaurant
websites per month for more than 5 minutes each; viewing the
websites of multiple restaurants, wherein at least 3 of the
restaurants viewed serve different cuisines from each other; being
physically in Palo Alto, or within 10 miles from Palo Alto, at
least 3 times a week; and remaining at a location for between 30
and 90 minutes, at least once a week, where at such location at
least 1 restaurant is known to be located.
[0032] If Media Agency 310 wishes the aggregate set of appliance
user anonymous identifiers generated by SCDE 360 to reflect a broad
range and large number of appliance users, Media Agency 310 could
ask SCDE 360 to include in the aggregate set the anonymous
identifiers of all appliance users whose collected consumer data
satisfies a single delineated parameter. For example, the aggregate
set could be comprised of the anonymous identifiers of appliance
users who are physically in Palo Alto, or within 10 miles from Palo
Alto, at least 3 times a week. Should Media Agency 310 desire a
more focused aggregate set of appliance user anonymous identifiers,
SCDE 360 could employ a second delineated parameter in addition to
the first delineated parameter. In this case, only the anonymous
identifiers of appliance users whose collected consumer data
satisfies both delineated parameters would be included in the set.
Therefore, the more focused aggregate set of appliance user
anonymous identifiers may only include the anonymous identifiers of
appliance users who are physically in Palo Alto, or within 10 miles
from Palo Alto, at least 3 times a week, and view 2 or more
restaurant websites per month for more than 5 minutes each.
Although 2 delineated parameters have been discussed, any number of
delineated parameters could be employed in the analysis and
aggregation processes making it possible to generate very focused
sets of appliance user anonymous identifiers.
[0033] As shown in Block 406 of FIG. 4, Media Agency 310
communicates one or more consumer attributes, or one or more
delineated parameters, along with an ad campaign number relating
the attributes or delineated parameters to a particular ad
campaign, to SCDE 360. SCDE 360 employs these consumer attributes
or delineated parameters to analyze consumer data received from
Network Connected Appliance 345 and determine if the anonymous
identifier associated with the user of Appliance 345 should be
included in the aggregate set of anonymous identifiers that
represent appliance users with an interest in content, product or
services offered by Advertiser 305, as shown in Block 452. In the
case of Media agency 310 communicating consumer attributes to SCDE
360, SCDE 360 would derive delineated parameters from these
consumer attributes to use in the set aggregation process. In the
case of Media Agency 310 communicating delineated parameters to
SCDE 360, SCDE 360 would use these received delineated parameters
directly. Block 406 also shows that Media Agency 310 may
communicate one or more selection algorithms to SCDE 360. A
selection algorithm can be employed by SCDE 360 for determining the
anonymous identifiers to be included in the aggregate set. Such an
algorithm may use numeric input arguments derived from delineated
parameters to effect such selection. The algorithm may use a single
argument or multiple arguments. Further, the algorithm may assign
weights to the arguments, such that some arguments have more
influence on the selection results than others. In addition, the
algorithm may base the weighting of some of the arguments on the
value of one or more of the other arguments.
[0034] The algorithm may be defined in the form of a computer
procedure. An example computer procedure is defined below, using
the "Palo Alto example". In this example, written in the Scheme
programming language conforming to the "Revised.sup.5 Report on the
Algorithmic Language Scheme", edited by Richard Kelsey, William
Clinger, and Jonathan Rees, dated Feb. 20, 1998, the computer
procedure is written as a Scheme "predicate". By convention, Scheme
procedures that always return a Boolean as their value are called
predicates and their names usually end in "?". The defined Scheme
predicate "add-to-aggregate-set?" employs numeric input arguments
whose ranges are predetermined. The procedure returns "#t", the
Scheme notation for "True", should the calculated value derived
from the numeric input arguments included in the call to the
procedure equal or exceed a threshold value and meet some other
criteria, and "#f", the Scheme notation for "False", should the
calculated value derived from the numeric input arguments included
in the call to the procedure not equal or exceed a threshold value
or not meet some other criteria. If the procedure indicates #t, the
appliance user's anonymous identifier is included in the aggregate
set of appliance user anonymous identifiers generated by SCDE 360.
If the procedure indicates #f, the appliance user's anonymous
identifier is not included in the aggregate set of appliance user
anonymous identifiers generated by SCDE 360.
[0035] In the following example Scheme procedure, ap1 through ap6,
w1 through w6, "apmax" and "portion" are arguments included in the
call to the procedure. In the case of the arguments ap1 through
ap6, each of these arguments indicates the degree the appliance
user's collected consumer data satisfies a delineated parameter
used in the "Palo Alto example". Specifically: [0036] ap1=a number
from 0 to 100, where 0 indicates the appliance user's collected
consumer data shows the appliance user does not visit restaurant
review websites, and 100 means the appliance user's collected
consumer data shows, on average, the appliance user visits at least
10 restaurant review websites per month; [0037] ap2=a number from 0
to 100, where 0 indicates the appliance user's collected consumer
data shows the appliance user does not view Palo Alto restaurant
menus whose prices range from $11 to $60 per meal without drinks on
line, and 100 indicates the appliance user's collected consumer
data shows the appliance user views, on average, Palo Alto
restaurant menus whose prices range from $11 to $60 per meal
without drinks on line at least 5 times per month; [0038] ap3=a
number from 0 to 100, where 0 indicates the appliance user's
collected consumer data shows the appliance does not view
restaurant websites and 100 indicates the appliance user's
collected consumer data shows the appliance user views, on average,
at least 10 restaurant websites, for more than 5 minutes each, per
month; [0039] ap4=a number from 0 to 100, where 0 indicates the
appliance user's collected consumer data shows the appliance user
always views the websites of restaurants that serve the same type
of cuisine, and 100 indicates the appliance user's collected
consumer data shows the appliance user views, over a period of 3
months, the websites of at least 5 restaurants whose cuisines are
different from each other; [0040] ap5=a number from 0 to 100, where
0 indicates the appliance user's collected consumer data shows the
appliance user is never physically in Palo Alto, or within 10 miles
from Palo Alto, and 100 indicates the appliance user's collected
consumer data shows the appliance user is physically in Palo Alto,
or within 10 miles from Palo Alto at least 5 times per week; [0041]
ap6=a number from 0 to 100, where 0 indicates the appliance user's
collected consumer data shows the appliance user never remains at a
location for between 30 and 90 minutes, where at such location at
least 1 restaurant is known to be located, and 100 indicates the
appliance user's collected consumer data shows the appliance user
remains at a location for between 30 and 90 minutes, where at such
location at least 1 restaurant is known to be located, at least 3
times per week.
[0042] In the case of the arguments w1 through w6, each of these
arguments are weights assigned to procedure arguments ap1 through
ap6. These weights alter the influence each ap argument has on the
result of the procedure. Specifically: [0043] w1, w2, w3, w4, w5,
w6 are ap1, ap2, ap3, ap4, ap5, ap6 argument weightings
respectively, each with a value from 0 to 2, where 0 indicates that
0% of the ap argument's value influences the procedure result and 2
indicates that 200% of the ap argument's value influences the
procedure result.
[0044] In the case of the argument "apmax", this argument is the
maximum value assigned to each delineated parameter. In the example
Scheme procedure, each delineated parameter is assigned the same
maximum value, the minimum being 0, so only one apmax value is
used. However, each delineated parameter may be assigned a
different maximum value. Therefore, as many apmax values as there
are delineated parameters could be included in the procedure.
[0045] In the case of the argument "portion", this argument is a
number between 0 and 1. The sum of maximum delineated parameter
values, assigned to the variable "tapmax" in the example Scheme
procedure, multiplied by "portion" equals the threshold value that
needs to be attained or exceeded for the consumer's anonymous
identifier to be included in the aggregate set of consumer
anonymous identifiers.
