WO2004090697A1 - A method in data transmission, a data transmission system, and a device - Google Patents

A method in data transmission, a data transmission system, and a device Download PDF

Info

Publication number
WO2004090697A1
WO2004090697A1 PCT/FI2004/050036 FI2004050036W WO2004090697A1 WO 2004090697 A1 WO2004090697 A1 WO 2004090697A1 FI 2004050036 W FI2004050036 W FI 2004050036W WO 2004090697 A1 WO2004090697 A1 WO 2004090697A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
anonymous
identifier
person
feedback
Prior art date
Application number
PCT/FI2004/050036
Other languages
French (fr)
Inventor
Jouko Kronholm
Original Assignee
Jouko Kronholm
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jouko Kronholm filed Critical Jouko Kronholm
Priority to EP04727032A priority Critical patent/EP1616234A1/en
Publication of WO2004090697A1 publication Critical patent/WO2004090697A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification

Definitions

  • the present invention relates to a method in transmitting feedback from a feedback system to a person's terminal without determining the person's identifier in connection with sending the feedback, wherein person-specific data is collected with a collection device, in which case in order to collect data with the collection device, a person's personal identifier connected to an identification means is read, a unique oneway anonymous identifier is formed on the basis of the information contained by the person's identifier, said anonymous identifier is used to convert the collected person-specific data into anonymous data, in which case said anonymous data and the anonymous identifier are transmitted from the collection device to the processing device, where said anonymous data and the anonymous identifier are stored.
  • the invention also relates to a transmission system of data, which comprises a means for identifying a person, to which is attached a personal identifier, a collection device, which comprises means for collecting person-specific data, and means for collecting data of a person on the basis of said identification means and identifier, a processing device, a data transmission network for transmitting the collected data to the processing device, a terminal, a feedback system of a service provider, to which feedback is arranged to be stored, means for forming a unique one-way anonymous identifier on the basis of a person's identifier, means for modifying the collected person-specific data into anonymous data on the basis of said anonymous identifier, and means for transmitting the anonymous data and for storing them in the processing de- vice.
  • the invention relates to a processing device to be used in the data transmission system, which transmission system comprises a means for identifying a person, to which means is attached a personal identifier, a collection device, which comprises means for collecting person-specific data, and means for collecting data of a person on the basis of said identification means and identifier, a data transmission network for transmitting the collected data to the processing device, a terminal, a feedback system of a service provider, to which feedback is arranged to be stored, means for forming a unique one-way anonymous identifier on the basis of a person's identifier, means for converting the collected person-specific data into anonymous data on the basis of said anonymous identifier, and means for transmitting the anonymous data and storing them in the processing
  • identification means are used in connection with several systems, with which means persons can notify a system on information about themselves.
  • This kind of identification means include different membership cards, which are, for example, store-chain-specific, organization-specific, company-specific, etc.
  • identification data included in the identification card are notified to the system by means of the person's identification means, such as personal data, as well as data on the procedure the person performed.
  • the person's identification means such as personal data
  • data on the procedure the person performed can be mentioned shopping in the store of some chain of stores.
  • the identification data on the person's identification means such as a customer card, is scanned to the cash regis- ter terminal.
  • data connected to the purchases such as the items purchased, their price, the total price of the purchases, the location and time of purchase, data on the sales person, etc.
  • This data is transmitted via a suitable data transmission channel to a processing device, where the data is advantageously stored in a data- base.
  • This data can then be combined, in which case statistic data is received from different outlets, of a persons' shopping behaviour, etc.
  • a problem in this kind of a system is, however, that in several countries collecting and processing personal data is limited by legislation. Thus, it is possible to ask a person for permission to collect data. If a person does not agree to this, the data collected of a person's behaviour cannot contain any data identifying the person.
  • the utility value of the system for the maintainer of the system may decrease, because, for example, advertising or other feedback cannot be targeted to certain persons anonymously.
  • no data is gathered on what type of persons acquire certain items, for example, whether the pur- chasers include men, women, what is the age distribution, capital, income level of the purchasers, etc.
  • the same person may have cards for several different organizations, in which case the importance of different kinds of membership offers decreases, because a person cannot very easily be committed as a user of the sen ices of a certain organization.
  • the patent application US-2002/0019764 presents a system and a method for performing procedures in the Internet anonymously, i.e. without having to transmit data identifying the person in the system.
  • a person may log in to a closed data network anonymously and browse the services in this closed data network, etc.
  • the system can thus store different behaviour data in the user profile of the system, but on the basis of this data, it is not possible to determine the real identity of the person.
  • the person has made a contract of service with some reliable service provider, in which case the person may sign in to a system by means of a server of this sen/ice provider or the like.
  • the system is based on that the person logs in with some user identifier and password determined by himself/herself.
  • the invention is based on the idea that an analysis is performed in the feedback system of the service provider in order to establish which anonymous data of the anonymous identifier stored in the collection system are suitable for the selection criteria of the receiver of the feedback, in which case an impulse is formed for this kind of anonymous identifiers, which impulse is stored in the feedback system of the service provider.
  • an impulse is formed for this kind of anonymous identifiers, which impulse is stored in the feedback system of the service provider.
  • a one-way search iden- tifier has been formed in the data processing device before transferring to the site, which identifier the feedback system compares to the anonymous identifiers connected to the impulses, so that the identity of the person is not revealed.
  • One-way in this connection means that on the basis of an anonymous identifier, it is not in practice possible to establish the identification means the anonymous identifier or the anonymous search identifier is connected to.
  • This kind of unique, oneway identifier can be formed by means of, for example, so-called hash functions.
  • the method according to the present invention is primarily characterized in that in order to transmit feedback on the basis of said anonymous identifier, an impulse is determined for the person in the feedback system of the service provider on the basis of the anonymous data, to which impulse are attached feedback and data on one or more anonymous identifiers as the anonymous receivers of the feedback, in which case - the person performs the input of a personal identifier to the terminal, where a one-way anonymous search identifier is formed of the personal identifier,
  • an impulse is searched in the feedback system, to which impulse data on the anonymous identifier is attached, which corresponds to said anonymous search identifier transmitted from the terminal, and
  • the system according to the present invention is primarily charac- terized in that the system comprises:
  • the system in addition comprises
  • - search means for searching an anonymous identifier corresponding to the anonymous search identifier formed in the terminal from the impulses stored in the feedback system, and - sending means for transmitting the feedback attached to the searched impulse from the feedback system to the terminal.
  • the present invention shows remarkable advantages over solutions of prior art.
  • the arrangement according to the invention enables trans- mitting feedback to a person without the danger of the identity of the person being revealed.
  • the person can use his/her own identifier means and it is still possible to collect data anonymously of the person's behaviour and to transmit feedback on the basis of anonymous data to such persons whose anonymous data comprises such one or more properties that meet the search criteria set for certain feedback at each time.
  • having to select an anonymous identifier for a person is avoided. The person himself/herself does not have to invent an anonymous identifier for himself/herself either.
  • the system according to the invention can be applied even in connection with already existing systems by using the al- ready existing identifier means by only making the necessary additions and modifications to the system.
  • the invention enables, for example, advertising targeted according to person-specific properties, even if the identity of the person is not known to the system.
  • the advantage of a system developed by store chains, organizations and other sen/ice providers for the system maintainer is greater, because the need for supplying different advertisements, bulletins, etc. to such persons who are not interested in them or who for some other reasons do not benefit from them, is decreased. This also decreases the operating costs of the system.
  • the data security of an individual can be secured almost perfectly in the system.
  • the invention enables, among other things, an interactive anonymous data transmission connection between the store and the customer, with the actual shopping behaviour of the purchasers as the basis.
  • a person in connection with this invention does not necessarily refer to one physical person, but it can be a community, a family, an individual, a couple or some other unit.
  • Fig. 1 shows a system according to a preferred embodiment of the invention in a reduced chart
  • Fig. 2 shows the collection device according to a preferred embodiment of the invention in a reduced block chart
  • Fig. 3 shows an identification means used in the system according to an advantageous embodiment of the invention
  • Fig. 4 shows the collection of data on the basis of an anonymous identifier used in the method according to an advantageous embodiment of the invention in a reduced chart
  • Fig. 5 shows a method according to another advantageous embodiment of the invention in a reduced chart, in which method feedback is collected and the effect of bulletins is measured
  • Fig. 6 shows the formation of an anonymous identifier and transmission of a message by using the anonymous identifier used in a method according to an advantageous embodiment of the invention in a reduced chart
  • Fig. 7 shows an arrangement for sending feedback to the user according to an advantageous embodiment of the invention in a reduced chart.
