A method in data transmission, a data transmission system, and a device
Description of the invention
The present invention relates to a method in transmitting feedback from a feedback system to a person's terminal without determining the person's identifier in connection with sending the feedback, wherein person-specific data is collected with a collection device, in which case in order to collect data with the collection device, a person's personal identifier connected to an identification means is read, a unique oneway anonymous identifier is formed on the basis of the information contained by the person's identifier, said anonymous identifier is used to convert the collected person-specific data into anonymous data, in which case said anonymous data and the anonymous identifier are transmitted from the collection device to the processing device, where said anonymous data and the anonymous identifier are stored. The invention also relates to a transmission system of data, which comprises a means for identifying a person, to which is attached a personal identifier, a collection device, which comprises means for collecting person-specific data, and means for collecting data of a person on the basis of said identification means and identifier, a processing device, a data transmission network for transmitting the collected data to the processing device, a terminal, a feedback system of a service provider, to which feedback is arranged to be stored, means for forming a unique one-way anonymous identifier on the basis of a person's identifier, means for modifying the collected person-specific data into anonymous data on the basis of said anonymous identifier, and means for transmitting the anonymous data and for storing them in the processing de- vice. In addition, the invention relates to a processing device to be used in the data transmission system, which transmission system comprises a means for identifying a person, to which means is attached a personal identifier, a collection device, which comprises means for collecting person-specific data, and means for collecting data of a person on the basis of said identification means and identifier, a data transmission network for transmitting the collected data to the
processing device, a terminal, a feedback system of a service provider, to which feedback is arranged to be stored, means for forming a unique one-way anonymous identifier on the basis of a person's identifier, means for converting the collected person-specific data into anonymous data on the basis of said anonymous identifier, and means for transmitting the anonymous data and storing them in the processing
Background of the invention
Nowadays, different identification means are used in connection with several systems, with which means persons can notify a system on information about themselves. This kind of identification means include different membership cards, which are, for example, store-chain-specific, organization-specific, company-specific, etc. Thus, when a person performs some procedure in an outlet belonging to the system in question, identification data included in the identification card are notified to the system by means of the person's identification means, such as personal data, as well as data on the procedure the person performed. As a non-limiting example of this kind of an event can be mentioned shopping in the store of some chain of stores. When the person pays for his/her shopping, the identification data on the person's identification means, such as a customer card, is scanned to the cash regis- ter terminal. In addition, data connected to the purchases, such as the items purchased, their price, the total price of the purchases, the location and time of purchase, data on the sales person, etc., are stored. This data is transmitted via a suitable data transmission channel to a processing device, where the data is advantageously stored in a data- base. This data can then be combined, in which case statistic data is received from different outlets, of a persons' shopping behaviour, etc. A problem in this kind of a system is, however, that in several countries collecting and processing personal data is limited by legislation. Thus, it is possible to ask a person for permission to collect data. If a person does not agree to this, the data collected of a person's behaviour cannot contain any data identifying the person. Thus, the utility value of the
system for the maintainer of the system may decrease, because, for example, advertising or other feedback cannot be targeted to certain persons anonymously. On the other hand, no data is gathered on what type of persons acquire certain items, for example, whether the pur- chasers include men, women, what is the age distribution, capital, income level of the purchasers, etc. In addition, the same person may have cards for several different organizations, in which case the importance of different kinds of membership offers decreases, because a person cannot very easily be committed as a user of the sen ices of a certain organization.
The patent application US-2002/0019764 presents a system and a method for performing procedures in the Internet anonymously, i.e. without having to transmit data identifying the person in the system. A person may log in to a closed data network anonymously and browse the services in this closed data network, etc. The system can thus store different behaviour data in the user profile of the system, but on the basis of this data, it is not possible to determine the real identity of the person. The person has made a contract of service with some reliable service provider, in which case the person may sign in to a system by means of a server of this sen/ice provider or the like. The system is based on that the person logs in with some user identifier and password determined by himself/herself. These are recommended to be selected as such that the identity of the person cannot be established on the basis of them. In practice, however, the person must determine in his/her own workstation the user settings agreed with the service provider, by means of which settings the workstation contacts the system. These user settings are thus not the same as the user identifier and password determined by the user. On the basis of the user set- tings, the system knows that this is a person who has the right to use the system. Thus, identifying data can also be collected of the person, or if some unreliable party gains access to the server, this data can be established and connected to the user identifier of the person in question. In addition, if a person wants to go on to browse services outside said closed data network, etc. at his/her workstation, the per-
son must in some cases reveal his/her identity, for example, in order to shop via the data network.