[0046] The example Scheme procedure is defined as follows:
TABLE-US-00001 (define add-to-aggregate-set? (lambda (apmax portion
ap1 w1 ap2 w2 ap3 w3 ap4 w4 ap5 w5 ap6 w6) ; weight arguments;
calculate "total apmax" = tapmax (let* ((ap1w (* ap1 w1)) (ap2w (*
ap2 w2)) (ap3w (* ap3 w3)) (ap4w (* ap4 w4)) (ap5w (* ap5 w5))
(ap6w (* ap6 w6)) (tapmax (* apmax (length (list ap1 ap2 ap3 ap4
ap5 ap6))))) ; add appliance user anonymous identifier to aggregate
set? (cond ((and (>= ap1w 50) (>= ap4w 60) (>= ap6w 33)
(>= (+ ap1w ap2w ap3w ap4w ap5w ap6w) (* tapmax portion))) #t) ;
yes, add anonymous identifier (else #f))))) ; no, do not add
anonymous identifier
[0047] In the above example Scheme procedure, the values of
arguments ap1, ap2, ap3, ap4, ap5, and ap6, are obtained from the
analysis of the appliance user's collected consumer data received
over line 365. As previously stated, ap1 is defined as a number
from 0 to 100, where 0 indicates the appliance user's collected
consumer data shows the appliance user does not visit restaurant
review websites, and 100 means the appliance user's collected
consumer data shows, on average, the appliance user visits at least
10 restaurant review websites per month. Therefore, for collected
appliance user consumer data that, when analyzed, shows the
appliance user visits, on average, 5 restaurant review websites per
month, ap1 could be assigned a value of 50 as a result of the
analysis process.
[0048] Using the descriptions in the previous paragraphs for ap2
through ap6, and reasoning similar to that employed in the previous
paragraph to assign a value to ap1, values could be assigned to ap2
through ap6 as follows: [0049] a) If the collected appliance user's
consumer data shows that the appliance user views, on average, Palo
Alto restaurant menus whose prices range from $11 to $60 per meal
without drinks on line at least 2 times per month, ap2 could be
assigned a value of 40 as a result of the analysis process; [0050]
b) If the collected appliance user's consumer data shows that the
appliance user views, on average, at least 5 restaurant websites,
for more than 5 minutes each, per month ap3 could be assigned a
value of 50 as a result of the analysis process; [0051] c) If the
collected appliance user's consumer data shows that the appliance
user views, over a period of 3 months, the websites of 3
restaurants whose cuisines are different from each other, ap4 could
be assigned a value of 60 as a result of the analysis process;
[0052] d) If the collected appliance user's consumer data shows
that the appliance user is physically in Palo Alto, or within 10
miles from Palo Alto, 2 times per week, apt 5 could be assigned a
value of 40 as a result of the analysis process; and [0053] e) If
the collected appliance user's consumer data shows that the
appliance user remains at a location for between 30 and 90 minutes,
where at such location at least 1 restaurant is known to be
located, 1 time per week, apt 6 could be assigned a value of 33 as
a result of the analysis process.
[0054] The values of arguments w1, w2, w3, w4, w5, and w6, alter
the importance of arguments ap1, ap2, ap3, ap4, ap5 and ap6
respectively. The more important an "ap" argument is the greater
the influence it has on the result of the "add-to-aggregate-set?"
procedure. For example, Media Agency 310 may voice a desire to SCDE
360 to increase the number of anonymous identifiers in the
aggregate set that are linked to the consumer data of appliance
users who are physically in Palo Alto, or within 10 miles from Palo
Alto on at least a weekly basis. This can be accomplished by
changing the value of argument w5. If, for example, w5 was 1.0,
argument ap5's effective influence on the result of the procedure
would be 100% of its numerical value. By increasing w5 to 1.3,
ap5's effective influence on attaining or exceeded the threshold
value that needs to be reached for the consumer's anonymous
identifier to be included in the aggregate set of consumer
anonymous identifiers, would be increased by 30% to 130% of its
numerical value. Thus, the number of anonymous identifiers in the
aggregate set that are linked to the consumer data of appliance
users who are physically in Palo Alto, or within 10 miles from Palo
Alto on at least a weekly basis would increase.
[0055] The value of the argument "apmax" sets the maximum value of
arguments ap1, ap2, ap3, ap4, ap5 and ap6. For ease of discussion,
the "add-to-aggregate-set?" procedure is written such that all the
"ap" arguments have the same maximum value, where this value is set
by the use of a single "apmax" argument. In general, this need not
be the case. The procedure could have been written to allow the
maximum value of each "ap" argument to be different and set by
separate arguments in the procedure call. Although "apmax" can be
any value, a good value for the example procedure under discussion
would be 100.
[0056] The value of the argument "portion" determines the threshold
value that needs to be attained or exceeded for the appliance
user's anonymous identifier to be included in the aggregate set of
appliance user anonymous identifiers. An inspection of the
"add-to-aggregate-set?" procedure's Scheme code shows how the
argument "portion" plays this role. The Scheme code fragment:
[0057] (>=(+ap1w ap2w ap3w ap4w ap5w ap6w) (* tapmax portion))
calls for multiplying variable "tapmax" by argument "portion",
where "tapmax" has been previously set in the procedure to: [0058]
(tapmax (* apmax (length (list ap1 ap2 ap3 ap4 ap5 ap6)))) or,
using mathematical notation, to tapmax=(apmax*the number of ap
arguments). In other words, since, for this example, apmax is the
same value for each ap argument used in the "add-to-aggregate-set?"
procedure, tapmax is equal to the single apmax argument times the
number of ap arguments used in the procedure. Referring back to the
Scheme code fragment above, it can be seen that the argument
"portion" has the affect of setting the value that needs to be
attained or exceeded for the appliance user's anonymous identifier
to be included in the aggregate set of appliance user's anonymous
identifiers, since if the sum of weighted arguments apw1, apw2
apw3, apw4, apw5 and apw6 is equal to or exceeds (* tapmax
portion), or in mathematical notion (tapmax*portion), the appliance
user's anonymous identifier is included in the aggregate set. If it
does not, the appliance user's anonymous identifier is not
included.
[0059] To demonstrate how the argument "portion" acts to set the
threshold value, and thereby alter the number of appliance user
anonymous identifiers included in the set of anonymous identifiers,
recall that in the call to the "add-to-aggregate-set?" procedure
there are 6 arguments, ap1-ap6. These six arguments are derived
from an analysis of the appliance user's collected consumer data
based on 6 delineated parameters. Also recall that a good value for
"apmax" is 100. Letting apmax equal 100 causes "tapmax" to equal
600, a constant value throughout the execution of the procedure. If
the argument "portion" is chosen to be 0.50, the threshold value
that needs to be attained or exceeded for the appliance user's
anonymous identifier to be included in the aggregate set of
appliance user anonymous identifiers is 300. Lowering the value of
"portion" to, for example, 0.25, decreases the threshold value to
150 and thereby potentially increases the number of included
appliance user anonymous identifiers by as much as 1.5 times. The
actual amount of increase depends on a number of factors including:
the number of appliance user consumer data sets employed in the
consumer data analysis, the number of delineated parameters
employed in the analysis, and the distribution uniformity of the
consumer data with respect to the employed delineated
parameters.
[0060] Included in the "add-to-aggregate-set?" procedure is another
filtering process to further focus the generated aggregate set of
anonymous appliance user identifiers in accordance with Media
Agency 310's wishes. This filtering process is embodied in the
following Scheme code fragment:
TABLE-US-00002 (and (>= ap1w 50) (>= ap4w 60) (>= ap6w 33)
(>= (+ ap1w ap2w ap3w ap4w ap5w ap6w)(* tapmax portion)))
The last line of the "and" statement is the code fragment discussed
in the preceding 2 paragraphs. For this "and" statement to result
in a #t output, and thereby cause the execution of the
"add-to-aggregate-set?" procedure to result in a #t output, all
lines of the statement must be true. Specifically, ap1w must be
greater than or equal to 50, apw4 must be greater than or equal to
60, apw6 must be greater than or equal to 33 and the sum of ap1w
through ap6w must be greater than or equal to (tapmax*portion).
Assuming the last line of the "and" statement is satisfied and the
weights applied to arguments ap1, ap4 and ap6 are 1, Media Agency
310 could request, for example, that the aggregate set of appliance
user anonymous identifiers at least include the anonymous
identifiers of appliance users whose consumer data indicates that
the appliance user visits, on average, 5 restaurant review websites
per month ap1w>=50), the appliance user views, over a period of
3 months, the websites of 3 restaurants whose cuisines are
different from each other (ap4w>=60), and the appliance user
remains at a location for between 30 and 90 minutes, where at such
location at least 1 restaurant is known to be located, 1 time per
week (apt6w>=33).