  • the system 1 according to Fig. 1 comprises advantageously at least a collection device 2, a processing device 3 and a data transmission channel 4 for transmitting the data formed on the basis of the data collected with the collection device 2 to the processing device 3.
  • the data transmission channel 4 comprises a data network 4.1, such as a telecommunication network or the like, where data can be transferred between devices in a manner known as such.
  • the data network can also comprise, for example, the Internet 4.2, in which case data can be transferred almost unlimitedly irrespectively of where the collection devices 2 and the processing device 3 are located.
  • the number of processing devices 3 is also not limited only to one device, but there can be even several of them. However, data can be transmitted ad- vanfageously between different processing devices and one processing device can, if necessary, be determined as a device controlling the other processing devices.
  • the collection device 2 comprises a scanner 2.1 of the identification means for scanning the data of the person's identification means 5 to the collection device 2.
  • the collection device 2 also comprises memory 2.2 for storing, at least temporarily, the different kinds of data required in the operation of the collection device and scanned from the identification means 5.
  • the collection device 2 comprises a processor 2.3 for controlling the operation of the collection device.
  • the collection device advantageously comprises a display 2.4 and one or more keyboards 2.5, 2.6 or a corresponding input device of data.
  • the collection device 2 is a cash register or the like, which comprises a first 2.5 and a second keyboard 2.6, as well as a scanner 2.7 for encoded data.
  • the first keyboard 2.5 the cashier can input data required in the sales event.
  • the second keyboard 2.6 is mainly intended for the use of the customer, in which case the customer may, if necessary, input the PIN-code (Personal Identity Number) corresponding to their own identification means, in which case a separate written signature is not required.
  • the scanner 2.7 of encoded data is, for example, a bar code scanner, a scanner for information stored in a magnetic form, or even a device capable of remote scanning, such as a scanner of the so-called RFID-identifiers.
  • the scanner 2.7 for encoded data, the cashier can perform the scanning of the data of the items purchased by the customer into the collection device 2. It is possible that there are several different scanners 2.7 for encoded data in the collection device.
  • the scanner 2.1 of the identi- fication means is, for example, a device suitable for scanning a smart card, a magnetic stripe card, and/or other corresponding identification means. Devices suitable for remote scanning can also be used in this connection.
  • a mobile phone subscription card i.e. a so-called SliVl card
  • transferring data can be performed e.g. via a mobile communication network (not shown), or via data transfer means (not shown) suitable for a wireless local data transfer, such as radio frequency or optical data transfer.
  • the collection device 2 also comprises data transfer means 2.8 for sending data from the collection device 2 via a data transfer network 4 to the processing device 3.
  • a purchasing event is used here as an example of an event, where person-specific data is intended to be collected.
  • a person i.e. a customer
  • the customer has an identification means 5, which is, for example, a credit card or a debit card, or a customer card for the store or store chain in question.
  • the customer gives the identification means to the cashier, who places the identification means 5 in the scanner 2.1 in order to scan at least part of the data stored in the identification means 5 to the collection device 2.
  • the identification means does not need to be set into the scanner 2.1, but the scanning can be performed without handing the identification means 5 to the cashier.
  • the identification means comprises, for example, a number sequence (Fig. 3) or other identifier 6 identifying the identification means.
  • the identifier 6 is scanned to the collection device 2 and stored in the memory 2.2 (block 401 in the chart of Fig. 4).
  • the cashier starts entering the shopping into the collection device 2, for example, by means of the first keyboard 2.5 and/or the scanner 2.7 of encoded data.
  • Price data can be stored in the cash system 7 of the store, in which case an identifier, amount, if necessary, weight or other unit of the purchased item is scanned into the collection device 2, on the basis of which the price is determined.
  • the collection device 2 can determine a unit price from the cash system 7, in which case the total price of the purchased item can be calculated.
  • the total price of the purchases can be calculated and a receipt can be printed (block 402).
  • the customer can carry out a payment either in cash or by using said identification means, if a function enabling the payment has been included in.
  • an identifier of the payer's identification means is sent from the collection device to the payment system 8 (block 403), as well as data on the total sum of the shopping.
  • the payment is eventually debited from the customer's account, or an invoice is sent to the customer.
  • identification data is therefore to be sent from the collection device, on the basis of which data the payer can be determined. This identification data is not, however, sent in the system to such a place where data on the customer's identity cannot be in- eluded.
  • the processing device 3 is assumed to be this kind of a device, where statistic data or the like is collected, but person-specific data is not handled.
  • the collection device 2 can thus collect many kinds of data on the pur- chase events, in addition to price data. Thus, for example, establishing the storage situation substantially in real-time is possible. Also, estimating the sales of products in advance can become easier, the data on previous sales of the product can also be studied. In addition, by combining different kinds of data, it is possible to draw up shopping behaviour profiles, etc. When data from several collection devices 2 and over a relatively long time is collected in the processing device 3, it is possible to perform more exact statistic analysis on the basis of different kind of criteria.
  • an anonymous identifier 9 is formed on the basis of an identifier 6 scanned from the identification means 5 to the collection means 2 (Figs 3, 4 and 7).
  • This anonymous identifier 9 is formed in such a manner that on the basis of it, it is in practice impossible or almost impossible to establish which identification means 5 is in question in the identifier 6.
  • This kind of an anonymous identifier 9 can thus also be called a one-way identifier.
  • the calculating method of the anonymous identifier is preferably such that each different identifier 6 gives as a result a different kind of an anonymous identifier 9, i.e. it is a unique anonymous identifier.
  • the number of the marks included in the anonymous identifier 9 is substantially the same, irrespective of the number of the marks in the identifier 6.
  • One method for forming this kind of an anonymous identifier is the use of the so- called: hash functions.
  • An input of the hash functions is the mark sequence of .the identifier 6,,and an anonymous identifier 9 is received as an output. This is illustrated by block 404 in the chart of Fig. 4.
  • the anonymous identifier 9 has been determined and the purchasing event carried out, the data collected of the purchasing event, apart from data enabling the identification of the purchaser, can be sent together with the anonymous identifier 9 to the processing device 3 (block 405).
  • the collected data can be stored and used, for example, in carrying out statistic analyses. It has been possible in the processing device 3 to store such data of the per- sons connected as users of the system, which does not identify these persons, such as age, sex, place of residence, income level, wealth, hobbies, etc. This data has been stored advantageously at the stage when the person has made a contract with the maintainer of the system 1. For example, when a person gets a customer card for some chain of stores, the person can inform the above-mentioned data in the application form. Thus, an identification means 6 is determined in the system for the person and an anonymous identifier 9 is calculated.
  • the anonymous identifier 9, as well as the non-identifying data on the person are stored in the system 1 , advantageously in the database 3.1 of the processing device 3. On the basis of this data it is thus not possible to determine the identity of the person, but the data can be used in statistic analyses and other such procedures.
  • the identification data of a person is stored in some other database (not shown) of the store chain, in which case if is possible to send ord nary addressed customer mail via post.
  • the identifi cation means 5 also comprises payment and/or credit features, ident tying data for this is to be stored in the payment system 8.
  • the stored and determined data can also be used in sending feedback, bulletins, advertisements, etc. to the person. This can be performed via several feedback channels 10, 12, such as portals in the Internet 4.2, wireless devices (mobile phones, portable computers, etc.), PDA devices (e.g. palm and notebook computers), channels enabled by digital TV, chip cards, etc.
  • feedback channels 10, 12 such as portals in the Internet 4.2, wireless devices (mobile phones, portable computers, etc.), PDA devices (e.g. palm and notebook computers), channels enabled by digital TV, chip cards, etc.
  • a phase in the feedback formation is the formation of a so-called impulse.
  • This impulse is. formed, for example, when the shopkeeper wants to send specified advertising to such persons, whose charac- teristic or characteristics fulfil the desired criteria, for example, age, wealth, hobbies, etc.
  • a search profile or the like is formed on the basis of the desired criteria, which profile is compared to the anonymous data stored in the database of the processing device 3.
  • data on the anonymous identifier of this record is set in connection with the impulse.
  • This data is, for example, an anonymous identifier 9, i.e. the anonymous identifier 9 is copied to the impulse.
  • the impulse contains data on the anonymous identifiers 9 of such persons, with whom the search criteria are fulfilled.
  • Data on the feedback is also included in the impulse, such as an advertisement, which is meant to be brought to the attention of the target persons determined in the search.
  • the transmission of the feedback attached to the impulse to the target persons takes place, for example, in the following manner.
  • some target person for example, browses the website of a service provider in the Internet 4.2 with his/her terminal, on which site a feedback mechanism is implemented, examination of the impulses is performed in the feedback system in order to determine whether an anonymous identifier corresponding to the person in question is attached to some impulse.
  • an anonymous search identifier has been formed in the person's terminal 13, which is transmitted to the Internet 4.2 instead of the person's identifier 6.
  • the person has performed login with, for example, his/her identification means 5, or by in- putting 701 (Fig. 7) an identifier in the identification means to the terminal 13, in which case the terminal 13 has calculated 702 an anonymous search identifier and uses that as the user identifier of the person instead of data identifying the person.