Summary of the invention
It is an aim of the present invention to provide a method and a system, by means of which it is possible to transmit feedback to persons anonymously. The invention is based on the idea that an analysis is performed in the feedback system of the service provider in order to establish which anonymous data of the anonymous identifier stored in the collection system are suitable for the selection criteria of the receiver of the feedback, in which case an impulse is formed for this kind of anonymous identifiers, which impulse is stored in the feedback system of the service provider. After this, when a person corresponding to said anonymous identifier, is connected via. a data processing device to the site of the service provider, it is detected in the feedback system that at least one impulse comprises data corresponding to the anonymous identifier of said user, in which case a feedback connected to the impulse is sent to the data processing device. A one-way search iden- tifier has been formed in the data processing device before transferring to the site, which identifier the feedback system compares to the anonymous identifiers connected to the impulses, so that the identity of the person is not revealed. One-way in this connection means that on the basis of an anonymous identifier, it is not in practice possible to establish the identification means the anonymous identifier or the anonymous search identifier is connected to. This kind of unique, oneway identifier can be formed by means of, for example, so-called hash functions. To put it more precisely, the method according to the present invention is primarily characterized in that in order to transmit feedback on the basis of said anonymous identifier, an impulse is determined for the person in the feedback system of the service provider on the basis of the anonymous data, to which impulse are attached feedback and data on one or more anonymous identifiers as the anonymous receivers of the feedback, in which case
- the person performs the input of a personal identifier to the terminal, where a one-way anonymous search identifier is formed of the personal identifier,
- a data transmission connection is formed from the terminal to the feedback system,
- an anonymous search identifier is transmitted to the feedback system,
- an impulse is searched in the feedback system, to which impulse data on the anonymous identifier is attached, which corresponds to said anonymous search identifier transmitted from the terminal, and
- the feedback attached to said impulse is sent from the feedback system to the terminal by using said data transfer connection.
The system according to the present invention is primarily charac- terized in that the system comprises:
- means for determining the impulse for the feedback system of the service provider on the basis of the anonymous data, to which impulse is arranged to be attached data on one of more anonymous identifiers as the anonymous receiver of the feedback, - in the terminal
- input means for inputting a personal identifier,
- calculation means for forming an anonymous search identifier on the basis of the input personal identifier,
- sending means for transmitting the anonymous identifier formed in the terminal to the feedback system, in which case the system in addition comprises
- search means for searching an anonymous identifier corresponding to the anonymous search identifier formed in the terminal from the impulses stored in the feedback system, and - sending means for transmitting the feedback attached to the searched impulse from the feedback system to the terminal.
The present invention shows remarkable advantages over solutions of prior art. The arrangement according to the invention enables trans- mitting feedback to a person without the danger of the identity of the person being revealed. Thus, the person can use his/her own identifier
means and it is still possible to collect data anonymously of the person's behaviour and to transmit feedback on the basis of anonymous data to such persons whose anonymous data comprises such one or more properties that meet the search criteria set for certain feedback at each time. In the solution according to the invention, having to select an anonymous identifier for a person is avoided. The person himself/herself does not have to invent an anonymous identifier for himself/herself either. The system according to the invention can be applied even in connection with already existing systems by using the al- ready existing identifier means by only making the necessary additions and modifications to the system. The invention enables, for example, advertising targeted according to person-specific properties, even if the identity of the person is not known to the system. Thus, the advantage of a system developed by store chains, organizations and other sen/ice providers for the system maintainer is greater, because the need for supplying different advertisements, bulletins, etc. to such persons who are not interested in them or who for some other reasons do not benefit from them, is decreased. This also decreases the operating costs of the system. The data security of an individual can be secured almost perfectly in the system.
The invention enables, among other things, an interactive anonymous data transmission connection between the store and the customer, with the actual shopping behaviour of the purchasers as the basis.
A person in connection with this invention does not necessarily refer to one physical person, but it can be a community, a family, an individual, a couple or some other unit.