[0061] As previously discussed, "add-to-aggregate-set?" procedure
argument values ap1 through ap6 are generated by the analysis of
appliance user consumer data communicated to SCDE 360 from Network
Connected Appliance 345, through Proxy Server 315, over lines 395
and 365. Since Appliance 345 has access to Internet downloaded,
appliance user generated, appliance user location, and appliance
generated data sources, among other data sources, consumer data may
be collected by Appliance 345 in many different formats. Such
source formats could include text, binary, xml, sgml, html,
portable document format (pdf), and Open Document Format (ODF), to
name a few. For ease of analysis by SCDE 360, data in these
disparate formats is converted by Appliance 345 into a common
format before being communicated to SCDE 360, although SCDE 360
could receive variably formatted data from Appliance 345 and
convert the data into a common format for analysis. In the
preferred embodiment of the present invention herein discussed,
Appliance 345 converts collected consumer data into the comma
delimited Comma Separated Value (CSV) text file format, where each
data element is separated from the following data element by an
ASCII comma character. Other data file formats can be used. The
first data element of the CSV text file communicated to SCDE 360
from Appliance 345 through Proxy Server 315 is the appliance user's
anonymous identifier, although the appliance user's anonymous
identifier could appear as the last element of the file, or in any
other predefined position of the file. The second element is a time
stamp data element, where the time stamp data is generated by
Appliance 345's real time clock. This element designates the date
and time the following data element was collected by Appliance 345.
The third element of the CSV text file contains a first collected
consumer data element. The fourth element is a time stamp data
value element, and the fifth element is a second collected consumer
data element. The pattern of time stamp data element followed by
collected consumer data element continues throughout the rest of
the file. The collected consumer data element could contain, for
example, the Uniform Resource Locater (URL) address of a web page
on the world wide web visited by the appliance user, the URL of a
hyperlink on the visited web page over which the appliance's
pointing device passed or the appliance user clicked on, the length
of time the appliance user remained on a particular web page, the
Universal Product Code (UPC) of a product or service purchased by
the appliance user while using the appliance, the Global
Positioning System (GPS) coordinates of the appliance user at the
location where the appliance user is using the appliance, or the
appliance user's location coordinates derived from the positions of
cell towers and Wi-Fi access points at the location where the
appliance user is using the appliance. The collected consumer data
element could also contain other data related to the appliance
user's use of the appliance. After collecting appliance user
consumer data for a predetermined period of time, collecting a
predetermined number of consumer data elements, or collecting
consumer data elements until a predetermined event occurs, and
forming one or move CSV text files, each containing collected
appliance user consumer data and the appliance user's anonymous
identifier, Appliance 345 encrypts the data and communicates the
encrypted data to SCDE 360 through Proxy Server 315.
[0062] SCDE 360 receives the encrypted CSV files from Network
Connected Appliance 345 through Proxy Server 315, stores the files
in encrypted form on Data Storage Unit 509 of FIG. 5, and decrypts
the files when required, readying the appliance user consumer data
contained in the CSV files for analysis. Strictly speaking, the
storage of received appliance user consumer data in encrypted form
is not required. However, such encrypted data storage increases the
security of the data stored on Data Storage Unit 509, which is an
important factors in: a) providing the user of Appliance 345 with
confidence that their consumer data is protected and unavailable to
entities that should not have access to their data, and b)
facilitating compliance with government consumer privacy
legislation and regulations. The SCDE 360 processes to be discussed
are performed on Enterprise Server 500 of FIG. 5. Outlined double
headed Arrow 503 indicates that Processes 505 take the physical
form of software stored on Data Storage Unit 509 which is executed
on High Performance CPU 513 in conjunction with High Speed Random
Access Memory (RAM) 511. As shown in FIG. 5, Interface With User
Appliance Process 517 uses Network Communication Interface 515 in
conjunction with Network Connection Line 507, Data Storage
Process/Retrieval Process 521, and Encryption/Decryption Process
525, to effect communication with Network Connected Appliance 345
through Proxy Server 315 over Line 365. Inter-process Communication
519 serves as the data conduit between Process 517 and Process 521,
and Inter-process Communication 523 serves as the data conduit
between Process 521 and Process 525.
[0063] Consumer Data De-Identification (De-ID)/Combining Process
533 receives decrypted CSV file data from Encryption/Decryption
Process 525 through Inter-process Communication 531, and performs
de-identification processing of the consumer data contained within
the CSV file. Although not strictly required for the operation of
the preferred embodiment of the present invention, such
de-identification processing may be employed to enhance the privacy
of the user of Appliance 345. As will be later discussed,
de-identification may be performed by Appliance 345 before the
encrypted CSV file is communicated to SCDE 360. In this case,
de-identification processing need not be repeated by Process 533.
The de-identified consumer data in the form of decrypted and
de-identified CSV text file data is output from Process 533 and
communicated through Inter-process Communication 531 to
Encryption/Decryption Process 525 where it is encrypted and
communicated to Data Storage/Retrieval Process 521 through
Inter-process Communication 523 for storage in encrypted form on
Data Storage Unit 509. Each time SCDE 360 receives a CSV file
containing the same appliance user anonymous identifier as a CSV
file previously stored on Data Storage Unit 509, regardless of the
network connected appliance from which it is received, the received
file is decrypted by Process 525 and communicated to Process 533
through inter-process communication 531, along with decrypted
versions of the previously stored encrypted stored CSV files
containing the same appliance user anonymous identifier. Process
533 combines the consumer data contained in these files and
communicates the combined consumer data file through Inter-process
Communication 531 to Encryption/Decryption Process 525 where it is
encrypted and communicated to Data Storage/Retrieval Process 521
through Inter-process Communication 523 for storage in encrypted
form on Data Storage Unit 509. Thus, consumer data files containing
the same appliance user anonymous identifier, received over
multiple communications from multiple network connected appliances,
may be caused to reside in a single encrypted CSV file on Storage
Unit 509. It will be obvious to one skilled in the art that
multiple files containing the same appliance user anonymous
identifier that are logically linked, allowing them to be retrieved
or processed together, may be stored in place of a single file.
[0064] The following 4 processes, Consumer Data Parsing And
Grouping Process 537, Consumer Data Argument Generation Process
541, Appliance User Anonymous Identifier Selection Process 545, and
Appliance User Anonymous Identifier Aggregation And Aggregate Set
Identification Code Marking Process 549, comprise the 4 stages of
appliance user collected consumer data analysis performed by SCDE
360. An encrypted consumer data file, is retrieved from Storage
Unit 509, through the use of Data Storage/Retrieval Process 521 and
Encryption/Decryption Process 525, and communicated in decrypted
form through Inter-process Communication 535 to Process 537.
Process 537 parses and groups this decrypted file into delineated
parameter categories. To illustrate using the "Palo Alto example",
the categories could be chosen to correspond to the definitions of
arguments ap1-ap6 of the "add-to-aggregate-set?" procedure
discussed above. Many text data search programs, such as sgrep and
agrep, in combination with scripting languages such as Python,
Ruby, Perl. Tcl, Guile, Gauche, and Scsh can be employed to perform
this parsing and grouping. The resulting output from Process 537,
is a CSV text file where the first data element of the CSV text
file is the appliance user's anonymous identifier, the second
element is a time stamp data element that indicates the date and
time the following data element was collected, and the third
element is a collected consumer data element. However, the CSV text
file's time stamp data and collected consumer data elements are now
grouped in accordance with the definitions of arguments ap1-ap6.
Such groupings could be delimited by 2 empty element positions in a
row, in other words 3 commas directly following one another. As a
simplified example, let all ap arguments be equal to zero except
for arguments ap1 and ap6. Recall that argument ap1 is defined as:
a number from 0 to 100, where 0 indicates the appliance user's
collected consumer data shows the appliance user does not visit
restaurant review websites, and 100 means the appliance user's
collected consumer data shows, on average, the appliance user
visits at least 10 restaurant review websites per month. Also
recall that argument ap6 is defined as: a number from 0 to 100,
where 0 indicates the appliance user's collected consumer data
shows the appliance user never remains at a physical location for
between 30 and 90 minutes, where at such location at least 1
restaurant is known to be located, and 100 indicates the appliance
user's collected consumer data shows the appliance user remains at
a physical location for between 30 and 90 minutes, where at such
location at least 1 restaurant is known to be located, at least 3
times per week. With ap arguments ap2-ap5 being equal to zero,
process 537 purges all collected consumer data not relating to the
definitions of arguments ap1 and ap6 from the data output
communicated to the following data analysis process. In this case
that is Consumer Data Argument Value Generation Process 541. Thus,
the CSV text file output from Process 537 may contain a sequence of
data elements where the first data element contains the appliance
user's anonymous identifier, the second data element contains the
time at which the appliance user visited a restaurant review
website, the third data element contains the URL of the restaurant
review website visited, the fourth data element contains the time
at which the appliance user visited a restaurant website, and the
fifth data element contains the URL of the restaurant review
website visited, which may be the same URL as appeared in the third
data element if the appliance user was still visiting the same
website when the next appliance user consumer data sample was
collected. This sequence continues until no more data pertaining to
the definition of ap1 appears in the CSV text file input to Process
537. Immediately following the last data element pertaining to the
definition of ap1 could be 3 commas in a row, to indicate that
appliance user consumer data related to another ap argument
definition, in this case ap6, will now appear in the CSV text file.