  • An anonymous search identifier 9a is calculated, for example, by means of the same algorithm, hash function or the like, which is used in the calculation of the anonymous identifier 9 performed in connection with collecting data.
  • the anonymous search identifier 9a have the same content preferably only in that case that the input, i.e. the personal identifier is the same in both. It is, however, obvious that the anonymous identifier 9 and the anonymous search identifier 9a do not necessarily have to be completely identical before feedback is sent, but in order to send feedback it may be enough that, for example, a certain part of the anonymous search identifier 9a must be the same as in the anonymous identifier 9.
  • the terminal 13 sends 703 the anonymous search identifier 9a it has calculated to the server where the service provider's homepage is stored and from where the data on the homepage (site) has been sent to the terminal 13 to be presented to the person.
  • the data is transmitted, if necessary, to the processing device 3 (if the server and the processing device 13 are separate devices), in which case the processing device 3 or other suitable device of the service provider compares the anonymous search identifier of the person in question (user identifier) to the data in the impulses and when detecting an identifier that is suitable for the anonymous search identifier 9a in the impulses, the processing device 3 can send 704 feedback connected to the impulse in question, such as a bulletin, advertisement, etc. to the person's terminal 13.
  • Sending feedback can be performed by using the same mechanism, with which data is sent from the sen ice provider's website to the person's terminal 13.
  • the impulse can also be made to be based on shopping behaviour.
  • a profiling is performed on the basis of the actual shopping behaviour of a customer, which is used as a basis for personalizing a message directed to him/her individually to him/her.
  • the shopkeeper at a neighbourhood store can make special offers, and the person can receive data on this kind of special offers, for example, when browsing the Internet in the above- presented manner.
  • the system according to the invention makes it possible to, for example, analyze the effect of advertising and other bulletins better and more accurately than in solutions according to prior art, because in the system according to the invention it is firstly possible to establish which anonymous identifiers the bulletin has been sent to, which anonymous identifier has read the bulletin, and which of this kind of anonymous bulletins have been used, for example, when purchasing the advertised product. Therefore, in the system it is pos- sible to receive feedback and on the basis of this feedback to change, if necessary, the bulletins/bulletin policy and to further monitor the effect of the changes.
  • the system according to the invention if is possible to apply the principle of a kind of a continuous loop, where the impulse creates a feedback, which further creates a correction movement, if necessary, which creates a new feedback, etc.
  • a bulletin is determined (e.g. a commercial bulletin) and a suitable group of receivers is selected for it (phase 501 in Fig. 5).
  • Some criterion sensible from the point of view of the bulletin is used in selecting the group of receivers, such as the possible special diets (celiac disease, lactose intolerance, etc.).
  • This data is collected, for example, ; when a person has applied for a membership card or the like, in which case the anonymous identifier can be formed, for example, on the basis of the membership card number.
  • Data can also be collected in such a manner that data on the shopping behaviour of a person, i.e. data connected to purchase, and/or other data is collected and profiled anonymous identifier -specifically.
  • a combination of several methods can also be used in collecting data. Irrespective of the collection manner, the data is stored in connection with the anonymous identifier in such a manner that it is not possible to identify the person in question on the basis of them.
  • the message is sent to the selected receiver group, e.g., via e-mail, or a link or the like is set on the www-page of the company, via which a person in the selected group is offered an opportunity to familiarize with the bulletin (503).
  • a monitoring time is also determined for the bulletin, in which case after this time has passed, it is examined how many persons of the selected receiver group have received the bulletin and familiarized with it. On the basis of this, it is possible to conclude the effectiveness of the receipt of the bulletin, i.e. the so-called cover.
  • the method it is monitored how the effect of the bulletin is realized into purchasing events 504. Data col- lected of the purchasing events is stored in a database, in which case it is possible to examine in the database how many persons who have read the bulletin have also purchased the product concerned. On the basis of this, it is possible to conclude the effect of the bulletin and, if necessary, to perform corrective procedures in order to increase the effect of the bulletin 505.
  • the invention makes complete anonymity possible with great certainty.
  • the identity of the person is not known; It is not known whether the person subject is a community, a family, an individual, a couple or some other unit. This results in that it is not possible to know the age, sex, profession or any other factor identifying the person demographi- cally or socially.
  • the person subject has only an identifying identifier.
  • anyone who knows the identifier 6 or the anonymous identifier 9 and the password can use the system and act as a subject.
  • Logging in as a user of the system does not assume any background data of the user. Logging in as a user as such creates the required interactive relationship.
  • receiving a more trustworthy customer feedback or the like is more certain, because feedback can be given anonymously.
  • the identity of the person giving feedback is not revealed, in which case, in some cases, more feedback is given and more truthfully.
  • Fig. 6 further presents a chart of an example of transmitting a message by means of an anonymous identifier.
  • a personal identifier identity card -specific
  • an anonymous identifier is calculated, e.g. in the collection device 2, a computer terminal or the like. If the user wants to send a message to the system, for example to a shopkeeper, he/she can now do that by means of the anonymous identifier (phase 603). It is also possible to send a message from the system to the user on the basis of this anonymous identifier (phase 604).
  • Operation-oriented interactive profiling refers to the profiling of the per- son-specific properties of a unit (user unit, user subject) involved in the system in an interactive relationship.
  • the profiling of the user at point t-1 (t minus 1) is known, and of this is formed a qualitative or statistic quantitative classification (factoring, clustering, etc.).
  • t-1 t minus 1
  • an effect testing where the users are informed of new possibilities in a form of a test setting or a simpler setting.
  • the change of behaviour between t-1 and to can be measured in profile classes.
  • the effect of information on the behaviour can be calculated within the limitations of the setting, in which case it is possible to conclude which information produces which change in each profile class.
  • the operation-oriented profiling calculation produces data on which information operates as the gearing of the operation in the entire basic group, as well as in each category.
  • the analysis can be developed by calculating the gearing effect vice versa as well, i.e. by grouping the classes of the power effects of different gearings in the basic subject matter, i.e. the basic group can be classified again on the basis of the gearing effects into different effect classes, i.e. effect segments.
  • the gearing class can be set as the target of the next setting, i.e. the basic group is structured to gearing classes and the testing is performed in relation to gearing classes with the gearing behaviour at time fO, the distribution of new information at time to, behaviour at time t1 as the basis.
  • the validity of the gearing classes as sfrucfurers of operation can be concluded from this.
  • Operation-oriented profiling leads to the classification of user units purely on the basis of operation, in which case the identification of the user unit can be performed purely on the basis of the anonymous identifier 9.
  • the anonymous identifier operates as a connection means. It can be used as an absolute anonymity, in which case anyone who contacts the system with a certain ahonyrhous identifier receives treatment, according to the profiling, which is completely independent of the user's personal data, if it even. exists in the case of a group, and the system does not even assume the registering of any data like this.
  • the only data that is required is the identification of the feedback channel given by the user, which can be a real-time absolute anonymous identifier used on the Internet, a post office box used for mailing, Poste Restante, any e-mail address, a general mailing address of an office, a pseudonym, the address of some contact person, address of the parents, the person's own address, a pickup place for post, an SMS number, or some new anonymous transmission mechanism.
  • Gearing effect analysis leads to anonymous interaction, where the gearing effect controls operation.
  • the commitment to the identity that confirms the gearing effect makes the gearing analysis a manner to parse the product selection and its renewal in such a manner that a part of the users are unbending and committed to their traditions, part require changes, part something else.
  • the method makes it possible to attach an anonymous identifier to the gearing class of the user.
  • the gearing class can also be contentual in such a manner that it comprises some issue, such as vegetarianism, meat, fish, natural product, etc. This can be specified with some additional conditions, such as diabetic diet, celiac disease, etc. combined with the gearing class.
  • a change-eager vegetarian is informed
  • a traditional consumer is informed of a coffee offer
  • a renewal -eager steak purchaser is informed of a marinated marbled fillet.
  • the idea is to know whether some anonymous identifier can be triggered with some target of interest of the anonymous identifier, and what that target is.
  • Advertising is focused and it becomes permanently adjusted with the situation.
  • the system controls the information flow target-specifically in an economic manner. Unnecessary information flow is interrupted when the feedback is negative over a certain time period. Qualitative and useful information flow grows stronger.
  • voting can be carried out in the system according to the invention without endangering the secrecy of voting.
  • the persons entitled to vote can, for example, be sent a bul- letin about their right to vote in an election.
  • This bulletin can include an individual identifier.
  • voting can now be performed in such a manner that a person inputs their individual identifier to an input device at the actual polling station, or some computer terminal or the like. The calculation of an anonymous identifier and a transmission to a server monitoring the voting is performed in the device.
  • Data on the anonymous identifiers are stored in connection with the server, in which case by comparing the anonymous identifier calculated and transmitted by the device to the stored identifiers it is determined whether the person has the right to vote and whether he/she has already possibly voted. If the voting event is accepted, data on that the right to vote for this identifier has already been used in this voting event is stored in connection with the anonymous identifier in question.