In the following, the invention will be described in more detail with reference to the appended drawings, in which
Fig. 1 shows a system according to a preferred embodiment of the invention in a reduced chart,
Fig. 2 shows the collection device according to a preferred embodiment of the invention in a reduced block chart,
Fig. 3 shows an identification means used in the system according to an advantageous embodiment of the invention,
Fig. 4 shows the collection of data on the basis of an anonymous identifier used in the method according to an advantageous embodiment of the invention in a reduced chart,
Fig. 5 shows a method according to another advantageous embodiment of the invention in a reduced chart, in which method feedback is collected and the effect of bulletins is measured,
Fig. 6 shows the formation of an anonymous identifier and transmission of a message by using the anonymous identifier used in a method according to an advantageous embodiment of the invention in a reduced chart, and
Fig. 7 shows an arrangement for sending feedback to the user according to an advantageous embodiment of the invention in a reduced chart.
The system 1 according to Fig. 1 comprises advantageously at least a collection device 2, a processing device 3 and a data transmission channel 4 for transmitting the data formed on the basis of the data collected with the collection device 2 to the processing device 3. It is obvious that the system 1 of Fig. 1 is only one reduced example of the system where the method according to the invention can be applied. For example, there are typically several tens, hundreds or even thousands of collection devices 2 in one system. The data transmission channel 4 comprises a data network 4.1, such as a telecommunication network or the like, where data can be transferred between devices in a manner known as such. The data network can also comprise, for example, the Internet 4.2, in which case data can be transferred almost
unlimitedly irrespectively of where the collection devices 2 and the processing device 3 are located. It is also obvious that the number of processing devices 3 is also not limited only to one device, but there can be even several of them. However, data can be transmitted ad- vanfageously between different processing devices and one processing device can, if necessary, be determined as a device controlling the other processing devices.
In the following, the collection device 2 according to an advantageous embodiment of the invention presented in Fig. 2 will be described more in detail. It comprises a scanner 2.1 of the identification means for scanning the data of the person's identification means 5 to the collection device 2. The collection device 2 also comprises memory 2.2 for storing, at least temporarily, the different kinds of data required in the operation of the collection device and scanned from the identification means 5. In addition, the collection device 2 comprises a processor 2.3 for controlling the operation of the collection device. In addition, the collection device advantageously comprises a display 2.4 and one or more keyboards 2.5, 2.6 or a corresponding input device of data. In this embodiment, the collection device 2 is a cash register or the like, which comprises a first 2.5 and a second keyboard 2.6, as well as a scanner 2.7 for encoded data. With the first keyboard 2.5 the cashier can input data required in the sales event. In this example, the second keyboard 2.6 is mainly intended for the use of the customer, in which case the customer may, if necessary, input the PIN-code (Personal Identity Number) corresponding to their own identification means, in which case a separate written signature is not required. The scanner 2.7 of encoded data is, for example, a bar code scanner, a scanner for information stored in a magnetic form, or even a device capable of remote scanning, such as a scanner of the so-called RFID-identifiers. By using this scanner 2.7 for encoded data, the cashier can perform the scanning of the data of the items purchased by the customer into the collection device 2. It is possible that there are several different scanners 2.7 for encoded data in the collection device. The scanner 2.1 of the identi- fication means is, for example, a device suitable for scanning a smart card, a magnetic stripe card, and/or other corresponding identification
means. Devices suitable for remote scanning can also be used in this connection. In an advantageous embodiment, it is possible to use a mobile phone subscription card, i.e. a so-called SliVl card, as a person's identification means. Thus, transferring data can be performed e.g. via a mobile communication network (not shown), or via data transfer means (not shown) suitable for a wireless local data transfer, such as radio frequency or optical data transfer.
The collection device 2 also comprises data transfer means 2.8 for sending data from the collection device 2 via a data transfer network 4 to the processing device 3.
In the following, the operation of the method according to a preferred embodiment of the invention in a system of Fig. 1 will be described with reference to the chart shown in Fig. 4. A purchasing event is used here as an example of an event, where person-specific data is intended to be collected. Thus, a person, i.e. a customer, collects the items to be purchased in a store and after, this moves to the cash desk to pay for these items. It is assumed that the customer has an identification means 5, which is, for example, a credit card or a debit card, or a customer card for the store or store chain in question. In connection with the payment event, the customer gives the identification means to the cashier, who places the identification means 5 in the scanner 2.1 in order to scan at least part of the data stored in the identification means 5 to the collection device 2. When using remote scanning, the identification means does not need to be set into the scanner 2.1, but the scanning can be performed without handing the identification means 5 to the cashier.