In accordance with the definition of ap6, the next data element in
the sequence contains the time the data element was collected, and
the following data element in the sequence contains the GPS
coordinates of the appliance user's location at the time of
consumer data collection. This sequence repeats at the consumer
data collection rate until the end of the file.
[0065] The parsed and grouped appliance user consumer data CSV text
file generated by Process 537 is communicated through Inter-process
Communication 539 to Process 541. Process 541 first gathers
statistics associated with the consumer data. These statistics may
include, but not be limited to, a tabulation of the number of
restaurant review websites the appliance user physically visited
over the time period during which the data contained in the CSV
text file was collected, the number of different locations the
appliance user visited over the time period during which the data
contained in the CSV text file was collected, the number of times
the appliance user visited each location over the time period
during which the data contained in the CSV text file was collected,
the date and time the appliance user visited the location, the
length of time the appliance user remained at each location, and
the GPS coordinates of the locations the appliance user remained at
for more than 30 minutes but less than 90 minutes. The tabulated
data is then analyzed for the purpose of generating consumer data
argument values. In this case only arguments ap1 and ap6 are
generated because, as previously discussed, all arguments except
for arguments ap1 and ap6 have been set to 0 for this simplified
example. For the generation of the value of argument ap1, the
analysis could employ the number of restaurant review websites the
appliance user visited over a period of time. This data is
contained in the tabulated appliance user consumer data being
analyzed. Given the definition of argument ap1, if the tabulated
appliance user consumer data shows the appliance user visited, on
average, 5 restaurant review websites per month, ap1 could be
assigned a value of 50 as a result of the analysis process. For the
generation of the value of argument ap6, the analysis could employ
the number of different locations the appliance user physically
visited, the number of times the appliance user visited each
location, the date and time the appliance user visited the
location, the length of time the appliance user remained at each
location, and the GPS coordinates of the locations the appliance
user remained at for more than 30 minutes but less than 90 minutes.
Given the definition of argument ap6, if the tabulated appliance
user consumer data shows the appliance user remained at a location
for between 30 and 90 minutes, where at such location at least 1
restaurant is known to be located, 1 time per week, apt 6 could be
assigned a value of 33 as a result of the analysis process. In
order to determine if at least 1 restaurant is located at a
location physical visited by the appliance user, the analysis
performed by Process 541 could use data obtained by SCDE 360 from
Data Sources 325 over line 347, as shown in FIG. 3. In this
example, Data Sources 325 provides, among other data, data listing
businesses located at or within walking distance from submitted GPS
coordinates.
[0066] The generated ap argument values are output from Process 541
and communicated through Inter-process Communication 543 to Process
545 along with the appliance user's anonymous identifier. Process
545 employs the communicated ap argument values to determine
whether the appliance user's anonymous identifier should be
aggregated with a set of other appliance user anonymous
identifiers. Process 545 selects the appliance user's anonymous
identifier for aggregation if one or more ap argument values
derived from the appliance user's collected consumer data is within
a predefined ap value range, where each ap argument may utilize a
different ap value range. If one or more ap values are not within
their predefined range the appliance user's anonymous identifier is
not selected for aggregation. The number of ap argument values used
could be defined by Media Agency 310 or SCDE 360, and depends on
how focused the anonymous identifier selection process is to be.
The more ap argument value ranges that need to be satisfied, the
more focused the anonymous identifier selection process. A more
focused anonymous identifier selection process causes a lower
number of anonymous identifiers to be selected for inclusion in the
aggregate set of anonymous identifiers. Recall that in this
discussion ap argument values indicate the degree the appliance
user's collected consumer data satisfies a delineated parameter
either directly supplied by Media Agency 310 or derived from
consumer attributes supplied by Media Agency 310. The ap value
ranges used by Process 545 may be defined in many ways. For
example, they may be empirically defined by Media Agency 310 or
SCDE 360, defined by Media Agency 310 based on data supplied to
Media Agency 310 by Data Sources 325 over Line 303, or defined by
SCDE 360 based on data provided to SCDE 360 by Data Sources 325
over Line 347. If the ap value ranges are defined by Media Agency
310, they would be communicated to SCDE 360 over Line 380. Such
data may include demographic data, GPS location data, web analysis
data, other data, or a combination thereof. Therefore, since
Process 545 selects appliance user anonymous identifiers for
inclusion in the aggregate set of anonymous identifiers, whose
related analyzed consumer data display one or more ap argument
values that fall within one or more predefined ranges, the
aggregate set of anonymous identifiers generated by following
Process 549 will contain anonymous identifiers that point to
appliance users whose consumer data have at least one delineated
parameter in common. Previously discussed Scheme procedure
"add-to-aggregate-set?" can be used by Process 545 for such
appliance user's anonymous identifier selection.
[0067] The selected appliance user anonymous identifier is output
from Process 545 and communicated through Inter-process
Communication 547 to Process 549. Process 549 also receives a file
containing the set of appliance user anonymous identifiers to which
the appliance user's anonymous identifier is be aggregated with,
from Process 525 through Inter-process Communication 555. The set
may be contained in a text file where each appliance user anonymous
identifier is separated from the following identifier by an ASCII
line feed character thus causing each identifier to reside on a
separate line of the file when the file is viewed, a comma
delimited CSV text file where each anonymous identifier is
separated from the following identifier by an ASCII comma
character, or any other data carrying file capable of being sorted
and added to. Prior to communicating the file to Process 549,
Process 525 decrypts the file. Such decryption is necessary
because, in this example, the file containing the set of appliance
user anonymous identifiers is stored in Data Storage Unit 509 in
encrypted form and retrieved by Data Storage/Retrieval Process 521
from Data Storage Unit 509 in encrypted form. Thus, Process 525
needs to decrypt the file containing the set of anonymous
identifiers received from Process 521 through Inter-process
Communication 523 prior to communicating the file to Process 549.
Subsequent to receiving the decrypted file, Process 549
concatenates the selected appliance user anonymous identifier with
the set of appliance user anonymous identifiers contained in the
received file. Although concatenation is specified in this example,
other combinatorial approaches can be employed to effect the
aggregation. The resulting aggregate set of anonymous identifiers
may then be sorted in various ways, such as in ascending or
descending anonymous identifier order. Such sorting may be effected
for the purpose of facilitating the use of the aggregate set of
identifiers at a later time.
[0068] Process 549 marks the aggregate set of appliance user
anonymous identifiers with an aggregate set identification code and
communicates the aggregate set in the form, for example, of an
ASCII line feed character delimited text file to Process 525
through Inter-process Communication 555. In the following
discussion, Process 525 encrypts the file using public/private key
cryptography, although encryption based on other cryptography
approaches can be employed. The file is encrypted in order to allow
Data Storage Process 521, which receives the file data through
Inter-process Communication 523, to store the file on Data Storage
Unit 509 for later use as securely as possible. Strictly speaking,
storing the line feed character delimited text file containing the
aggregate set of appliance user anonymous identifiers in encrypted
form is not required. However, encrypting the file increases the
security of the data stored in the file, and should the file be
accessed by unauthorized entities, deters such entities from
readily being able to read and use the data contained in the file.
This deterrence is an important factor in: a) providing the
appliance user with confidence that their consumer data is
protected and unavailable to entities who should not have access to
their data, and b) facilitating compliance with government consumer
privacy legislation and regulations.
[0069] Pretty Good Privacy (PGP) or Gnu Privacy Guard (GnuPG), as
well as other public/private key software programs, can be used for
encrypting and decrypting sensitive files. Public-key cryptography
refers to a cryptographic system that uses a key pair, one key of
the pair is private and the other key of the pair is public. In the
preferred embodiment of the present invention, the public key is
used to encrypt a file, and the private key is used to decrypt the
file. Although different, the two keys of the key pair are
mathematically related, but one cannot be derived from the other.