Abstract

The invention relates to a method in data transmission data, where person-specific data is collected. In order to collect data, a person performs login with an identification means (5), to which a personal identifier (6) is connected. The collected data is transmitted to a processing device (3) for processing. In the method, a unique, one-way anonymous identifier (9) is formed on the basis of the data contained by the person’s identifier (6). On the basis of the anonymous identifier (9), the person’s identifier (6) and the identification means (5) remains unestablished. Said anonymous identifier (9) is used to confirm the collected person-specific data into anonymous data, in which case said anonymous data is transmitted to the collection device (3). The invention also relates to a system (1) where the method is applied, as well as to a collection device (2) to be used in the system.

Description

A method in data transmission, a data transmission system, and a device
Description of the invention
The present invention relates to a method in transmitting feedback from a feedback system to a person's terminal without determining the person's identifier in connection with sending the feedback, wherein person-specific data is collected with a collection device, in which case in order to collect data with the collection device, a person's personal identifier connected to an identification means is read, a unique oneway anonymous identifier is formed on the basis of the information contained by the person's identifier, said anonymous identifier is used to convert the collected person-specific data into anonymous data, in which case said anonymous data and the anonymous identifier are transmitted from the collection device to the processing device, where said anonymous data and the anonymous identifier are stored. The invention also relates to a transmission system of data, which comprises a means for identifying a person, to which is attached a personal identifier, a collection device, which comprises means for collecting person-specific data, and means for collecting data of a person on the basis of said identification means and identifier, a processing device, a data transmission network for transmitting the collected data to the processing device, a terminal, a feedback system of a service provider, to which feedback is arranged to be stored, means for forming a unique one-way anonymous identifier on the basis of a person's identifier, means for modifying the collected person-specific data into anonymous data on the basis of said anonymous identifier, and means for transmitting the anonymous data and for storing them in the processing de- vice. In addition, the invention relates to a processing device to be used in the data transmission system, which transmission system comprises a means for identifying a person, to which means is attached a personal identifier, a collection device, which comprises means for collecting person-specific data, and means for collecting data of a person on the basis of said identification means and identifier, a data transmission network for transmitting the collected data to the processing device, a terminal, a feedback system of a service provider, to which feedback is arranged to be stored, means for forming a unique one-way anonymous identifier on the basis of a person's identifier, means for converting the collected person-specific data into anonymous data on the basis of said anonymous identifier, and means for transmitting the anonymous data and storing them in the processing
Background of the invention
Nowadays, different identification means are used in connection with several systems, with which means persons can notify a system on information about themselves. This kind of identification means include different membership cards, which are, for example, store-chain-specific, organization-specific, company-specific, etc. Thus, when a person performs some procedure in an outlet belonging to the system in question, identification data included in the identification card are notified to the system by means of the person's identification means, such as personal data, as well as data on the procedure the person performed. As a non-limiting example of this kind of an event can be mentioned shopping in the store of some chain of stores. When the person pays for his/her shopping, the identification data on the person's identification means, such as a customer card, is scanned to the cash regis- ter terminal. In addition, data connected to the purchases, such as the items purchased, their price, the total price of the purchases, the location and time of purchase, data on the sales person, etc., are stored. This data is transmitted via a suitable data transmission channel to a processing device, where the data is advantageously stored in a data- base. This data can then be combined, in which case statistic data is received from different outlets, of a persons' shopping behaviour, etc. A problem in this kind of a system is, however, that in several countries collecting and processing personal data is limited by legislation. Thus, it is possible to ask a person for permission to collect data. If a person does not agree to this, the data collected of a person's behaviour cannot contain any data identifying the person. Thus, the utility value of the system for the maintainer of the system may decrease, because, for example, advertising or other feedback cannot be targeted to certain persons anonymously. On the other hand, no data is gathered on what type of persons acquire certain items, for example, whether the pur- chasers include men, women, what is the age distribution, capital, income level of the purchasers, etc. In addition, the same person may have cards for several different organizations, in which case the importance of different kinds of membership offers decreases, because a person cannot very easily be committed as a user of the sen ices of a certain organization.
The patent application US-2002/0019764 presents a system and a method for performing procedures in the Internet anonymously, i.e. without having to transmit data identifying the person in the system. A person may log in to a closed data network anonymously and browse the services in this closed data network, etc. The system can thus store different behaviour data in the user profile of the system, but on the basis of this data, it is not possible to determine the real identity of the person. The person has made a contract of service with some reliable service provider, in which case the person may sign in to a system by means of a server of this sen/ice provider or the like. The system is based on that the person logs in with some user identifier and password determined by himself/herself. These are recommended to be selected as such that the identity of the person cannot be established on the basis of them. In practice, however, the person must determine in his/her own workstation the user settings agreed with the service provider, by means of which settings the workstation contacts the system. These user settings are thus not the same as the user identifier and password determined by the user. On the basis of the user set- tings, the system knows that this is a person who has the right to use the system. Thus, identifying data can also be collected of the person, or if some unreliable party gains access to the server, this data can be established and connected to the user identifier of the person in question. In addition, if a person wants to go on to browse services outside said closed data network, etc. at his/her workstation, the per- son must in some cases reveal his/her identity, for example, in order to shop via the data network.
Summary of the invention
It is an aim of the present invention to provide a method and a system, by means of which it is possible to transmit feedback to persons anonymously. The invention is based on the idea that an analysis is performed in the feedback system of the service provider in order to establish which anonymous data of the anonymous identifier stored in the collection system are suitable for the selection criteria of the receiver of the feedback, in which case an impulse is formed for this kind of anonymous identifiers, which impulse is stored in the feedback system of the service provider. After this, when a person corresponding to said anonymous identifier, is connected via. a data processing device to the site of the service provider, it is detected in the feedback system that at least one impulse comprises data corresponding to the anonymous identifier of said user, in which case a feedback connected to the impulse is sent to the data processing device. A one-way search iden- tifier has been formed in the data processing device before transferring to the site, which identifier the feedback system compares to the anonymous identifiers connected to the impulses, so that the identity of the person is not revealed. One-way in this connection means that on the basis of an anonymous identifier, it is not in practice possible to establish the identification means the anonymous identifier or the anonymous search identifier is connected to. This kind of unique, oneway identifier can be formed by means of, for example, so-called hash functions. To put it more precisely, the method according to the present invention is primarily characterized in that in order to transmit feedback on the basis of said anonymous identifier, an impulse is determined for the person in the feedback system of the service provider on the basis of the anonymous data, to which impulse are attached feedback and data on one or more anonymous identifiers as the anonymous receivers of the feedback, in which case - the person performs the input of a personal identifier to the terminal, where a one-way anonymous search identifier is formed of the personal identifier,
- a data transmission connection is formed from the terminal to the feedback system,
- an anonymous search identifier is transmitted to the feedback system,
- an impulse is searched in the feedback system, to which impulse data on the anonymous identifier is attached, which corresponds to said anonymous search identifier transmitted from the terminal, and
- the feedback attached to said impulse is sent from the feedback system to the terminal by using said data transfer connection.
The system according to the present invention is primarily charac- terized in that the system comprises:
- means for determining the impulse for the feedback system of the service provider on the basis of the anonymous data, to which impulse is arranged to be attached data on one of more anonymous identifiers as the anonymous receiver of the feedback, - in the terminal
- input means for inputting a personal identifier,
- calculation means for forming an anonymous search identifier on the basis of the input personal identifier,
- sending means for transmitting the anonymous identifier formed in the terminal to the feedback system, in which case the system in addition comprises
- search means for searching an anonymous identifier corresponding to the anonymous search identifier formed in the terminal from the impulses stored in the feedback system, and - sending means for transmitting the feedback attached to the searched impulse from the feedback system to the terminal.
The present invention shows remarkable advantages over solutions of prior art. The arrangement according to the invention enables trans- mitting feedback to a person without the danger of the identity of the person being revealed. Thus, the person can use his/her own identifier means and it is still possible to collect data anonymously of the person's behaviour and to transmit feedback on the basis of anonymous data to such persons whose anonymous data comprises such one or more properties that meet the search criteria set for certain feedback at each time. In the solution according to the invention, having to select an anonymous identifier for a person is avoided. The person himself/herself does not have to invent an anonymous identifier for himself/herself either. The system according to the invention can be applied even in connection with already existing systems by using the al- ready existing identifier means by only making the necessary additions and modifications to the system. The invention enables, for example, advertising targeted according to person-specific properties, even if the identity of the person is not known to the system. Thus, the advantage of a system developed by store chains, organizations and other sen/ice providers for the system maintainer is greater, because the need for supplying different advertisements, bulletins, etc. to such persons who are not interested in them or who for some other reasons do not benefit from them, is decreased. This also decreases the operating costs of the system. The data security of an individual can be secured almost perfectly in the system.
The invention enables, among other things, an interactive anonymous data transmission connection between the store and the customer, with the actual shopping behaviour of the purchasers as the basis.
A person in connection with this invention does not necessarily refer to one physical person, but it can be a community, a family, an individual, a couple or some other unit.
In the following, the invention will be described in more detail with reference to the appended drawings, in which
Fig. 1 shows a system according to a preferred embodiment of the invention in a reduced chart, Fig. 2 shows the collection device according to a preferred embodiment of the invention in a reduced block chart,
Fig. 3 shows an identification means used in the system according to an advantageous embodiment of the invention,
Fig. 4 shows the collection of data on the basis of an anonymous identifier used in the method according to an advantageous embodiment of the invention in a reduced chart,
Fig. 5 shows a method according to another advantageous embodiment of the invention in a reduced chart, in which method feedback is collected and the effect of bulletins is measured,
Fig. 6 shows the formation of an anonymous identifier and transmission of a message by using the anonymous identifier used in a method according to an advantageous embodiment of the invention in a reduced chart, and