The identification means comprises, for example, a number sequence (Fig. 3) or other identifier 6 identifying the identification means. The identifier 6 is scanned to the collection device 2 and stored in the memory 2.2 (block 401 in the chart of Fig. 4).
The cashier starts entering the shopping into the collection device 2, for example, by means of the first keyboard 2.5 and/or the scanner 2.7 of
encoded data. Price data can be stored in the cash system 7 of the store, in which case an identifier, amount, if necessary, weight or other unit of the purchased item is scanned into the collection device 2, on the basis of which the price is determined. The collection device 2 can determine a unit price from the cash system 7, in which case the total price of the purchased item can be calculated. When all the purchased items have been entered into the collection device, the total price of the purchases can be calculated and a receipt can be printed (block 402). The customer can carry out a payment either in cash or by using said identification means, if a function enabling the payment has been included in. If the identification means is used for payment as well, an identifier of the payer's identification means is sent from the collection device to the payment system 8 (block 403), as well as data on the total sum of the shopping. Thus, the payment is eventually debited from the customer's account, or an invoice is sent to the customer. In order to charge the payment event, identification data is therefore to be sent from the collection device, on the basis of which data the payer can be determined. This identification data is not, however, sent in the system to such a place where data on the customer's identity cannot be in- eluded. In the system according to Fig. 1, the processing device 3 is assumed to be this kind of a device, where statistic data or the like is collected, but person-specific data is not handled.
The collection device 2 can thus collect many kinds of data on the pur- chase events, in addition to price data. Thus, for example, establishing the storage situation substantially in real-time is possible. Also, estimating the sales of products in advance can become easier, the data on previous sales of the product can also be studied. In addition, by combining different kinds of data, it is possible to draw up shopping behaviour profiles, etc. When data from several collection devices 2 and over a relatively long time is collected in the processing device 3, it is possible to perform more exact statistic analysis on the basis of different kind of criteria.
As was already mentioned earlier in this description, collecting person- specific data is prohibited in some countries, and therefore according to
the present invention, the formation of an anonymous identifier 9 is performed on the basis of an identifier 6 scanned from the identification means 5 to the collection means 2 (Figs 3, 4 and 7). This anonymous identifier 9 is formed in such a manner that on the basis of it, it is in practice impossible or almost impossible to establish which identification means 5 is in question in the identifier 6. This kind of an anonymous identifier 9 can thus also be called a one-way identifier. The calculating method of the anonymous identifier is preferably such that each different identifier 6 gives as a result a different kind of an anonymous identifier 9, i.e. it is a unique anonymous identifier. In addition, in some cases it is advantageous that the number of the marks included in the anonymous identifier 9 is substantially the same, irrespective of the number of the marks in the identifier 6. One method for forming this kind of an anonymous identifier is the use of the so- called: hash functions. An input of the hash functions is the mark sequence of .the identifier 6,,and an anonymous identifier 9 is received as an output. This is illustrated by block 404 in the chart of Fig. 4. When the anonymous identifier 9 has been determined and the purchasing event carried out, the data collected of the purchasing event, apart from data enabling the identification of the purchaser, can be sent together with the anonymous identifier 9 to the processing device 3 (block 405). In the processing device 3, the collected data can be stored and used, for example, in carrying out statistic analyses. It has been possible in the processing device 3 to store such data of the per- sons connected as users of the system, which does not identify these persons, such as age, sex, place of residence, income level, wealth, hobbies, etc. This data has been stored advantageously at the stage when the person has made a contract with the maintainer of the system 1. For example, when a person gets a customer card for some chain of stores, the person can inform the above-mentioned data in the application form. Thus, an identification means 6 is determined in the system for the person and an anonymous identifier 9 is calculated. The anonymous identifier 9, as well as the non-identifying data on the person are stored in the system 1 , advantageously in the database 3.1 of the processing device 3. On the basis of this data it is thus not possible
to determine the identity of the person, but the data can be used in statistic analyses and other such procedures.
The identification data of a person is stored in some other database (not shown) of the store chain, in which case if is possible to send ord nary addressed customer mail via post. In the case that the identifi cation means 5 also comprises payment and/or credit features, ident tying data for this is to be stored in the payment system 8.
In the processing device 3, the stored and determined data can also be used in sending feedback, bulletins, advertisements, etc. to the person. This can be performed via several feedback channels 10, 12, such as portals in the Internet 4.2, wireless devices (mobile phones, portable computers, etc.), PDA devices (e.g. palm and notebook computers), channels enabled by digital TV, chip cards, etc.