Therefore, the public key can be communicated "in the clear"
without being protected in any way, as long as the private key
remains a secret of the key owner. Prior to the encryption and
storage on Data Storage Unit 509 of the aggregate set of appliance
user anonymous identifiers generated by Process 549 or the
de-identified and combined consumer data generated by Process 533,
Public Private Key Generation Process 529 creates both the public
and private keys used by SCDE 360. Since SCDE 360 is the only
entity that possesses the private key of the key pair, SCDE 360 is
the only entity capable of decrypting the encrypted file.
[0070] After Process 549 marks the aggregate set of appliance user
anonymous identifiers with an aggregate set identification code, as
shown in FIG. 4 Block 452, the identification code is communicated
through Inter-Process Communication 551 to Interface With Media
Agency Process 553, along with the ad campaign number associated
with the consumer attributes or delineated parameters used by
Processes 545 and 549 to generate the aggregate set of appliance
user identifiers. As shown in Block 406 of FIG. 4, the ad campaign
number is communicated to SCDE 360 by Media Agency 310 along with
the consumer attributes or delineated parameters used by Processes
545 and 549. Process 553 in conjunction with Network Communication
Interface 515 and Network Connection Line 507 then communicates the
aggregate set identification code and ad campaign number to Media
Agency 310 over FIG. 3 Line 380, as shown in Block 454 of FIG.
4.
[0071] As shown in FIG. 4 Block 400, Advertiser 305 initiates an
advertising campaign by communicating targeted consumer attributes
to Media Agency 310. In Block 402, Media Agency 310 communicates
the targeted consumer attributes to DMP 320 over Line 390, and in
Block 404, DMP 320 generates delineated parameters or selection
algorithms based on the consumer attributes and communicates these
parameters or algorithms to Media Agency 310 over Line 390. In
Block 406, Media Agency 310 designs the ad campaign initiated by
Advertiser 305 based on consumer attributes or delineated
parameters from DMP 320, and communicates consumer attributes,
delineated parameters or selection algorithms to SCDE 360 over Line
380, along with the ad campaign number. Strictly speaking DMP 320
need not be employed to generate the delineated parameters or
selection algorithms used by Media Agency 310 or SCDE 360.
Delineated parameters or selection algorithms could be generated by
Media Agency 310 itself, or by SCDE 360, based on communicated
targeted consumer attributes.
[0072] Following ad campaign design in Block 406, Media Agency 310
obtains the entertainment, news. educational, game or promotional
content, for example, called for by the ad campaign design from
Content Sources 330 over Line 307, as shown in Block 408, and
generates the ad campaign, as shown in Block 410. The generated ad
campaign is then communicated to Publisher 340 over Line 335 and
Publisher 340 publishes the ad campaign to Ad Campaign Website 350
over Line 375, as shown in Block 412. In Block 414, Media Agency
310 first receives an ad campaign number and the appliance user
anonymous identifier aggregate set identification code associated
with the ad campaign number, from SCDE 360. Media Agency 310 then
communicates a description of an offer for goods or services, with
the related ad campaign website address, ad campaign number, and
aggregate set identification code, to SCDE 360. In Block 456, SCDE
360, on behalf of Media Agency 310, communicates the offer
description and related ad campaign website address to the
appliance users whose anonymous identifiers comprise the aggregate
set marked with the received identification code. In this example
of the preferred embodiment of the present invention, the anonymous
identifier of the user of Network Connected Appliance 345 is
included in the aggregate set.
[0073] There are many ways for SCDE 360 to effect the communication
of the description of an offer for goods or services, with the
related ad campaign website address, to Network Connected Appliance
345. One such way is for SCDE 360 to communicate Media Agency's 310
offer description and related ad campaign website address to
Appliance 345 at the time SCDE 360 receives an encrypted CSV text
file from Appliance 345 containing the appliance user's anonymous
identifier and consumer data. The communication channel established
between SCDE 360 and Appliance 345 can be used by SCDE 360 to first
receive the encrypted CSV text file, decrypt the file, parse the
file to obtain the anonymous identifier of the user of Appliance
345, determine the aggregate set of anonymous identifiers the user
of Appliance 345 is a member of, compare the delineated parameters
or selection algorithms used to generate the aggregate set with
those provided by Media Agency 310, and, if a match is found,
communicate Media Agency 310's offer description and related ad
campaign website address to Appliance 345 over the established
communication channel. This sequence of actions can be repeated for
each appliance user and advertiser served by SCDE 360, such that
over a period of time offers from advertisers can be delivered to
the appliance users most interested in receiving them. This period
of time can be quite short, for the software program executing on
Network Connected Appliance 345, to be later discussed, can be
configured such that Appliance 345 automatically connects with SCDE
360 multiple times per day to upload encrypted CSV text files
containing appliance user consumer data and for other purposes.
[0074] Once Media Agency 310's offer description and related ad
campaign website address is communicated to Appliance 345, if the
offer is of interest, the appliance user may click on the offer
description and effect communication with Ad Campaign Website 350
over Line 395 through Proxy Server 315 and Line 370. When the offer
is clicked on, Appliance 345 notifies SCDE 360, by use of a
communication over Line 395 through Proxy Server 315 and Line 365,
that the appliance user clicked on the offer description and is in
communication with Ad Campaign Website 350. The communication
includes the appliance user's anonymous identifier and the ad
campaign website address. This is shown in Block 458. In Block 460,
SCDE 360 communicates the identification code of the aggregate set
of anonymous identifiers associated with the ad campaign offer, of
which the appliance user's anonymous identifier is a member, to
Appliance 345 over Line 365 through Proxy Server 315 and Line 395.
The communication includes the appliance user's anonymous
identifier and the ad campaign website address. Appliance 345 then
communicates the identification code to Ad Campaign Website 350
over line 395 through Proxy Server 315 and Line 370. The
identification code is communicated from Ad Campaign Website 350
over line 375 to Publisher 340, who in turn communicates the
identification code to Media Agency 310 over Line 335. As shown in
Block 462, Media Agency 310 compares the identification code
communicated to Media Agency 310 by SCDE 360 in Block 454 with the
identification code communicated to Media Agency 310 by Publisher
340 in Block 460, originating from Appliance 345. If the
identification codes match, the appliance user is verified as being
a member of the set of anonymous appliance users whose collected
consumer data indicate that they have a heightened interest in the
content, product, or service being promoted by Advertiser 305's ad
campaign. Since the greater the number of verified appliance users
visiting the ad campaign website, the greater the efficacy of the
ad campaign, this aspect of the present invention generates a
metric that directly relates to the efficacy of the ad
campaign.
[0075] The completion of the advertising transaction of the
preferred embodiment of the present invention is shown in Block
464, where the appliance user of Appliance 345 views and interacts
with the advertisement, and its entertainment, news, educational,
game or promotional elements, on Ad Campaign Website 350, through
Proxy Server 315.
[0076] We now turn to FIGS. 6, 7, 8A and 8B to discuss a network
connected appliance of the preferred embodiment of the present
invention. FIG. 6 is a block diagram of a network connected
appliance of the present invention, such as Appliance 345. Although
not indicated in FIG. 6, Appliance 345 could be a desktop personal
computer (PC), a laptop PC, a notebook PC, a netbook PC, an
Ultrabook PC, a Chromebook PC, a tablet computer, a smartphone, a
gaming console, a smartwatch, a "Blu-ray" player with Internet
connectivity, a smart TV, an Internet TV, an IPTV, a set top box, a
digital media receiver (Apple TV, Google TV, or Roku streaming
media player, for example), or any other network connected
appliance capable of sending or receiving data over a network. FIG.
6 depicts the elements that comprise such an appliance. FIG. 7 is a
process flowchart of a network connected appliance of the present
invention, and FIGS. 8A and 8B illustrate example offer display
screens presented to a user of a network connected appliance of the
present invention.
[0077] The Appliance 345 actions to be discussed are performed by
Central Processor Unit (CPU) 600 of FIG. 6, as controlled by
processes executed on CPU 600. Outlined double headed Arrow 627
indicates that Processes 650, which take the physical form of one
or more software program applications (apps) stored on RAM/Flash
And Systems Memory 625, are executed on CPU 600 to effect such
control. In the preferred embodiment of the present invention,
RAM/Flash And Systems Memory 625 takes the form of high speed
Random Access Memory for program application execution, and flash
memory for nonvolatile program application storage. However other
forms of memory, such as magnetic hard disk or optical memory may
be used for nonvolatile storage, and, in the future, magnetless
spin memory (MSM) may be able to be used for program application
execution.