Fig. 7 shows an arrangement for sending feedback to the user according to an advantageous embodiment of the invention in a reduced chart.
The system 1 according to Fig. 1 comprises advantageously at least a collection device 2, a processing device 3 and a data transmission channel 4 for transmitting the data formed on the basis of the data collected with the collection device 2 to the processing device 3. It is obvious that the system 1 of Fig. 1 is only one reduced example of the system where the method according to the invention can be applied. For example, there are typically several tens, hundreds or even thousands of collection devices 2 in one system. The data transmission channel 4 comprises a data network 4.1, such as a telecommunication network or the like, where data can be transferred between devices in a manner known as such. The data network can also comprise, for example, the Internet 4.2, in which case data can be transferred almost unlimitedly irrespectively of where the collection devices 2 and the processing device 3 are located. It is also obvious that the number of processing devices 3 is also not limited only to one device, but there can be even several of them. However, data can be transmitted ad- vanfageously between different processing devices and one processing device can, if necessary, be determined as a device controlling the other processing devices.
In the following, the collection device 2 according to an advantageous embodiment of the invention presented in Fig. 2 will be described more in detail. It comprises a scanner 2.1 of the identification means for scanning the data of the person's identification means 5 to the collection device 2. The collection device 2 also comprises memory 2.2 for storing, at least temporarily, the different kinds of data required in the operation of the collection device and scanned from the identification means 5. In addition, the collection device 2 comprises a processor 2.3 for controlling the operation of the collection device. In addition, the collection device advantageously comprises a display 2.4 and one or more keyboards 2.5, 2.6 or a corresponding input device of data. In this embodiment, the collection device 2 is a cash register or the like, which comprises a first 2.5 and a second keyboard 2.6, as well as a scanner 2.7 for encoded data. With the first keyboard 2.5 the cashier can input data required in the sales event. In this example, the second keyboard 2.6 is mainly intended for the use of the customer, in which case the customer may, if necessary, input the PIN-code (Personal Identity Number) corresponding to their own identification means, in which case a separate written signature is not required. The scanner 2.7 of encoded data is, for example, a bar code scanner, a scanner for information stored in a magnetic form, or even a device capable of remote scanning, such as a scanner of the so-called RFID-identifiers. By using this scanner 2.7 for encoded data, the cashier can perform the scanning of the data of the items purchased by the customer into the collection device 2. It is possible that there are several different scanners 2.7 for encoded data in the collection device. The scanner 2.1 of the identi- fication means is, for example, a device suitable for scanning a smart card, a magnetic stripe card, and/or other corresponding identification means. Devices suitable for remote scanning can also be used in this connection. In an advantageous embodiment, it is possible to use a mobile phone subscription card, i.e. a so-called SliVl card, as a person's identification means. Thus, transferring data can be performed e.g. via a mobile communication network (not shown), or via data transfer means (not shown) suitable for a wireless local data transfer, such as radio frequency or optical data transfer.
The collection device 2 also comprises data transfer means 2.8 for sending data from the collection device 2 via a data transfer network 4 to the processing device 3.
In the following, the operation of the method according to a preferred embodiment of the invention in a system of Fig. 1 will be described with reference to the chart shown in Fig. 4. A purchasing event is used here as an example of an event, where person-specific data is intended to be collected. Thus, a person, i.e. a customer, collects the items to be purchased in a store and after, this moves to the cash desk to pay for these items. It is assumed that the customer has an identification means 5, which is, for example, a credit card or a debit card, or a customer card for the store or store chain in question. In connection with the payment event, the customer gives the identification means to the cashier, who places the identification means 5 in the scanner 2.1 in order to scan at least part of the data stored in the identification means 5 to the collection device 2. When using remote scanning, the identification means does not need to be set into the scanner 2.1, but the scanning can be performed without handing the identification means 5 to the cashier.
The identification means comprises, for example, a number sequence (Fig. 3) or other identifier 6 identifying the identification means. The identifier 6 is scanned to the collection device 2 and stored in the memory 2.2 (block 401 in the chart of Fig. 4).
The cashier starts entering the shopping into the collection device 2, for example, by means of the first keyboard 2.5 and/or the scanner 2.7 of encoded data. Price data can be stored in the cash system 7 of the store, in which case an identifier, amount, if necessary, weight or other unit of the purchased item is scanned into the collection device 2, on the basis of which the price is determined. The collection device 2 can determine a unit price from the cash system 7, in which case the total price of the purchased item can be calculated. When all the purchased items have been entered into the collection device, the total price of the purchases can be calculated and a receipt can be printed (block 402). The customer can carry out a payment either in cash or by using said identification means, if a function enabling the payment has been included in. If the identification means is used for payment as well, an identifier of the payer's identification means is sent from the collection device to the payment system 8 (block 403), as well as data on the total sum of the shopping. Thus, the payment is eventually debited from the customer's account, or an invoice is sent to the customer. In order to charge the payment event, identification data is therefore to be sent from the collection device, on the basis of which data the payer can be determined. This identification data is not, however, sent in the system to such a place where data on the customer's identity cannot be in- eluded. In the system according to Fig. 1, the processing device 3 is assumed to be this kind of a device, where statistic data or the like is collected, but person-specific data is not handled.
The collection device 2 can thus collect many kinds of data on the pur- chase events, in addition to price data. Thus, for example, establishing the storage situation substantially in real-time is possible. Also, estimating the sales of products in advance can become easier, the data on previous sales of the product can also be studied. In addition, by combining different kinds of data, it is possible to draw up shopping behaviour profiles, etc. When data from several collection devices 2 and over a relatively long time is collected in the processing device 3, it is possible to perform more exact statistic analysis on the basis of different kind of criteria.
As was already mentioned earlier in this description, collecting person- specific data is prohibited in some countries, and therefore according to the present invention, the formation of an anonymous identifier 9 is performed on the basis of an identifier 6 scanned from the identification means 5 to the collection means 2 (Figs 3, 4 and 7). This anonymous identifier 9 is formed in such a manner that on the basis of it, it is in practice impossible or almost impossible to establish which identification means 5 is in question in the identifier 6. This kind of an anonymous identifier 9 can thus also be called a one-way identifier. The calculating method of the anonymous identifier is preferably such that each different identifier 6 gives as a result a different kind of an anonymous identifier 9, i.e. it is a unique anonymous identifier. In addition, in some cases it is advantageous that the number of the marks included in the anonymous identifier 9 is substantially the same, irrespective of the number of the marks in the identifier 6. One method for forming this kind of an anonymous identifier is the use of the so- called: hash functions. An input of the hash functions is the mark sequence of .the identifier 6,,and an anonymous identifier 9 is received as an output. This is illustrated by block 404 in the chart of Fig. 4. When the anonymous identifier 9 has been determined and the purchasing event carried out, the data collected of the purchasing event, apart from data enabling the identification of the purchaser, can be sent together with the anonymous identifier 9 to the processing device 3 (block 405). In the processing device 3, the collected data can be stored and used, for example, in carrying out statistic analyses. It has been possible in the processing device 3 to store such data of the per- sons connected as users of the system, which does not identify these persons, such as age, sex, place of residence, income level, wealth, hobbies, etc. This data has been stored advantageously at the stage when the person has made a contract with the maintainer of the system 1. For example, when a person gets a customer card for some chain of stores, the person can inform the above-mentioned data in the application form. Thus, an identification means 6 is determined in the system for the person and an anonymous identifier 9 is calculated. The anonymous identifier 9, as well as the non-identifying data on the person are stored in the system 1 , advantageously in the database 3.1 of the processing device 3. On the basis of this data it is thus not possible to determine the identity of the person, but the data can be used in statistic analyses and other such procedures.
The identification data of a person is stored in some other database (not shown) of the store chain, in which case if is possible to send ord nary addressed customer mail via post. In the case that the identifi cation means 5 also comprises payment and/or credit features, ident tying data for this is to be stored in the payment system 8.
In the processing device 3, the stored and determined data can also be used in sending feedback, bulletins, advertisements, etc. to the person. This can be performed via several feedback channels 10, 12, such as portals in the Internet 4.2, wireless devices (mobile phones, portable computers, etc.), PDA devices (e.g. palm and notebook computers), channels enabled by digital TV, chip cards, etc.
A phase in the feedback formation is the formation of a so-called impulse. This impulse is. formed, for example, when the shopkeeper wants to send specified advertising to such persons, whose charac- teristic or characteristics fulfil the desired criteria, for example, age, wealth, hobbies, etc. In the feedback system 10, such as the processing device 3, a search profile or the like is formed on the basis of the desired criteria, which profile is compared to the anonymous data stored in the database of the processing device 3. When a record is found, where the criteria are fulfilled, data on the anonymous identifier of this record is set in connection with the impulse. This data is, for example, an anonymous identifier 9, i.e. the anonymous identifier 9 is copied to the impulse. When all the anonymous data or some limited group of anonymous data has been processed, the impulse contains data on the anonymous identifiers 9 of such persons, with whom the search criteria are fulfilled. Data on the feedback is also included in the impulse, such as an advertisement, which is meant to be brought to the attention of the target persons determined in the search. The transmission of the feedback attached to the impulse to the target persons takes place, for example, in the following manner. When some target person, for example, browses the website of a service provider in the Internet 4.2 with his/her terminal, on which site a feedback mechanism is implemented, examination of the impulses is performed in the feedback system in order to determine whether an anonymous identifier corresponding to the person in question is attached to some impulse. Since the person's identity is to be kept unknown, an anonymous search identifier has been formed in the person's terminal 13, which is transmitted to the Internet 4.2 instead of the person's identifier 6. In order to form an anonymous search identity 9a, the person has performed login with, for example, his/her identification means 5, or by in- putting 701 (Fig. 7) an identifier in the identification means to the terminal 13, in which case the terminal 13 has calculated 702 an anonymous search identifier and uses that as the user identifier of the person instead of data identifying the person. An anonymous search identifier 9a is calculated, for example, by means of the same algorithm, hash function or the like, which is used in the calculation of the anonymous identifier 9 performed in connection with collecting data. Thus, the anonymous identifier 9 and. the anonymous search identifier 9a have the same content preferably only in that case that the input, i.e. the personal identifier is the same in both. It is, however, obvious that the anonymous identifier 9 and the anonymous search identifier 9a do not necessarily have to be completely identical before feedback is sent, but in order to send feedback it may be enough that, for example, a certain part of the anonymous search identifier 9a must be the same as in the anonymous identifier 9.
