Embodiments of the invention relate to a system and method for conducting anonymous two-way communication between separate electronic systems.
There are many situations in which an observer may witness an event, condition, or activity that the observer believes could be of interest to someone else, but the observer may feel uncomfortable in disclosing information because of a perceived or real risk in being identified as the one who sent the information. For example, an employee may observe an unsafe working condition, but feels that his job would be threatened if he reported the condition to company management or to a government agency. Or, a person may witness a suspicious transaction on a street, but may hesitate to report the incident to a law enforcement agency out of fear that the persons involved in the transaction will seek retribution or take other undesirable action. Another example is a college student who is concerned about a roommate's remarks about harming himself or someone else, but who may not be sure if the roommate intends to act and or who may not want to be recognized as having reported remarks made in confidence.
From the point of view of an organization involved in law enforcement, security, emergency response, consumer relations, loss prevention, medical assistance or intervention, or other organizations whose function is to interact with members of a community or other identifiable group, information is most valuable when it is new. It may therefore be in an organization's interest to encourage prompt disclosure of information from the community with which it interacts, for example to address a hazardous, undesirable, or potentially illegal situation before it develops into something worse. Furthermore, disclosed information needs to be assessed for urgency and reliability and correlated with other related information to build as complete a picture of a situation as possible before deciding on a course of action.
Systems and methods for collecting information from observers who wish to remain anonymous are known. For example, a tip hotline may be used to receive phone calls about suspicious activity, potential regulatory violations, feedback from customers, and so on. Or, interested observers may be able to submit information on a page in an Internet web site or by sending a text message from a cell phone. However, a person submitting information by such means may not feel confident that her identity will be protected. For example, in the case of a web site for reporting security problems, a person may feel concern that his identity may be revealed by backtracking IP addresses from the web site to his computer or smart phone. Or, a person may feel that she does not want to be observed making a telephone call in view of the person whose activity she is reporting.
Systems known in the art for receiving information by text messages sent in accord with Simple Message System (SMS) or Multimedia Messaging System (MMS) protocols may lose information sent in a text message if the receiving system is not available for receiving messages, is overwhelmed by too many incoming messages, or if there is a communications fault in the cellular telephone network. For example, information contained in text messages sent in response to observations of an unsafe condition at a sporting event may be lost if many people attempt to send text messages to a security office at the same time.
Systems known in the art for receiving information by voice message or email may suffer from slow response by the intended recipients of information sent by an observer. Voice mail systems must be accessed to hear messages from observers. Email inboxes must be accessed to see messages sent by observers. There may be a relatively long delay from the time an observer sends information until the intended recipient checks for messages. Furthermore, the observer may have to wait a relatively long time to receive feedback on his information, for example an acknowledgement that a message was viewed by a person who could take action on the message's contents or a reply informing the observer of action to be taken by the recipient. Systems known in the art generally have such long time intervals between the submission of information by an observer, evaluation of the information by a recipient, and feedback to the observer, that real-time two-way communications are impractical. Some systems known in the art require a user at an organization to access information submitted by observers from a computer, making it difficult for a person in the field, for example a law enforcement officer driving a vehicle, to interact promptly with an observer, such as requesting additional information from the observer.
What is needed is a system and method for anonymous two-way communication that protects the identities of a party sending the information and a party receiving the information. What is further needed is a system and method that reliably transmits information between parties without losing the information. What is also needed is a system and method that enables anonymous two-way communication in approximately real time.
Some embodiments of a system and a method for two-way anonymous communication comprise a server adapted for communication over the Internet with a first electronic device operated by a user and a second electronic device operated by an observer. The server assigns a first alias to the first electronic device, replacing identifying address information in messages sent from the first electronic device with the first alias. The server also assigns a second alias to the second electronic device, replacing identifying address information in messages sent from the second electronic device with the second alias. A user of the first electronic device is therefore unable to see identifying address information for the second electronic device in messages sent to the first alias from the second electronic device. Likewise, a user of the second electronic device is unable to see identifying address information from the first electronic device in messages sent to the second alias from the first electronic device.
Some embodiments of the invention are adapted to send and receive SMS and MMS messages from cell phones, personal digital assistants (PDAs), and similar communication-enabled portable devices. SMS and MMS messages are converted to email format to take advantage of the capacity of the Internet to rapidly and reliably deliver large volumes of email.