[0078] As shown in FIG. 7 Block 700, the appliance user first
downloads and installs an app from Secure Consumer Data Exchange
(SCDE) 360 on to Appliance 345. This app may also be downloaded and
installed from app distributors, such as Google Play, the Google
app store, iTunes, the Apple app store, or Firefox Marketplace, the
Firefox app store. It could also be downloaded and installed from
another network connected appliance on which the SCDE app has
already been installed. Alternatively, the SCDE app could be
installed from removable physical media where the SCDE app code
resides, where such removable physical media could be a flash
drive, SD drive, or optical media, where the optical media could be
Blu-ray, DVD, or Compact Disk (CD). Additionally, the SCDE app
could be installed in RAM/Flash And Systems Memory 625 at the time
of Appliance 345's manufacture.
[0079] Through the use of software installed in Systems memory 625
at the time of Appliance 345's manufacture, the acquisition and
installation of the SCDE App can be effected by CPU 600 through a
number of communication interfaces. These communication interfaces
include: Wired Or Wireless Network Communication Interface 635,
using Wireless Communication Channel 631, employing Wi-Fi or 4G
wireless connections for example, or Wired Communication Channel
633, employing an Ethernet connection for example; Bluetooth
Transceiver 611; or Universal Serial Bus (USB) Interface 669.
Initiated by appliance user interaction with Display Screen 603, as
controlled by User Interface And Consumer Data Collection Process
637, CPU 600 communicates with SCDE 360, for example, through Web
Browser Process 643, over a network such as the Internet, the
desire of the appliance user to obtain and install the SCDE app.
CPU 600 establishes communications with SCDE 360 over Line 629
through the use of Wired Or Wireless Communication Interface 635.
Network Communications Interface 635 employs Wireless Communication
Channel 631, depicted as an antenna symbol in FIG. 6, for the
wireless communication channel, or Wired Communications Channel
633, depicted in FIG. 6 as an Ethernet connector symbol, for the
wired communication channel. Once the communications channel
between Appliance 345 and SCDE 360 has been established, SCDE 360
communicates the SCDE executable app code to Communications
Interface 635, which sends the executable app code over Line 629 to
CPU 600. CPU 600 then effects storage of the app code in Systems
Memory 625, over line 623, from where it can be executed. Such
execution may be started automatically by CPU 600 upon completion
of app installation, or by the appliance user clicking on the
"Start SCDE" icon that appears on Display Screen 603, as controlled
by User Interface Process 637.
[0080] As shown in FIG. 7 Block 702, upon execution, the installed
SCDE app first displays SCDE 360s's privacy policy on Display
Screen 603. In Block 704, the appliance user can reject SCDE 360's
privacy policy terms by clicking on the "Reject" icon appearing on
Display screen 603. In the case of a non-touch display, the
pressing action may be effected by clicking on the Reject icon by
the use of a pointing device, such as a mouse. In the case of a
touch screen display, the clicking action may be effected by
touching the Reject icon with, for example, a finger or s stylus.
Once the Reject button is clicked on, the app install is aborted
and the app completely removes itself from Appliance 345, as shown
in Block 708. The installation process then ends in Block 712. If
in Block 706 the appliance user agrees to SCDE 360's privacy policy
terms, by clicking on the "Accept" button appearing on Display
Screen 603, CPU 600, as controlled by the SCDE app, first generates
an appliance user anonymous identifier in Block 710, using
Appliance User Password And Anonymous ID Generation Process 667 in
communication with User Interface And Consumer Data Collection
Process 637 through Inter-process Communication 665. Following this
action, as shown in Block 714, CPU 600, as controlled by the SCDE
app, generates an appliance user public/private key pair by use of
Public/Private Key Generation Process 663 in communication with
Encryption/Decryption Process 649 through Inter-process
Communication 651, and also generates an appliance user password by
use of Appliance User Password And Anonymous ID Generation Process
667. Then, in communication with User Interface And Consumer Data
Collection Process 637, through Inter-process Communication 665,
CPU 600 displays the generated user password to the appliance user
on Display Screen 603. As shown in Block 716, the appliance user
may now accept the password for later use, by clicking on the OK
icon that appears on Display Screen 603, or change the password to
one that the appliance user is more comfortable with, and accept
the changed password by clicking the OK icon. The appliance user's
password is used by the SCDE app to assure that the appliance
user's collected consumer data is linked with the correct appliance
user anonymous identifier. This is necessary because a single
network connected appliance may be used by multiple appliance
users. The password will also be used to assure that offers
communicated to Appliance 345 from Media Agency 310 through SCDE
360, are presented to the appropriate user of Appliance 345.
[0081] After the generation of the appliance user's anonymous
identifier, public/private key pair, and user password, the SCDE
app controls CPU 600 of Appliance 345 to start appliance user
consumer data collection, as shown in Block 718. User Interface And
Consumer Data Collection Process 637 controls CPU 600 to effect
consumer data collection through the use of Touch Or Non-touch
Display Screen 603, Pointing Device 605, Keyboard/Keypad 607, or
GPS Receiver 609. Such collected consumer data may include, for
example the websites the appliance user visited; what news
articles, entertainment content product descriptions and
advertisements were clicked on by the appliance user; the search
terms used by the appliance user while searching for Internet
content; what products or services were purchased by the appliance
user on line; what social networking websites, association
websites, and blogs the appliance user visited; how long the
appliance user remained connected to each website; the physical
location of the appliance user at predetermined time intervals;
what "brick and mortar stores" the appliance user visited; as well
as personal data. Such personal data may comprise the appliance
users name, address and telephone numbers, age, socioeconomic
status, place of work, names of friends and acquaintances, number
of children, and marital status. In addition, collected consumer
data may also include the consumer's network browsing, product
purchase, and physical location histories, where such histories
include the dates and times at which history events occurred. If
the appliance user of Appliance 345 wishes to use the appliance for
"private browsing" or wishes to not have their consumer data
collected for any reason, the appliance user can disable the SCDE
app, and stop consumer data collection, by clicking on the "Stop"
icon that is displayed on Touch Or Non-Touch Display Screen 603 by
CPU 600, as controlled by User Interface And Consumer Data
Collection Process 637, while Appliance 345 is collecting consumer
data. This potential appliance user action is also shown in Block
718.
[0082] As previously discussed, SCDE 360 receives encrypted
consumer data from Appliance 345. In this preferred embodiment of
the present invention, the consumer data is encrypted to SCDE 360's
public key. It is therefore necessary for Appliance 345 to obtain
SCDE 360's public key. Block 720 shows the SCDE app residing in
RAM/Flash Systems Memory 625 controlling CPU 600 to use Wired Or
Wireless Communication Interface 635 to communicate with SCDE 360,
and obtain SCDE 360's public key from SCDE 360.
[0083] Prior to linking the consumer data collected by Appliance
345 with the appliance user's anonymous identifier, encrypting the
consumer data and anonymous identifier to SCDE 360's public key,
and communicating the encrypted consumer data and appliance user's
anonymous identifier to SCDE 360, as shown in Blocks 724 and 726,
it is preferable to de-identify the consumer data, as shown in
Block 722. This optional step enhances consumer privacy and reduces
the chances that the consumer data collected by Appliance 345 will
be attributed to a particular individual, should there be a
security breach at SCDE 360. Including but not limited to,
De-identification removes: the appliance user's name; references to
the appliance user's residence location such as street address,
city, county, parrish, precinct, or zip code; numbers relating to
the appliance user such as the appliance user's date of birth, age,
date of admission to a school of higher learning, dates of
admission and release from a heath care facility, fax numbers,
email addresses, social security numbers, driver license numbers,
medical record numbers, health plan beneficiary numbers, financial
institution account numbers, credit card numbers, yearly income,
total assets, savings accounts balances, society membership
numbers, certificate/license numbers, vehicle identifiers and
serial numbers, vehicle license plate numbers, device identifiers
and serial numbers (such as the universally unique identifier
(UUID) embedded in the appliance user's smart phones, tablet
computers or personal computers), Internet Protocol (IP) address
from which the appliance user communicates over the Internet, or
the Media Access Control (MAC) addresses of the network interfaces
used by the appliance user; images of the appliance user or the
appliance user's friends, family and colleagues; images of the
appliance user's residence, neighborhood, house of worship; and the
appliance user's ethnicity or religion. Although the embodiment of
the present invention being discussed performs de-identification
within Appliance 345 prior to the communication of the consumer
data to SCDE 360, de-identification could be performed at SCDE 360.
