Zero-knowledge environment based social networking engine
First Claim
1. A computer-implemented method performed by a network engine comprising:
- receiving, at the network engine and from a first application instance installed at a first communication device that is associated with a first software container related to a first user identity, data indicating a request for healthcare related network data relating to a second user identity included in a second software container, wherein each of the first software container and the second software container is an independent server virtualization instance stored at the network engine that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance, and wherein the request comprises at least (i) a first network address uniquely identifying the first software container, and (ii) a second network address uniquely identifying the second software container;
accessing configuration data that specifies pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers, wherein the pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers are specified by data received at the network engine from a second application instance installed at a second communication device that is associated with the second software container, and wherein the pre-determined publish-and-subscribe relationships indicate one or more software containers that are permitted to receive healthcare related network data relating to the second user identity included in the second software container or one or more software containers that are permitted to transmit healthcare related network data relating to user identities to the second software container;
determining that the configuration data specifies a pre-determined publish-and-subscribe relationship between the second software container and the first software container that permits healthcare related network data relating to the second user identity included in the second software container to be transmitted to the first software container;
identifying, at a key management module and from a set of encryption key pairs that each correspond to a different pre-determined publish-and-subscribe relationship between software containers, an encryption key pair corresponding to the pre-determined publish-and-subscribe relationship between the second software container and the first software container;
providing, from the key management module, (i) a first key of the encryption key pair to the first application instance and (ii) a second key of the encryption key pair to the second application instance;
receiving, at the network engine and from the second application instance, encrypted healthcare related network data corresponding to the healthcare related network data relating to the second user identity included in the second software container that has been encrypted using the second key of the encryption key pair; and
in response to receiving the encrypted healthcare related network data, transmitting the encrypted healthcare related network data to the first software container.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus are described providing social networking engines. Specifically, the present specification relates to a method for implementing software containers implementing social network engines that may be configured to act in a zero-knowledge environment. In such implementations, all information pertaining to the social network engine associated with a user that is stored in the container is solely that of a user unless explicitly shared by the user. In some implementations, the containers may be configured to participate in a publish-and-subscribe network in order to share information. In addition, the containers may be provisioned with controls so that global operators may comply with local privacy rules.
-
Citations
20 Claims
-
1. A computer-implemented method performed by a network engine comprising:
-
receiving, at the network engine and from a first application instance installed at a first communication device that is associated with a first software container related to a first user identity, data indicating a request for healthcare related network data relating to a second user identity included in a second software container, wherein each of the first software container and the second software container is an independent server virtualization instance stored at the network engine that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance, and wherein the request comprises at least (i) a first network address uniquely identifying the first software container, and (ii) a second network address uniquely identifying the second software container; accessing configuration data that specifies pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers, wherein the pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers are specified by data received at the network engine from a second application instance installed at a second communication device that is associated with the second software container, and wherein the pre-determined publish-and-subscribe relationships indicate one or more software containers that are permitted to receive healthcare related network data relating to the second user identity included in the second software container or one or more software containers that are permitted to transmit healthcare related network data relating to user identities to the second software container; determining that the configuration data specifies a pre-determined publish-and-subscribe relationship between the second software container and the first software container that permits healthcare related network data relating to the second user identity included in the second software container to be transmitted to the first software container; identifying, at a key management module and from a set of encryption key pairs that each correspond to a different pre-determined publish-and-subscribe relationship between software containers, an encryption key pair corresponding to the pre-determined publish-and-subscribe relationship between the second software container and the first software container; providing, from the key management module, (i) a first key of the encryption key pair to the first application instance and (ii) a second key of the encryption key pair to the second application instance; receiving, at the network engine and from the second application instance, encrypted healthcare related network data corresponding to the healthcare related network data relating to the second user identity included in the second software container that has been encrypted using the second key of the encryption key pair; and in response to receiving the encrypted healthcare related network data, transmitting the encrypted healthcare related network data to the first software container. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for exchanging healthcare related network data, the system comprising:
one or more processors and one or more memories storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; receiving, at the network engine and from a first application instance installed at a first communication device that is associated with a first software container related to a first user identity, data indicating a request for healthcare related network data relating to a second user identity included in a second software container, wherein each of the first software container and the second software container is an independent server virtualization instance stored at the network engine that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance, and wherein the request comprises at least (i) a first network address uniquely identifying the first software container, and (ii) a second network address uniquely identifying the second software container; accessing configuration data that specifies pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers, wherein the pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers are specified by data received at the network engine from a second application instance installed at a second communication device that is associated with the second software container, and wherein the pre-determined publish-and-subscribe relationships indicate one or more software containers that are permitted to receive healthcare related network data relating to the second user identity included in the second software container or one or more software containers that are permitted to transmit healthcare related network data relating to user identities to the second software container; determining that the configuration data specifies a pre-determined publish-and-subscribe relationship between the second software container and the first software container that permits healthcare related network data relating to the second user identity included in the second software container to be transmitted to the first software container; identifying, at a key management module and from a set of encryption key pairs that each correspond to a different pre-determined publish-and-subscribe relationship between software containers, an encryption key pair corresponding to the pre-determined publish-and-subscribe relationship between the second software container and the first software container; providing, from the key management module, (i) a first key of the encryption key pair to the first application instance and (ii) a second key of the encryption key pair to the second application instance; receiving, at the network engine and from the second application instance, encrypted healthcare related network data corresponding to the healthcare related network data relating to the second user identity included in the second software container that has been encrypted using the second key of the encryption key pair; and in response to receiving the encrypted healthcare related network data, transmitting the encrypted healthcare related network data to the first software container. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
20. A non-transitory computer-readable storage medium encoded with a computer program for exchanging healthcare related network data, the computer program comprising instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising:
-
receiving, at the network engine and from a first application instance installed at a first communication device that is associated with a first software container related to a first user identity, data indicating a request for healthcare related network data relating to a second user identity included in a second software container, wherein each of the first software container and the second software container is an independent server virtualization instance stored at the network engine that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance, and wherein the request comprises at least (i) a first network address uniquely identifying the first software container, and (ii) a second network address uniquely identifying the second software container; accessing configuration data that specifies pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers, wherein the pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers are specified by data received at the network engine from a second application instance installed at a second communication device that is associated with the second software container, and wherein the pre-determined publish-and-subscribe relationships indicate one or more software containers that are permitted to receive healthcare related network data relating to the second user identity included in the second software container or one or more software containers that are permitted to transmit healthcare related network data relating to user identities to the second software container; determining that the configuration data specifies a pre-determined publish-and-subscribe relationship between the second software container and the first software container that permits healthcare related network data relating to the second user identity included in the second software container to be transmitted to the first software container; identifying, at a key management module and from a set of encryption key pairs that each correspond to a different pre-determined publish-and-subscribe relationship between software containers, an encryption key pair corresponding to the pre-determined publish-and-subscribe relationship between the second software container and the first software container; providing, from the key management module, (i) a first key of the encryption key pair to the first application instance and (ii) a second key of the encryption key pair to the second application instance; receiving, at the network engine and from the second application instance, encrypted healthcare related network data corresponding to the healthcare related network data relating to the second user identity included in the second software container that has been encrypted using the second key of the encryption key pair; and in response to receiving the encrypted healthcare related network data, transmitting the encrypted healthcare related network data to the first software container.
-
Specification