A phase in the feedback formation is the formation of a so-called impulse. This impulse is. formed, for example, when the shopkeeper wants to send specified advertising to such persons, whose charac- teristic or characteristics fulfil the desired criteria, for example, age, wealth, hobbies, etc. In the feedback system 10, such as the processing device 3, a search profile or the like is formed on the basis of the desired criteria, which profile is compared to the anonymous data stored in the database of the processing device 3. When a record is found, where the criteria are fulfilled, data on the anonymous identifier of this record is set in connection with the impulse. This data is, for example, an anonymous identifier 9, i.e. the anonymous identifier 9 is copied to the impulse. When all the anonymous data or some limited group of anonymous data has been processed, the impulse contains data on the anonymous identifiers 9 of such persons, with whom the search criteria are fulfilled. Data on the feedback is also included in the impulse, such as an advertisement, which is meant to be brought to the attention of the target persons determined in the search. The transmission of the feedback attached to the impulse to the target persons takes place, for example, in the following manner. When some target person, for example, browses the website of a service provider in the
Internet 4.2 with his/her terminal, on which site a feedback mechanism is implemented, examination of the impulses is performed in the feedback system in order to determine whether an anonymous identifier corresponding to the person in question is attached to some impulse. Since the person's identity is to be kept unknown, an anonymous search identifier has been formed in the person's terminal 13, which is transmitted to the Internet 4.2 instead of the person's identifier 6. In order to form an anonymous search identity 9a, the person has performed login with, for example, his/her identification means 5, or by in- putting 701 (Fig. 7) an identifier in the identification means to the terminal 13, in which case the terminal 13 has calculated 702 an anonymous search identifier and uses that as the user identifier of the person instead of data identifying the person. An anonymous search identifier 9a is calculated, for example, by means of the same algorithm, hash function or the like, which is used in the calculation of the anonymous identifier 9 performed in connection with collecting data. Thus, the anonymous identifier 9 and. the anonymous search identifier 9a have the same content preferably only in that case that the input, i.e. the personal identifier is the same in both. It is, however, obvious that the anonymous identifier 9 and the anonymous search identifier 9a do not necessarily have to be completely identical before feedback is sent, but in order to send feedback it may be enough that, for example, a certain part of the anonymous search identifier 9a must be the same as in the anonymous identifier 9.
When the person moves to the homepage of the sen/ice provider, the terminal 13 sends 703 the anonymous search identifier 9a it has calculated to the server where the service provider's homepage is stored and from where the data on the homepage (site) has been sent to the terminal 13 to be presented to the person. After this, the data is transmitted, if necessary, to the processing device 3 (if the server and the processing device 13 are separate devices), in which case the processing device 3 or other suitable device of the service provider compares the anonymous search identifier of the person in question (user identifier) to the data in the impulses and when detecting an identifier that is suitable for the anonymous search identifier 9a in the
impulses, the processing device 3 can send 704 feedback connected to the impulse in question, such as a bulletin, advertisement, etc. to the person's terminal 13. Thus, the person receives data addressed exactly to him/her without endangering the person's identity at any stage. Sending feedback can be performed by using the same mechanism, with which data is sent from the sen ice provider's website to the person's terminal 13. This can be performed, for example, by using packet transmission mechanisms known as such and in use in, e.g., the Internet Thus, when the user browses the website of the service provider, a kind of a two-way data transfer connection (packet connection) is formed between the terminal 13 and the website, in which case transmitting data both ways is possible. It is obvious that the routing of packets is not, however, necessarily always the same, but different packets of even the same data transfer connection may be transmitted from the sender to the1 receiver through differentroutes. This, however, is not significant from the point of view of applying the present invention.
The above-presented is only one example of using the collected data for giving feedback, but it is obvious that the invention can be applied in several other fields as well and for transmitting very different kinds of data. It should also be mentioned that the impulse can also be made to be based on shopping behaviour. Thus, a profiling is performed on the basis of the actual shopping behaviour of a customer, which is used as a basis for personalizing a message directed to him/her individually to him/her. For example, the shopkeeper at a neighbourhood store can make special offers, and the person can receive data on this kind of special offers, for example, when browsing the Internet in the above- presented manner. The system according to the invention makes it possible to, for example, analyze the effect of advertising and other bulletins better and more accurately than in solutions according to prior art, because in the system according to the invention it is firstly possible to establish which anonymous identifiers the bulletin has been sent to, which anonymous identifier has read the bulletin, and which of this kind of anonymous bulletins have been used, for example, when purchasing the advertised product. Therefore, in the system it is pos-
sible to receive feedback and on the basis of this feedback to change, if necessary, the bulletins/bulletin policy and to further monitor the effect of the changes. Thus, in the system according to the invention if is possible to apply the principle of a kind of a continuous loop, where the impulse creates a feedback, which further creates a correction movement, if necessary, which creates a new feedback, etc.