Such de-identification could be performed either at the time of
SCDE 360's receipt of the consumer data from Appliance 345 or after
the consumer data is analyzed and the appliance user's anonymous
identifier is aggregated with a set of other appliance user
anonymous identifiers whose collected consumer data corresponds to
at least one common delineated parameter from Media Agency 310, but
before it is encrypted and stored in Data Storage 509 for latter
use. If the consumer data from Appliance 345 is de-identified after
the appliance user's anonymous identifier is aggregated with other
appliance user's identifiers, the data would be stored in encrypted
form when initially received by SCDE 360.
[0084] The consumer data collected by Appliance 345 and
communicated to SCDE 360 becomes less representative of the
appliance user's, likes, dislikes, desires and needs, as time
progresses. Consumer data aging occurs because much of the consumer
data collected by Appliance 345 reflects the consumer's current
activities, age, socioeconomic level, education level, occupation,
peer group pressures, and short term plans. In order to take
continuous changes in consumer on line behavior into account, and
be able to assign the consumers anonymous identifier to the most
appropriate aggregate set of anonymous identifiers, the present
invention can apply a "rolling storage" approach to the consumer
data collected by Appliance 345 and communicated to SCDE 360. In
one regimen in accordance with this approach, SCDE 360 accumulates
the consumer data from Appliance 345 for the period of 6 months
immediately after the SCDE app is installed in Appliance 345.
Following this initial 6 month period, the first 3 months of
collected consumer data from Appliance 345 is purged from
Enterprise Server 500's Data Storage Unit 509, while the second 3
months of collected consumer data is retained. During the next 3
month period, the third 3 month period after SCDE app installation
in Appliance 345, collected consumer data from Appliance 345 is
combined with the previously stored and retained second 3 month
period collected consumer data from Appliance 345. This sequence of
purging 3 months of consumer data, followed by combining the
remaining consumer data with 3 months of newly collected consumer
data, can continue as long as the SCDE app is installed in
Appliance 345. It assures that consumer data analyzed for
delineated parameters supplied to SCDE 360 by Media Agency 310,
reflects the current on line behavior of Appliance 345's user. The
use of a rolling storage model by SCDE 360 also significantly
improves consumer privacy, and thus, in addition to assuring that
up to date consumer data is employed by SCDE 360 for data analysis,
it facilitates compliance with government consumer privacy
legislation and regulations. Such compliance facilitation is
realized by the limiting of the amount of encrypted appliance user
consumer data resident on Storage Unit 509 of Enterprise Server
500, thus significantly reducing the potential impact of a data
compromising SCDE 360 security breach.
[0085] If the appliance user of Appliance 345 wishes to de-install
the SCDE app, the appliance user can initiate SCDE app
de-installation by clicking on the "De-install" icon that is
displayed on Touch Or Non-Touch Display Screen 603 by CPU 600, as
controlled by User Interface And Consumer Data Collection Process
637. Upon the initiation of the de-installation of the SCDE app
from Appliance 345 by the appliance user, Appliance 345
communicates an encrypted message to SCDE 360, that includes the
appliance user's anonymous identifier, informing SCDE 360 of the
apps imminent de-installation from Appliance 345. Such a
communication comes from CPU 600 through Wired Or Wireless Network
Communications Interface 635, as controlled by the SCDE app
residing in Ram/Flash And Systems Memory 625, just prior to the
SCDE app's erasure from Systems Memory 625. Upon receipt of an SCDE
app de-installation communication from Appliance 345, High
Performance CPU 513 of FIG. 5 erases all encrypted consumer data
files linked to the user of Appliance 345's anonymous identifier
and black lists the appliance user's anonymous identifier so no
further communication between SCDE 360 and Appliance 345 will take
place. The act of removing all consumer data communicated to SCDE
360 from Appliance 345 residing on Storage Unit 509 upon the
de-installation of the SCDE app from Appliance 345, further
facilitates compliance with government consumer privacy legislation
and regulations. Such further compliance is facilitated by assuring
that after the user of Appliance 345 de-installs the SCDE app and
"opts out" of having their consumer data collected and communicated
to SCDE 360, thus rescinding authorization to do so, consumer data
previously collected is no longer available.
[0086] During some of the communication sessions established by
Appliance 345's CPU 600 with SCDE 360, as controlled by the SCDE
app residing in Ram/Flash And Systems Memory 625, wherein collected
encrypted consumer data and the linked anonymous identifier of the
appliance user are communicated to SCDE 360, Appliance 345 may
receive from SCDE 360 an offer for products, content, or services
from Advertiser 305. These 2 actions are shown in Block 726 and
Block 728. In the following discussion, the offer is part of an ad
campaign generated by Media Agency 310 on behalf of Advertiser 305.
This offer includes the website address where the ad campaign is
hosted and a description of the offer. Communication between
Appliance 345 and SCDE 360 may be initiated at predefined time
intervals, such as once per hour, once per day, or a time interval
determined to be commensurate with the collection of sufficient
consumer data by Appliance 345 to warrant such communication.
Communication between Appliance 345 and SCDE 360 may also be
initiated when a defined amount of appliance user consumer data is
collected. In this latter case, the time interval between
communications can vary depending upon how many minutes Appliance
345 is used by the appliance user over a 24 hour time period. In a
third approach, appliance user consumer data can be collected and
communicated to SCDE 360 when the Appliance user is not using
Appliance 345 for data intensive tasks, not using Appliance 345 at
all or when network communication traffic is at a minimum. Other
bases for time interval selection are possible.
[0087] If the user of Appliance 345 concludes that the offers
received from SCDE 360 do not accurately reflect their interests,
the user may wish to "reset" the consumer data used to determine
the offers they receive. In this case, the preferred embodiment of
the present invention provides a "Data Reset" icon that is
displayed on Touch Or Non-Touch Display Screen 603 by CPU 600, as
controlled by User Interface And Consumer Data Collection Process
637. Upon the initiation of consumer data reset by the user of
Appliance 345, Appliance 345 communicates an encrypted message to
SCDE 360, that includes the appliance user's anonymous identifier,
indicating that the appliance user wishes their consumer data to be
purged and new consumer data to be collected. Upon receipt of such
communication, High Performance CPU 513 of FIG. 5 erases all
encrypted consumer data files linked to the user of Appliance 345's
anonymous identifier, and restarts the process of collecting new
consumer data linked to Appliance User 345's anonymous
identifier.
[0088] Upon receipt of an offer from SCDE 360, the offer is
displayed on Touch Or Non-Touch Display Screen 603 by CPU 600,
using User Interface And Consumer Data Collection Process 637, as
controlled by the SCDE app. Such an offer display can take many
forms. FIGS. 8A and 8B depicts 2 possible offer display screen
arrangements. FIG. 8A depicts one such arrangement. In the
arrangements of FIGS. 8A and 8B, multiple offers from multiple
Advertisers, including Advertiser 305, are sorted into categories
by CPU 600, as controlled by the SCDE app, before presentation on
Touch Or Non-Touch Display Screen 603. The offers are then
presented to the appliance user as a multilevel list, wherein the
top level of the list is seen by the appliance user as a series of
product or services categories. In FIGS. 8A and 8B this list is
labeled "Dyna Deals!". Referring to FIG. 8A, it can be seen that
the first item in the list is labeled "Cameras". If the appliance
user is interested in offers, for example, on the purchase of a
still or a movie camera, or repair of a camera, or camera
accessories, such as lenses, memory cards or tripods, the appliance
user may click on this item of the list. This action will cause the
presentation on Display Screen 603 of a list of camera related
offers, with offer descriptions, presently available to the
appliance user. The descriptions accompanying these offers will
include the website address where the offer is available. The
descriptions can be incorporated in the presented list as short
summaries. If a list item containing an offer from Advertiser 305
is clicked, Appliance 345 can be connected to Ad Campaign Website
350 where the advertising campaign initiated by Advertiser 305 in
FIG. 4 Block 400, and generated by Media Agency 310 in FIG. 4 Block
410, has been published by Publisher 340 in FIG. 4 Block 412. The
appliance user can then be presented with a detailed promotional
presentation that includes full product descriptions, product
reviews, related videos, news or entertainment content, sponsored
content, native advertising content, games, or social networking
opportunities, for example. The user interaction related to FIG. 8B
is similar to that of FIG. 8A, however in FIG. 8B the traditional
list format is replaced with a series of icons. In the case of FIG.