When the person moves to the homepage of the sen/ice provider, the terminal 13 sends 703 the anonymous search identifier 9a it has calculated to the server where the service provider's homepage is stored and from where the data on the homepage (site) has been sent to the terminal 13 to be presented to the person. After this, the data is transmitted, if necessary, to the processing device 3 (if the server and the processing device 13 are separate devices), in which case the processing device 3 or other suitable device of the service provider compares the anonymous search identifier of the person in question (user identifier) to the data in the impulses and when detecting an identifier that is suitable for the anonymous search identifier 9a in the impulses, the processing device 3 can send 704 feedback connected to the impulse in question, such as a bulletin, advertisement, etc. to the person's terminal 13. Thus, the person receives data addressed exactly to him/her without endangering the person's identity at any stage. Sending feedback can be performed by using the same mechanism, with which data is sent from the sen ice provider's website to the person's terminal 13. This can be performed, for example, by using packet transmission mechanisms known as such and in use in, e.g., the Internet Thus, when the user browses the website of the service provider, a kind of a two-way data transfer connection (packet connection) is formed between the terminal 13 and the website, in which case transmitting data both ways is possible. It is obvious that the routing of packets is not, however, necessarily always the same, but different packets of even the same data transfer connection may be transmitted from the sender to the1 receiver through differentroutes. This, however, is not significant from the point of view of applying the present invention.
The above-presented is only one example of using the collected data for giving feedback, but it is obvious that the invention can be applied in several other fields as well and for transmitting very different kinds of data. It should also be mentioned that the impulse can also be made to be based on shopping behaviour. Thus, a profiling is performed on the basis of the actual shopping behaviour of a customer, which is used as a basis for personalizing a message directed to him/her individually to him/her. For example, the shopkeeper at a neighbourhood store can make special offers, and the person can receive data on this kind of special offers, for example, when browsing the Internet in the above- presented manner. The system according to the invention makes it possible to, for example, analyze the effect of advertising and other bulletins better and more accurately than in solutions according to prior art, because in the system according to the invention it is firstly possible to establish which anonymous identifiers the bulletin has been sent to, which anonymous identifier has read the bulletin, and which of this kind of anonymous bulletins have been used, for example, when purchasing the advertised product. Therefore, in the system it is pos- sible to receive feedback and on the basis of this feedback to change, if necessary, the bulletins/bulletin policy and to further monitor the effect of the changes. Thus, in the system according to the invention if is possible to apply the principle of a kind of a continuous loop, where the impulse creates a feedback, which further creates a correction movement, if necessary, which creates a new feedback, etc.
The method applying the above-mentioned procedure is presented in Fig. 5 in a reduced chart. The method is composed of different phases, which are described briefly in the following. A bulletin is determined (e.g. a commercial bulletin) and a suitable group of receivers is selected for it (phase 501 in Fig. 5). Some criterion sensible from the point of view of the bulletin is used in selecting the group of receivers, such as the possible special diets (celiac disease, lactose intolerance, etc.). This data is collected, for example,; when a person has applied for a membership card or the like, in which case the anonymous identifier can be formed, for example, on the basis of the membership card number. Data can also be collected in such a manner that data on the shopping behaviour of a person, i.e. data connected to purchase, and/or other data is collected and profiled anonymous identifier -specifically. A combination of several methods can also be used in collecting data. Irrespective of the collection manner, the data is stored in connection with the anonymous identifier in such a manner that it is not possible to identify the person in question on the basis of them. In the next phase 502, the message is sent to the selected receiver group, e.g., via e-mail, or a link or the like is set on the www-page of the company, via which a person in the selected group is offered an opportunity to familiarize with the bulletin (503). A monitoring time is also determined for the bulletin, in which case after this time has passed, it is examined how many persons of the selected receiver group have received the bulletin and familiarized with it. On the basis of this, it is possible to conclude the effectiveness of the receipt of the bulletin, i.e. the so-called cover. In addition, in the method it is monitored how the effect of the bulletin is realized into purchasing events 504. Data col- lected of the purchasing events is stored in a database, in which case it is possible to examine in the database how many persons who have read the bulletin have also purchased the product concerned. On the basis of this, it is possible to conclude the effect of the bulletin and, if necessary, to perform corrective procedures in order to increase the effect of the bulletin 505.
From the point of view of the above-described measuring action, it is advantageous that a sufficient database has been collected of a group of persons, such as customers, on the basis of their shopping behaviour. Data on a purchasing event is attached to an anonymous indi- vidual, not the entire group. Thus, it is possible to perform profiling for the individual being examined in order to form a desired, strictly limited and quantitatively restricted group. The bulletin being formed must correlate with the profiling largely enough, where the effect of random factors can be decreased into small enough.
The invention makes complete anonymity possible with great certainty. The identity of the person is not known; It is not known whether the person subject is a community, a family, an individual, a couple or some other unit. This results in that it is not possible to know the age, sex, profession or any other factor identifying the person demographi- cally or socially. The person subject has only an identifying identifier. Anyone who knows the identifier 6 or the anonymous identifier 9 and the password can use the system and act as a subject. Logging in as a user of the system does not assume any background data of the user. Logging in as a user as such creates the required interactive relationship.
In the solution according to the invention, receiving a more trustworthy customer feedback or the like is more certain, because feedback can be given anonymously. Thus, the identity of the person giving feedback is not revealed, in which case, in some cases, more feedback is given and more truthfully.
Fig. 6 further presents a chart of an example of transmitting a message by means of an anonymous identifier. In phase 601, a personal identifier (identification card -specific) is scanned from the identification card or input, e.g. with a keyboard. On the basis of this, in phase 602, an anonymous identifier is calculated, e.g. in the collection device 2, a computer terminal or the like. If the user wants to send a message to the system, for example to a shopkeeper, he/she can now do that by means of the anonymous identifier (phase 603). It is also possible to send a message from the system to the user on the basis of this anonymous identifier (phase 604).
In the following, some properties of the system and the concepts con- nected to them are described.
Operation-oriented interactive profiling
Operation-oriented interactive profiling refers to the profiling of the per- son-specific properties of a unit (user unit, user subject) involved in the system in an interactive relationship. Thus, the profiling of the user at point t-1 (t minus 1) is known, and of this is formed a qualitative or statistic quantitative classification (factoring, clustering, etc.). On the basis of this classification, it is possible to perform an effect testing, where the users are informed of new possibilities in a form of a test setting or a simpler setting. This results in a change of behaviour to time unit to. The change of behaviour between t-1 and to can be measured in profile classes. The effect of information on the behaviour can be calculated within the limitations of the setting, in which case it is possible to conclude which information produces which change in each profile class.
Profiling method with gearing effect
The operation-oriented profiling calculation produces data on which information operates as the gearing of the operation in the entire basic group, as well as in each category. The analysis can be developed by calculating the gearing effect vice versa as well, i.e. by grouping the classes of the power effects of different gearings in the basic subject matter, i.e. the basic group can be classified again on the basis of the gearing effects into different effect classes, i.e. effect segments. Thus, the gearing class can be set as the target of the next setting, i.e. the basic group is structured to gearing classes and the testing is performed in relation to gearing classes with the gearing behaviour at time fO, the distribution of new information at time to, behaviour at time t1 as the basis. The validity of the gearing classes as sfrucfurers of operation can be concluded from this.
The protection of identity, information channelling and information transmission in an interactive relationship
Operation-oriented profiling leads to the classification of user units purely on the basis of operation, in which case the identification of the user unit can be performed purely on the basis of the anonymous identifier 9. The anonymous identifier, in turn, operates as a connection means. It can be used as an absolute anonymity, in which case anyone who contacts the system with a certain ahonyrhous identifier receives treatment, according to the profiling, which is completely independent of the user's personal data, if it even. exists in the case of a group, and the system does not even assume the registering of any data like this. The only data that is required is the identification of the feedback channel given by the user, which can be a real-time absolute anonymous identifier used on the Internet, a post office box used for mailing, Poste Restante, any e-mail address, a general mailing address of an office, a pseudonym, the address of some contact person, address of the parents, the person's own address, a pickup place for post, an SMS number, or some new anonymous transmission mechanism.
Gearing effect as the core of operation control
Gearing effect analysis leads to anonymous interaction, where the gearing effect controls operation. The commitment to the identity that confirms the gearing effect makes the gearing analysis a manner to parse the product selection and its renewal in such a manner that a part of the users are unbending and committed to their traditions, part require changes, part something else. The method makes it possible to attach an anonymous identifier to the gearing class of the user. The gearing class can also be contentual in such a manner that it comprises some issue, such as vegetarianism, meat, fish, natural product, etc. This can be specified with some additional conditions, such as diabetic diet, celiac disease, etc. combined with the gearing class. Thus, in interaction, for example, a change-eager vegetarian is informed, a traditional consumer is informed of a coffee offer, or a renewal -eager steak purchaser is informed of a marinated marbled fillet. The idea is to know whether some anonymous identifier can be triggered with some target of interest of the anonymous identifier, and what that target is.
Commitment
An interactive relationship changes into customership, because the users receive their own focused feedback from the system. Similarly, a change in the situation, such as marriage, divorce, moving, etc. appears indirectly in operation, and thus the profile and gearing category change. Unnecessary data is quickly eliminated in a few time units; the correction performed by. -the system takes place. Feedback cannot be received from anywhere else. Additional value services can be added to commitment, which services are received only via an anonymous identifier.
Economy of advertising
Advertising is focused and it becomes permanently adjusted with the situation. The system controls the information flow target-specifically in an economic manner. Unnecessary information flow is interrupted when the feedback is negative over a certain time period. Qualitative and useful information flow grows stronger.
There are also several other application fields for the invention besides the ones presented above. For example, voting can be carried out in the system according to the invention without endangering the secrecy of voting. The persons entitled to vote can, for example, be sent a bul- letin about their right to vote in an election. This bulletin can include an individual identifier. When a person goes to a polling station, his/her identity is normally checked, after which he/she can vote. By applying this invention, voting can now be performed in such a manner that a person inputs their individual identifier to an input device at the actual polling station, or some computer terminal or the like. The calculation of an anonymous identifier and a transmission to a server monitoring the voting is performed in the device. Data on the anonymous identifiers are stored in connection with the server, in which case by comparing the anonymous identifier calculated and transmitted by the device to the stored identifiers it is determined whether the person has the right to vote and whether he/she has already possibly voted. If the voting event is accepted, data on that the right to vote for this identifier has already been used in this voting event is stored in connection with the anonymous identifier in question.
It will be obvious that the present invention is. not limited solely to the above-presented embodiments but it can be modified within the scope of the appended claims.