The method applying the above-mentioned procedure is presented in Fig. 5 in a reduced chart. The method is composed of different phases, which are described briefly in the following. A bulletin is determined (e.g. a commercial bulletin) and a suitable group of receivers is selected for it (phase 501 in Fig. 5). Some criterion sensible from the point of view of the bulletin is used in selecting the group of receivers, such as the possible special diets (celiac disease, lactose intolerance, etc.). This data is collected, for example,; when a person has applied for a membership card or the like, in which case the anonymous identifier can be formed, for example, on the basis of the membership card number. Data can also be collected in such a manner that data on the shopping behaviour of a person, i.e. data connected to purchase, and/or other data is collected and profiled anonymous identifier -specifically. A combination of several methods can also be used in collecting data. Irrespective of the collection manner, the data is stored in connection with the anonymous identifier in such a manner that it is not possible to identify the person in question on the basis of them. In the next phase 502, the message is sent to the selected receiver group, e.g., via e-mail, or a link or the like is set on the www-page of the company, via which a person in the selected group is offered an opportunity to familiarize with the bulletin (503). A monitoring time is also determined for the bulletin, in which case after this time has passed, it is examined how many persons of the selected receiver group have received the bulletin and familiarized with it. On the basis of this, it is possible to conclude the effectiveness of the receipt of the bulletin, i.e. the so-called cover. In addition, in the method it is monitored how the effect of the bulletin is realized into purchasing events 504. Data col- lected of the purchasing events is stored in a database, in which case it is possible to examine in the database how many persons who have
read the bulletin have also purchased the product concerned. On the basis of this, it is possible to conclude the effect of the bulletin and, if necessary, to perform corrective procedures in order to increase the effect of the bulletin 505.
From the point of view of the above-described measuring action, it is advantageous that a sufficient database has been collected of a group of persons, such as customers, on the basis of their shopping behaviour. Data on a purchasing event is attached to an anonymous indi- vidual, not the entire group. Thus, it is possible to perform profiling for the individual being examined in order to form a desired, strictly limited and quantitatively restricted group. The bulletin being formed must correlate with the profiling largely enough, where the effect of random factors can be decreased into small enough.
The invention makes complete anonymity possible with great certainty. The identity of the person is not known; It is not known whether the person subject is a community, a family, an individual, a couple or some other unit. This results in that it is not possible to know the age, sex, profession or any other factor identifying the person demographi- cally or socially. The person subject has only an identifying identifier. Anyone who knows the identifier 6 or the anonymous identifier 9 and the password can use the system and act as a subject. Logging in as a user of the system does not assume any background data of the user. Logging in as a user as such creates the required interactive relationship.
In the solution according to the invention, receiving a more trustworthy customer feedback or the like is more certain, because feedback can be given anonymously. Thus, the identity of the person giving feedback is not revealed, in which case, in some cases, more feedback is given and more truthfully.
Fig. 6 further presents a chart of an example of transmitting a message by means of an anonymous identifier. In phase 601, a personal identifier (identification card -specific) is scanned from the identification card
or input, e.g. with a keyboard. On the basis of this, in phase 602, an anonymous identifier is calculated, e.g. in the collection device 2, a computer terminal or the like. If the user wants to send a message to the system, for example to a shopkeeper, he/she can now do that by means of the anonymous identifier (phase 603). It is also possible to send a message from the system to the user on the basis of this anonymous identifier (phase 604).
In the following, some properties of the system and the concepts con- nected to them are described.
Operation-oriented interactive profiling
Operation-oriented interactive profiling refers to the profiling of the per- son-specific properties of a unit (user unit, user subject) involved in the system in an interactive relationship. Thus, the profiling of the user at point t-1 (t minus 1) is known, and of this is formed a qualitative or statistic quantitative classification (factoring, clustering, etc.). On the basis of this classification, it is possible to perform an effect testing, where the users are informed of new possibilities in a form of a test setting or a simpler setting. This results in a change of behaviour to time unit to. The change of behaviour between t-1 and to can be measured in profile classes. The effect of information on the behaviour can be calculated within the limitations of the setting, in which case it is possible to conclude which information produces which change in each profile class.
