Secure service matching

US 10,148,624 B2
Filed: 09/25/2015
Issued: 12/04/2018
Est. Priority Date: 09/25/2015
Status: Active Grant

First Claim

Patent Images

1. A computing apparatus to provide brokering between a vendor and a consumer for purchasing a service or item for sale, comprising:

a hardware platform comprising one or more logic elements;

a local context store comprising availability parameters including pre-defined descriptors of the vendor'"'"'s availability to sell the service or the item;

a service data store comprising data on the vendor'"'"'s preferences for servicing requests for which the vendor is available;

a flow processor engine to run on the hardware platform and to determine availability of the vendor to sell the service or the item; and

a trusted execution environment (TEE) including a service selection engine configured to;

receive from the flow processor engine an encrypted payload comprising a request from the consumer to purchase the service or the item, including private information about the consumer necessary to complete the purchase;

receive from the flow processor engine availability parameters of the local context store, and service data relevant to the request;

determine, based on the availability parameters and service data, that the vendor is available to sell the service or the item;

receive vendor preferences from the service data store, and determine from the vendor preferences that the vendor is willing to sell the service or the item; and

provide a notification of satisfaction to the flow processor engine without fully exposing the consumer'"'"'s private information outside of the TEE.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, there is disclosed a computing apparatus having one or more logic elements forming a non-encrypted flow processor engine; and one or more logic elements forming a service selection engine, wherein the one or more logic elements include a trusted execution environment (TEE), and wherein the service selection engine is operable to; receive from the flow processor engine an encrypted payload; determine that the encrypted payload satisfies at least one selection criterion; and provide a notification of satisfaction to the flow engine. There is further disclosed a method of performing the operations disclosed, and one or more computer-readable mediums having stored thereon executable instructions to perform the method.

10 Citations

23 Claims

1. A computing apparatus to provide brokering between a vendor and a consumer for purchasing a service or item for sale, comprising:
- a hardware platform comprising one or more logic elements;
  
  a local context store comprising availability parameters including pre-defined descriptors of the vendor'"'"'s availability to sell the service or the item;
  
  a service data store comprising data on the vendor'"'"'s preferences for servicing requests for which the vendor is available;
  
  a flow processor engine to run on the hardware platform and to determine availability of the vendor to sell the service or the item; and
  
  a trusted execution environment (TEE) including a service selection engine configured to;
  
  receive from the flow processor engine an encrypted payload comprising a request from the consumer to purchase the service or the item, including private information about the consumer necessary to complete the purchase;
  
  receive from the flow processor engine availability parameters of the local context store, and service data relevant to the request;
  
  determine, based on the availability parameters and service data, that the vendor is available to sell the service or the item;
  
  receive vendor preferences from the service data store, and determine from the vendor preferences that the vendor is willing to sell the service or the item; and
  
  provide a notification of satisfaction to the flow processor engine without fully exposing the consumer'"'"'s private information outside of the TEE.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computing apparatus of claim 1, wherein the request from the consumer comprises sensitive user data for the consumer providing the request.
  - 3. The computing apparatus of claim 2, wherein the service selection engine is further operable to:
    - receive a selection notification from the flow processor engine, the selection notification to indicate that the consumer selected a vendor to service the request from the consumer.
  - 4. The computing apparatus of claim 1, wherein the TEE is operable to provide an integrity verification token.
  - 5. The computing apparatus of claim 1, wherein the flow processor engine is further operable to:
    - receive sensitive user data for a user of the computing apparatus;
      
      encrypt the sensitive user data into an encrypted request; and
      
      send the encrypted request via a communicator; and
      
      wherein the encrypted payload is a service availability notification.
  - 6. The computing apparatus of claim 5, wherein the notification of satisfaction is a match notification to notify a service provider that it has been selected to service the encrypted request.
  - 7. The computing apparatus of claim 6, wherein the service selection engine is operable to determine that the service availability notification satisfies at least one selection criterion.
  - 8. The computing apparatus of claim 7, wherein the service selection engine is operable to receive a plurality of service availability notifications, and wherein determining that the encrypted payload satisfies at least one selection criterion comprises determining that a first service availability notification selected from among the plurality of service availability notifications best satisfies the at least one selection criterion.
  - 9. The computing apparatus of claim 1, wherein the TEE further comprises a key store, and wherein the service selection engine is further operable to decrypt the encrypted payload via the key store.
  - 10. The computing apparatus of claim 9, wherein the encrypted payload comprises sensitive user data.
  - 11. The computing apparatus of claim 1, wherein the service selection engine is operable to provide the notification of satisfaction without exposing the encrypted payload outside of the trusted execution engine.
  - 12. The computing apparatus of claim 11, wherein the service selection engine is further operable to receive at least one feedback related to the notification of satisfaction and to provide a selection update to the service selection engine based at least in part on the feedback.

13. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to provide brokering between a vendor and a consumer for purchasing a service or item for sale, wherein the instructions are to instruct a processor to:
- provide a local context store comprising availability parameters including pre-defined descriptors of the vendor'"'"'s availability to sell the service or the item;
  
  provide a service data store comprising data on the vendor'"'"'s preferences for servicing requests for which the vendor is available;
  
  provide a flow processor engine to determine availability of a vendor to sell the service or the item;
  
  provide a service selection engine, wherein the service selection engine is configured to be provided in a trusted execution environment (TEE), and wherein the service selection engine is configured to;
  
  receive from the flow processor engine an encrypted payload comprising a request from the consumer to purchase the service or the item, including private information about the consumer necessary to complete the purchase;
  
  receive from the flow processor engine availability parameters of the local context store, and service data relevant to the request;
  
  determine, based on the availability parameters and service data, that the vendor is available to sell the service or the item;
  
  receive vendor preferences from the service data store, and determine from the vendor preferences that the vendor is willing to sell the service or the item; and
  
  provide a notification of satisfaction to the flow processor engine without fully exposing the consumer'"'"'s private information outside of the TEE.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The one or more tangible, non-transitory computer-readable mediums of claim 13, wherein the request from the consumer comprises sensitive user data for the consumer providing the request.
  - 15. The one or more tangible, non-transitory computer-readable mediums of claim 14, wherein the service selection engine is further operable to:
    - receive a selection notification from the flow processor engine, the selection notification to indicate that the consumer selected a vendor to service the request from the consumer.
  - 16. The one or more tangible, non-transitory computer-readable mediums of claim 13, wherein the flow processor engine is further operable to:
    - receive sensitive user data for a user of the computing apparatus;
      
      encrypt the sensitive user data into an encrypted request; and
      
      send the encrypted request via a communicator; and
      
      wherein the encrypted payload is a service availability notification.
  - 17. The one or more tangible, non-transitory computer-readable mediums of claim 16, wherein the notification of satisfaction is a match notification to notify a service provider that it has been selected to service the encrypted request.
  - 18. The one or more tangible, non-transitory computer-readable mediums of claim 17, wherein the service selection engine is operable to receive a plurality of service availability notifications, and wherein determining that the encrypted payload satisfies at least one selection criterion comprises determining that a first service availability notification selected from among the plurality of service availability notifications best satisfies the at least one selection criterion.
  - 19. The one or more tangible, non-transitory computer-readable mediums of claim 13, wherein the TEE further comprises a key store, and wherein the service selection engine is further operable to decrypt the encrypted payload via the key store.
  - 20. The one or more tangible, non-transitory computer-readable mediums of claim 19, wherein the encrypted payload comprises sensitive user data.
  - 21. The one or more tangible, non-transitory computer-readable mediums of claim 13, wherein the service selection engine is operable to provide the notification of satisfaction without exposing the encrypted payload outside of the trusted execution engine.
  - 22. The one or more tangible, non-transitory computer-readable mediums of claim 21, wherein the service selection engine is further operable to receive at least one feedback related to the notification of satisfaction and to provide a selection update to the service selection engine based at least in part on the feedback.

23. A method of providing brokering between a vendor and a consumer for purchasing a service or item for sale, comprising:
- providing a local context store comprising availability parameters including pre-defined descriptors of the vendor'"'"'s availability to sell the service or the item;
  
  providing a service data store comprising data on the vendor'"'"'s preferences for servicing requests for which the vendor is available;
  
  providing a flow processor engine to determine availability of the vendor to sell the service or the item; and
  
  providing a trusted execution environment (TEE), and within the TEE;
  
  receiving from the flow processor engine an encrypted payload comprising a request from the consumer to purchase the service or the item, including private information about the consumer necessary to complete the purchase;
  
  receiving from the flow processor engine availability parameters of the local context store, and service data relevant to the request;
  
  determining, based on the availability parameters and service data, that the vendor is available to sell the service or the item;
  
  receiving vendor preferences from the service data store, and determining from the vendor preferences that the vendor is willing to sell the service or the item; and
  
  providing a notification of satisfaction to the flow processor engine without fully exposing the consumer'"'"'s private information outside of the TEE.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Nayshtut, Alex, Pogorelik, Oleg, Ben-Shalom, Omer, Muttik, Igor
Primary Examiner(s)
Alata, Ayoub

Application Number

US14/865,430
Publication Number

US 20170093803A1
Time in Patent Office

1,166 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/6245   Protecting personal data, e...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0853   using an additional device,...

H04L 63/1441   Countermeasures against mal...

Secure service matching

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Secure service matching

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links