Claims

Claims:
1. A method for transmitting feedback from a feedback system (10) to a person's terminal (13) without determining the person's identifier in connection with sending the feedback, in which person-specific data is collected with a collection device (2), in which case in order to collect uata.
- a personal identifier (6) connected to the person's identification means (5) is scanned with the collection device (2), - a unique, one-way anonymous identifier (9) is formed on the basis of the data contained by the person's identifier (6).
- said anonymous identifier (9) is used to confirm the collected person-specific data into anonymous data, in which case
- said anonymous data as well as the anonymous identifier (9) are transmitted from the collection device (2) to< the processing device
(3), where said anonymous data as well as the anonymous identifier
(9) are stored, characterized in that in order to transmit feedback (11) on the basis of said anonymous identifier (9), an impulse is determined for the person in the service provider's feedback system (10) on the basis of anonymous data, to which impulse feedback as well as data on one or more anonymous identifiers (9) as anonymous receivers of feedback is connected, in which case
- the person performs the input of a personal identifier (6) to the terminal (13), where a one-way anonymous search identifier (9a) is formed of the personal identifier (6),
- a data transmission connection is formed from the terminal (13) to the feedback system (10),
- the anonymous search identifier (9a) is transmitted to the feedback system (10),
- an impulse is searched in the feedback system (10), to which data on the anonymous identifier (9) is attached, which corresponds to said anonymous search identifier (9a) transmitted from the terminal (13), and - the feedback (11) attached to said impulse is sent from the feedback system (10) to the terminal (13) by using said data transfer connection.
2. The method according to claim 1 , characterized in that the method is used in connection with the purchasing event, in which case data on the purchases made by the person, as well as data on the prices of the purchases are collected, that said anonymous identifier (9) is used in transmitting other data than price data.
3. The method according to claim 1 or 2, characterized in that on the basis of said anonymous identifier (9) a bulletin (11) is transmitted to at least one person, the effect of the transmitted bulletin (11) is monitored by examining the purchasing events performed by at least one such anonymous identifier to which said, bulletin has been sent.
4. The method according to claim. 3, characterized in that data on at least one selling line is included in the bulletin, data on receiving the bulletin is formed, of which the anonymous identifier of the recipient becomes apparent, and of the purchasing events registered on the basis of the anonymous identifier in question after the receipt of the bulletin it is determined whether they include some selling line of which data has been attached to the bulletin, in which case the effect of the bulletin is determined by comparing the purchasing amounts of the selling line according to the analysis to those numbers of anonymous identifiers that the bulletin has been sent to.
5. The method according to claim 3 or 4, characterized in that the re- suit of examination is used to change the bulletin (11) and/or its transmission practice.
6. The transmission system (1) of data, which comprises an identification means (5) of a person, to which a personal identifier (6) is connected, a collection device (2), which comprises means (2.5, 2.6, 2.7) for collecting person-specific data, and means (2.1) for collecting data on a person on the basis of said identification means (5) and identifier (6), - a processing device (3), a data transmission network (4) for transmitting the collected data to the processing device, a terminal (13), a feedback system (10) of a service provider, to which feedback is arranged to be stored, means (2, 2.3) for forming a unique, one-way anonymous identifier (9) on the basis of the person's identifier (6), means (2) for converting the collected person-specific data into anonymous data on the basis of said anonymous identifier (9), and means (4) for transmitting anonymous data and storing in the processing means (3), characterized in that the system comprises
- means for determining an impulse in the feedback system (10) of the service provider on the basis of the anonymous data, to which impulse data on one or more anonymous identifiers (9) is arranged to be attached as the anonymous receiver of the feedback,
- in the terminal (13)
- input means of inputting a personal identifier, - calculation means for forming an anonymous search identifier on the basis of the input personal identifier (6),
- sending means for transmitting the anonymous identifier formed in the terminal (13) to the feedback system (10), in which case the system in addition comprises - search means for searching an anonymous identifier (9) corresponding to the anonymous search identifier formed in the terminal (13) of the impulses stored in the feedback system (10), and
- sending means for transmitting the feedback (11) attached to the searched impulse from the feedback system (10) to the terminal (13).
7. The system according to claim 6, characterized in that a collection device (2) is a cash register, which comprises said means (2.5, 2.6, 2.7) for collecting person-specific data, and means (2.1) for collecting data on a person on the basis of said identification means (5) and identifier (6).
8. The system according to claim 6 or 7, characte se in that if comprises a feedback system (10), which comprises at least one feedback channel (12) for sending feedback on the basis of an anonymous iden- tifier to a person without using said person-specific data.
9. A processing device (3) to be used in a data transmission system (1), which transmission system comprises an identification means (5) of a person, to which a personal identifier (6) is connected, a collection device (2), which comprises means (2.5, 2.6, 2.7) for collecting person-specific data, and means (2.1) for collecting data on a person on the basis of said identification means (5) and identifier (6), - a data transmission network (4) for transmitting the collected data to the processing device (3), a terminal (13), a feedback system (10) of a service provider, to which feedback is arranged to be stored, - means (2, 2.3) for forming an individual, one-way anonymous identifier (9) on the basis of the person's identifier (6), means (2) for converting the collected person-specific data into anonymous data on the basis of said anonymous identifier (9), and - means (4) for transmitting anonymous data and storing in the processing means (3), characterized in that the processing device (3) comprises - means for determining an impulse in the feedback system (10) of the service provider on the basis of the anonymous data, to which impulse data on one or more anonymous identifiers (9) is arranged to be attached as the anonymous receiver of the feedback, receiving means for receiving an anonymous search identifier (9a) formed on the basis of a personal identifier in the terminal (13), search means for searching an anonymous identifier (9) corresponding to the anonymous search identifier formed in the terminal (13) of the impulses stored in the feedback system (10), and sending means for transmitting the feedback (11) attached to the searched impulse from the feedback system (10) to the terminal (13).
PCT/FI2004/050036 2003-04-11 2004-04-13 A method in data transmission, a data transmission system, and a device WO2004090697A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP04727032A EP1616234A1 (en) 2003-04-11 2004-04-13 A method in data transmission, a data transmission system, and a device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20035043 2003-04-11
FI20035043A FI116170B (en) 2003-04-11 2003-04-11 Method of conveying return information from a feedback system, as well as data transmission system