Some embodiments of the invention include an administrator console for selectively interacting with the server. The administrator console may optionally be used to specify an electronic device to be used for notification of a user that an anonymous message has been received from an observer. The administrator console may also optionally be used to assign trust levels to an alias corresponding to a selected observer, and to process messages differently according to the assigned trust level. The administrator console may further be used to exchange messages with an alias corresponding to a selected observer, to assign classification categories for anonymous messages received from one or more observers or for messages related to different events or activities, and to display and count messages by selected classification category.
Some embodiments of the invention comprise a product comprising a computer readable media for managing anonymous two-way communication. Other embodiments of the invention comprise steps in a method for anonymous two-way communication between at least two electronic devices, for preventing identifiable address information from a selected electronic device from being transmitted to another selected electronic device.
This section summarizes some features of the embodiments of the invention. These and other features, aspects, and advantages will become better understood with regard to the following description and upon reference to the following drawings, wherein:
Embodiments of the invention include a system and a method for anonymous two-way communication between two or more electronic devices. Embodiments of the invention are advantageous for collecting information from observers who may wish to protect themselves by concealing their identities. Other advantages of an anonymous two-way communication system and method in accord with an embodiment of the invention include sending and receiving anonymous SMS or MMS messages from a cell phone with a low risk of the message being lost en route to its intended recipient, assignment of classification categories to messages, events, activities, and observers of interest to a particular organization, and capacity for receiving a large number of messages related to an incident or activity reported approximately simultaneously by many different observers.
Examples disclosed herein generally refer to communications between two different electronic devices, each device operated by a different person or persons. It will be appreciated after reading the following disclosure that embodiments of the invention are readily adaptable to two-way communication between more than two electronic devices interacting with respect to a single incident, hazard, activity, or other set of related observations, or for sending and receiving messages related to many separate incidents, activities, etc. In examples to follow, a reference to a user is representative of a person in an organization who desires to solicit and collect information, for example, but not limited to, a law enforcement agency, a security agency, an educational institution, a retail store, and so on. In general, a user is someone who has access to an administrator console that is part of an embodiment of the invention. A reference to an observer is representative of a person who wishes to report information that may be of interest to a user, for example, but not limited to, a student at a university, an employee of a company, a customer at a retail store, or a resident of a community. In general, an observer may choose to interact with an embodiment of the invention through an electronic device operated by the observer in order to send information to a selected user without either party being able to learn identifying address information about the other from the message's source and destination addresses.
For purposes of description herein, identifying address information refers to a telephone number, for example a cell phone number, a phone number for service provided by the Public Switched Telephone Network (PSTN) or through Voice Over Internet Protocol (VOIP), an email address, an Internet address, a short code corresponding to a phone number, or similar identifying information that is appended to a message to be sent through a wireless or wired communication system for the purpose of identifying the origin and destination of the message. Identifying address information is not intended to refer to information which an observer or user deliberately inserts into the body of a message, or information in an attachment to a message, such as a person's name, a building address, a vehicle license plate number, and so on, either visible in a photograph or other media attached to a message or included in a document attached to a message.
An example of an apparatus in accord with an embodiment of the invention is shown in
Messages on the input connection 102 are received into an incoming email box 202 in the server 200. A message received from an observer is placed into an inbox reserved for a selected user according to address information supplied in the destination portion of the received message. Email messages are then sent to a database parser 204, which separates a received message into parts and enters the separated parts into a database 208 on a mass storage device 206 comprising computer-readable media 220. Some of the actions performed by the database parser 204 include separating the sender's address and recipient's address from the body of the message, and putting these parts into a database record for the message.
The database 208 includes identifying address information for electronic devices communicating with each other through the server 200. A messaging management system 210 performs encryption of data to be stored in the database 208 on the mass storage device 206, in order to make it difficult to access identifying address information in the event of unauthorized access of the database. Encrypted data to be retrieved from the database 208 is decrypted by the messaging management system 210. Data encryption and decryption is performed by an encryption/decryption module 212 in the messaging management system 210.
A unique alias is assigned to each user's administration console 304. A unique alias may optionally be assigned to another electronic device controlled by a user, for example a cell phone adapted for sending and receiving SMS or MMS messages. A user may optionally specify through the user's administration console 304 whether email messages sent from the server 200 are sent only to the user's administration console or are sent to the administration console as email and to another electronic device as SMS or MMS messages.