Profiling method with gearing effect
The operation-oriented profiling calculation produces data on which information operates as the gearing of the operation in the entire basic group, as well as in each category. The analysis can be developed by calculating the gearing effect vice versa as well, i.e. by grouping the classes of the power effects of different gearings in the basic subject matter, i.e. the basic group can be classified again on the basis of the gearing effects into different effect classes, i.e. effect segments. Thus,
the gearing class can be set as the target of the next setting, i.e. the basic group is structured to gearing classes and the testing is performed in relation to gearing classes with the gearing behaviour at time fO, the distribution of new information at time to, behaviour at time t1 as the basis. The validity of the gearing classes as sfrucfurers of operation can be concluded from this.
The protection of identity, information channelling and information transmission in an interactive relationship
Operation-oriented profiling leads to the classification of user units purely on the basis of operation, in which case the identification of the user unit can be performed purely on the basis of the anonymous identifier 9. The anonymous identifier, in turn, operates as a connection means. It can be used as an absolute anonymity, in which case anyone who contacts the system with a certain ahonyrhous identifier receives treatment, according to the profiling, which is completely independent of the user's personal data, if it even. exists in the case of a group, and the system does not even assume the registering of any data like this. The only data that is required is the identification of the feedback channel given by the user, which can be a real-time absolute anonymous identifier used on the Internet, a post office box used for mailing, Poste Restante, any e-mail address, a general mailing address of an office, a pseudonym, the address of some contact person, address of the parents, the person's own address, a pickup place for post, an SMS number, or some new anonymous transmission mechanism.
Gearing effect as the core of operation control
Gearing effect analysis leads to anonymous interaction, where the gearing effect controls operation. The commitment to the identity that confirms the gearing effect makes the gearing analysis a manner to parse the product selection and its renewal in such a manner that a part of the users are unbending and committed to their traditions, part require changes, part something else. The method makes it possible to attach an anonymous identifier to the gearing class of the user. The
gearing class can also be contentual in such a manner that it comprises some issue, such as vegetarianism, meat, fish, natural product, etc. This can be specified with some additional conditions, such as diabetic diet, celiac disease, etc. combined with the gearing class. Thus, in interaction, for example, a change-eager vegetarian is informed, a traditional consumer is informed of a coffee offer, or a renewal -eager steak purchaser is informed of a marinated marbled fillet. The idea is to know whether some anonymous identifier can be triggered with some target of interest of the anonymous identifier, and what that target is.
Commitment
An interactive relationship changes into customership, because the users receive their own focused feedback from the system. Similarly, a change in the situation, such as marriage, divorce, moving, etc. appears indirectly in operation, and thus the profile and gearing category change. Unnecessary data is quickly eliminated in a few time units; the correction performed by. -the system takes place. Feedback cannot be received from anywhere else. Additional value services can be added to commitment, which services are received only via an anonymous identifier.
Economy of advertising
Advertising is focused and it becomes permanently adjusted with the situation. The system controls the information flow target-specifically in an economic manner. Unnecessary information flow is interrupted when the feedback is negative over a certain time period. Qualitative and useful information flow grows stronger.
There are also several other application fields for the invention besides the ones presented above. For example, voting can be carried out in the system according to the invention without endangering the secrecy of voting. The persons entitled to vote can, for example, be sent a bul- letin about their right to vote in an election. This bulletin can include an individual identifier. When a person goes to a polling station, his/her
identity is normally checked, after which he/she can vote. By applying this invention, voting can now be performed in such a manner that a person inputs their individual identifier to an input device at the actual polling station, or some computer terminal or the like. The calculation of an anonymous identifier and a transmission to a server monitoring the voting is performed in the device. Data on the anonymous identifiers are stored in connection with the server, in which case by comparing the anonymous identifier calculated and transmitted by the device to the stored identifiers it is determined whether the person has the right to vote and whether he/she has already possibly voted. If the voting event is accepted, data on that the right to vote for this identifier has already been used in this voting event is stored in connection with the anonymous identifier in question.
It will be obvious that the present invention is. not limited solely to the above-presented embodiments but it can be modified within the scope of the appended claims.