8B, there are 2 camera icons presented. One for still cameras and
one for movies cameras. These appear in the last row of icons,
4.sup.th and 5.sup.th from the last icon in the row from the right,
respectively. If the appliance user clicks on the still camera
icon, the screen presentation will be replaced with a series of
icons representing offers related to still cameras. Short
descriptive text may accompany an icon. Clicking on an icon with an
offer from Advertiser 305, as in the case of FIG. 8A, connects
Appliance 345 to the website address were the ad campaign generated
for Advertiser 305 by Media Agency 310 is hosted, and the appliance
user is presented with a full description of the offer, possibly
accompanied with additional promotional material. These actions are
shown in Block 730 and Block 732 of FIG. 7.
[0089] As shown in Block 734, when the appliance user clicks on an
item in the offer list, or an offer icon, Network Connected
Appliance 345 communicates to SCDE 360 that the appliance user has
clicked on an offer from Advertiser 305, and thereby has shown a
desire to interact with the Ad Campaign related to Advertiser 305's
offer. This communication includes the appliance user's anonymous
identifier and the website address of the offer clicked on. For the
purpose of measuring ad campaign efficacy, it is beneficial to
verify that the anonymous identifier of the user of Appliance 345
is a member of the aggregate set of anonymous identifiers whose
identification code was communicated to Media Agency 310 from SCDE
360 in FIG. 4 Block 454. Therefore, as shown in Block 736,
immediately following SCDE 360's receipt of the communication from
Appliance 345 indicating that the user of Appliance 345 has clicked
on an offer from Advertiser 305, SCDE 360 communicates the
aggregate set identification code, to which the user of Appliance
345 is a member, to Appliance 345, and Appliance 345 communicates
the identification code to Ad Campaign Website 350. In Turn, Ad
Campaign Website 350 communicates the identification code to
Publisher 340, and Publisher 340 communicates the identification
code to Media Agency 310, along with the address of Ad Campaign
Website 350. A positive comparison by Media Agency 310 of the
identification code received from SCDE 360 in Block 454 with the
identification code received from Publisher 340 in Block 460
verifies that the user of Appliance 345 is a member of the
aggregate set of anonymous identifiers marked with the
identification code. In Block 738 the user of Appliance 345 views
and interacts with Ad Campaign Website 350.
[0090] Although the web browsers often incorporated in network
connected appliances at the time of manufacture can be employed to
communicate with Ad Campaign Website 350, it is preferable, for
reasons of consumer privacy, for the SCDE app to include its own
web browser. This browser can be designed, for example, such that
appliance user tracking objects incorporated into many web pages,
such as cookies, local shared objects (LSO) and HTML5 databases,
are accepted but not stored, thereby increasing appliance user
privacy. Web Browser Process 643 executing on CPU 600 of Network
Connected Appliance 345, communicating with User Interface And
Consumer Data Collection Process 637, through Inter-process
Communication 659, represents such a browser. In the preferred
embodiment of the present invention, as shown in Block 738, Web
Browser Process 643 is the web browser the user of Appliance 345
employs to access, view and interact with Ad Campaign Website
350.
[0091] In accordance with the principles of the present invention,
each user who logs into Appliance 345 has a different set of
credentials, that is password, anonymous identifier, and
public/private key pair. Different user credentials are generated
by the SCDE app for each appliance user when he or she first uses
Appliance 345. Separate credentials allow consumer data collected
by Appliance 345 to be correctly attributed to each appliance user,
thus allowing each anonymous identifier included in an aggregate
set of anonymous identifiers to point to a single appliance user,
not multiple appliance users of a single network connected
appliance. However, if an appliance user uses a plurality of
network connected appliances, each of these appliances will
generate, under the control of the SCDE app, a different set of
credentials for the appliance user. This can lead to a single
appliance user being associated with a plurality of anonymous
identifiers, and a lower volume of collected consumer data
associated with each of the appliance user's anonymous identifiers.
Since the greater the volume of consumer data associated with an
appliance user's anonymous identifier, the more accurate the SCDE's
analysis of the data can be, it is advantageous to combine
appliance user consumer data collected from each network connected
appliance used by the appliance user, into a single combined set of
consumer data. One way the preferred embodiment of the present
invention effects such combining of consumer data is to cause each
network connected appliance employed by the appliance user to
incorporate the same appliance user credentials. The
synchronization of credentials across multiple appliances employed
by the appliance user can be accomplished in a number of ways. A
first approach is to physically connect two or more of the user's
appliances with an electrical cable, or cables, and, after the
appliance user enters his or her passwords for the source and
destination appliances, have the appliance user cause the SCDE apps
resident on each of the destination user appliances to initiate an
encrypted transfer and subsequent installation of credential data,
overwriting any credential data previously residing on the
destination appliances associated with the appliance user. A second
approach can be to use an encrypted wireless communication for the
transfer. For example, a Wi-Fi, Bluetooth, Near Field Communication
(NFC) or infrared red (IR) optical connection can be employed. Here
again the destination user's appliance, or appliances, initiates
the encrypted transfer and subsequent installation of credential
data. It is important for the destination appliance to initiate
transfer and installation of the credential data in order to reduce
the potential of such transfer and credential installation being
effected by a hacker not associated with the appliance user. Such a
wireless transfer can employ Bluetooth Transceiver 611, of
Appliance 345, in conjunction with CPU 600, under the control of
the SCDE app stored in RAM/Flash And Systems Memory 625.
[0092] In the following credential transfer discussion, it is
assumed that only a source and a destination user appliance, in
this example Destination Appliance 345B and Source Appliance 345A,
takes part in the transfer operation. Taking advantage of the
appliance user's source and destination appliance public/private
keys, destination CPU 600 of Appliance 345B, using destination
Bluetooth Transceiver 611, under the control of the destination
SCDE app, first communicates to the source CPU 600 of Appliance
345A, under the control of the source SCDE app, the then current
public key of the destination appliance. Following this action, CPU
600 of the source appliance, under the control of the source SCDE
app, communicates, the public key of the source appliance to the
destination appliance. Source CPU 600 then employs source
Encryption/Decryption Process 649 to encrypt the source appliance
user's credentials to the destination appliance's public key and,
over source Inter-process communication 655, in conjunction with
source User Interface And Data Collection Process 637, employs
source Bluetooth Transceiver 611 to communicate the encrypted
source appliance user's credentials to destination Appliance 345B.
Destination CPU 600, after receipt of the encrypted source
appliance credentials, over destination Bluetooth Transceiver 611,
under the control of the destination SCDE app, then decrypts the
source appliance user credentials, using destination
Encryption/Decryption Process 649 over source Inter-process
communication 655, in conjunction with source User Interface And
Data Collection Process 637, then overwrites and installs the
source appliance's credentials in the destination appliance, in
place of the destination appliance's credentials. From this point
forward, the appliance user will log into Appliance 345B with the
same password as used to log into Appliance 345A, and all consumer
data collected and communicated by Appliance 345B to SCDE 360 will
be linked to the same anonymous identifier as that which is linked
to consumer data collected and communicated to SCDE 360 by
Appliance 345A. The appliance user may change his or hers log-in
password at any time, on either Appliance 345 A or Appliance 345B,
however, the anonymous identifier linked with consumer data
collected by either of these appliances will not change. Since SCDE
360 only uses anonymous identifiers linked with received consumer
data, and does not employ network connected appliance identifiers,
such as UUIDs, or appliance user tracking objects, such as cookies,
LSOs and HTML5 databases, to store and combine consumer data
received at different times from network connected appliances in
which the SCDE app is installed, SCDE 360 will not recognize that
such consumer data is communicated from different network connected
appliances. Therefore, consumer data communicated to SCDE 360 from
a particular network connected appliance user will be combined
across all the network connected appliances employed by the
appliance user, and appropriately analyzed for enhanced interest in
content, products or services offered by an advertiser, such as
Advertiser 305. This can result in more accurate assignment of
appliance user anonymous identifiers to aggregate sets of appliance
user anonymous identifiers, and thereby lead to a higher
advertising campaign return on investment.
[0093] Having thus described several aspects of the preferred
embodiment of the present invention, it is to be appreciated that
various alterations, modifications, and improvements will readily
occur to those skilled in the art. Such alterations, modifications,
and improvements are intended to be part of this disclosure, and
are intended to be within the spirit and scope of the invention.
Accordingly, the foregoing description and drawings are by way of
example only.
* * * * *