The messaging management system 210 also includes an anonymizer module 214 for forming anonymous messages from incoming messages containing identifying address information. The anonymizer module 214 assigns a unique alias to a first message received from an electronic system under control of an observer. Subsequent communications with the observer's electronic system refer to the same alias. An outgoing message from the server 200 passes through the anonymizer module 214, where identifying address information related to the intended recipient is substituted for an alias entered by the message's sender. After the recipient's identifying address information is entered into the message, the message is transferred to an outgoing email box 218. From there, the email message, which contains identifying information for the recipient and an alias for the sender, passes through an output connection 104 from the server 200 and then to the Internet. The outgoing message is then delivered to the observer's electronic device.
The server 200 inputs and outputs email messages on its Internet connections (102, 104). A message from a cell phone will be in SMS, or optionally MMS, format. An SMS message sent from an electronic device to the server 200 will be converted to an email message by a cellular telephone service provider. For example, an SMS message from an observer's electronic device, represented by electronic device 2310 in
Messages which pass through the anonymizer 214 are referred to herein as anonymous messages because an electronic device from which a message originates uses an alias as a destination address instead of identifying address information. Identifying address information for the intended recipient of a message is not known to the sender. Similarly, the sender's identifying address information is not known to the recipient, who instead sees the sender's alias, inserted in the message by the anonymizer 214 in the messaging management system 214. Two-way communication between a user and an observer with substitutions of aliases for identifying address information as described herein are therefore referred to as anonymous two-way communication.
It is an object of the embodiments of the invention for anonymous two-way communication to operate in approximately real time. As used in reference to embodiments of the invention, approximately real time two way communication refers to a time interval for completion of actions performed by a two-way anonymous communication system that is less than an amount of time for a person to compose a representative text message on a cell phone.
Some embodiments of the invention comprise steps in a method for anonymous two-way communication.
The example of a method begins with step 500, wherein for each subsequent step in which information is stored in a server, encrypting information received by the server before storing the information in the server.
Next, in step 502, for each subsequent step in which information is stored in the server, storing the encrypted information on a mass storage device in the server.
Next, in step 504, for each subsequent step in which information is retrieved from storage in the server, decrypting information retrieved by the server from the mass storage device in the server.
Next, in step 506, assigning in the server a first alias to a first identifying address for a first electronic device and storing the first identifying address and first alias.
At step 508, the method continues by sending a message addressed to the first alias from a second electronic device to the server.
At step 510, the message addressed to the first alias is received into an email inbox on the server for the first electronic device and storing the message.
At step 512, continue by assigning in the server a second alias to a second identifying address for the second electronic device and storing the second alias and second identifying address.
Next, at step 514, an anonymous message is formed in the server by replacing the second identifying address with the second alias in the message addressed to the first alias and storing the anonymous message.
Next, at step 516, prior to sending the anonymous message, the anonymous message is modified by replacing the first alias with the first identifying address.
At step 518, the method continues by sending the modified anonymous message from the server to the first electronic device at the first identifying address.
At step 520, the server automatically sends an acknowledgment message to the second alias and thence to the second identifying address in response to receipt of a message on the server of a message addressed to the first alias from the second electronic device.
At step 522, a notification message is automatically sent from the server to the first alias, corresponding to the first electronic device, when a message addressed to the first alias has been received by the server from the second electronic device.
At step 524, the method includes the optional step of defining classification categories for sorting messages into related groups.
At step 526, the method includes the optional step of automatically presenting on an administrator console messages sorted into classification categories.
At step 528, the method includes the optional step of automatically counting a number of messages in each classification category.
At step 530, a trust level is optionally assigned to the second alias.
At step 532, messages are selectively sent from the server to the first and second electronic devices according to the trust level assigned to the second alias.
At step 534, the server awaits receipt of a next message from either the first electronic device or the second electronic device.
One will appreciate that many alternative embodiments of a method in accord with an embodiment of the invention may be created by performing steps selected from the preceding example in different sequential combinations.
Unless expressly stated otherwise herein, ordinary terms have their corresponding ordinary meanings within the respective contexts of their presentations, and ordinary terms of art have their corresponding regular meanings.
This application claims the benefit of U.S. Provisional Application No. 61/203,239, filed Dec. 22, 2008 and incorporated herein in its entirety.
Number | Date | Country | |
---|---|---|---|
61203239 | Dec 2008 | US |