Publications (1)

Publication Number Publication Date
WO2004090697A1 true WO2004090697A1 (en) 2004-10-21

Family

ID=8566377

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2004/050036 WO2004090697A1 (en) 2003-04-11 2004-04-13 A method in data transmission, a data transmission system, and a device

Country Status (3)

Country Link
EP (1) EP1616234A1 (en)
FI (1) FI116170B (en)
WO (1) WO2004090697A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006001773A1 (en) * 2004-06-24 2006-01-05 Lennart Efraimsson Converting original user identity to a new anonymous user identity in order to access relevant location of a home page
EP2242292A1 (en) 2009-04-17 2010-10-20 Sics, Swedish Institute Of Computer Science AB collecting and associating data
WO2016081715A1 (en) * 2014-11-19 2016-05-26 rocket-fueled, Inc. Systems and methods for maintaining user privacy and security over a compouter network and/or within a related database
WO2018201873A1 (en) * 2017-05-05 2018-11-08 平安科技(深圳)有限公司 Medical data collection method, device, and server and computer readable storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5606610A (en) * 1993-11-30 1997-02-25 Anonymity Protection In Sweden Ab Apparatus and method for storing data
EP0884670A1 (en) * 1997-06-14 1998-12-16 International Computers Limited Secure database
EP0991005A2 (en) * 1998-10-02 2000-04-05 Ncr International Inc. Privacy-enhanced database
EP1026603A2 (en) * 1999-02-02 2000-08-09 SmithKline Beecham Corporation Apparatus and method for depersonalizing information
WO2001018631A1 (en) 1999-09-02 2001-03-15 Medical Data Services Gmbh Method for anonymizing data
EP1099996A1 (en) * 1999-11-03 2001-05-16 Ford Global Technologies, Inc. Privacy data escrow system and method
US20020019764A1 (en) 2000-07-06 2002-02-14 Desmond Mascarenhas System and method for anonymous transaction in a data network and classification of individuals without knowing their real identity
WO2003093956A1 (en) * 2002-04-29 2003-11-13 Mediweb Oy Storing sensitive information

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5606610A (en) * 1993-11-30 1997-02-25 Anonymity Protection In Sweden Ab Apparatus and method for storing data
EP0884670A1 (en) * 1997-06-14 1998-12-16 International Computers Limited Secure database
EP0991005A2 (en) * 1998-10-02 2000-04-05 Ncr International Inc. Privacy-enhanced database
EP1026603A2 (en) * 1999-02-02 2000-08-09 SmithKline Beecham Corporation Apparatus and method for depersonalizing information
WO2001018631A1 (en) 1999-09-02 2001-03-15 Medical Data Services Gmbh Method for anonymizing data
EP1099996A1 (en) * 1999-11-03 2001-05-16 Ford Global Technologies, Inc. Privacy data escrow system and method
US20020019764A1 (en) 2000-07-06 2002-02-14 Desmond Mascarenhas System and method for anonymous transaction in a data network and classification of individuals without knowing their real identity
WO2003093956A1 (en) * 2002-04-29 2003-11-13 Mediweb Oy Storing sensitive information

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006001773A1 (en) * 2004-06-24 2006-01-05 Lennart Efraimsson Converting original user identity to a new anonymous user identity in order to access relevant location of a home page
EP2242292A1 (en) 2009-04-17 2010-10-20 Sics, Swedish Institute Of Computer Science AB collecting and associating data
WO2016081715A1 (en) * 2014-11-19 2016-05-26 rocket-fueled, Inc. Systems and methods for maintaining user privacy and security over a compouter network and/or within a related database
WO2018201873A1 (en) * 2017-05-05 2018-11-08 平安科技(深圳)有限公司 Medical data collection method, device, and server and computer readable storage medium

Also Published As

Publication number Publication date
FI116170B (en) 2005-09-30
EP1616234A1 (en) 2006-01-18
FI20035043A (en) 2004-10-12
FI20035043A0 (en) 2003-04-11

Similar Documents

Publication Publication Date Title
Parra-Arnau et al. Myadchoices: Bringing transparency and control to online advertising
Holt Exploring the social organisation and structure of stolen data markets
KR100928198B1 (en) Online advertising effectiveness analysis method and system
KR100723540B1 (en) Method for evaluating a profile for risk and/or reward
Minkus et al. I know what you’re buying: Privacy breaches on ebay
US20090228340A1 (en) System and Method for Electronic Feedback for Transaction Triggers
US20070174295A1 (en) Systems and methods for collecting consumer data
US20150170139A1 (en) System and method for supporting analytics and visualization based on transaction and device data
US8510193B2 (en) Method for acquiring data from a user at the time of a card payment made using a payment terminal
KR101996798B1 (en) Method for providing qr code based payments service
CA2354230A1 (en) Electronic coupon system
WO2014012175A2 (en) Measuring influence in a social network
JP2004295326A (en) Purchase information management system for keeping secret personal information
JP2002073948A (en) Computer system and method of analyzing information
CA2824890A1 (en) Device for measuring spasticity
WO2013012946A1 (en) Transaction processing system
JP2004362045A (en) Group identification system, server device, program, recording medium and group identification method
US20150169692A1 (en) System and method for acquiring and integrating multi-source information for advanced analystics and visualization
JP2003316925A5 (en)
KR101959808B1 (en) On-line Integrated Management System
Adebiyi et al. An empirical investigation of the level of Adoption of mobile payment in Nigeria
Verma et al. Understanding the corpus of mobile payment services research: an analysis of the literature using co-citation analysis and social network analysis
KR101813003B1 (en) On-line Integrated Management System
JP2002042244A (en) Customer management system by bar code
US20030187721A1 (en) Method and apparatus for rating information management

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2004727032

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2004727032

Country of ref document: EP