Private data sharing system
First Claim
1. A method for data exchange between a plurality of personal computing devices where a third party receives, stores, and transmits data between each of said personal computing devices, comprising:
- providing a third party data sharing server connecting the personal computing devices;
establishing an encryption/decryption module on each personal computing device connected to the data sharing server;
generating a file encryption key and a file decryption key associated with and unique to an original data file using the encryption/decryption module of a first personal computing device associated with a first user, the file decryption key being usable for reconstituting data files encrypted with the file encryption key;
encrypting the original data file with the file encryption key for sharing with a second personal computing device associated with a second user selected by the first user and with a third personal computing device associated with a third user selected by the first user;
encrypting the file decryption key with a first recipient encryption key unique to the second user to produce a first encrypted file decryption key;
encrypting the file decryption key with a second recipient encryption key unique to the third user to produce a second encrypted file decryption key;
transmitting the encrypted data file, the first encrypted file decryption key, and the second encrypted file decryption key to the third party data sharing server for storage, the third party data sharing server being without a capability to decrypt the file decryption key from the first encrypted file decryption key and without a capability to decrypt the file decryption key from the second encrypted file decryption key and without a capability to decrypt the original data file from the encrypted data file;
forwarding the encrypted data file and the first encrypted file decryption key from the third party server to the second personal computing device;
forwarding the encrypted data file and the second encrypted file decryption key from the third party server to the third personal computing device;
decrypting the file decryption key using the encryption/decryption module of the second personal computing device to reconstitute the file decryption key from the first encrypted file decryption key and a first recipient decryption key, the first recipient decryption key being usable for reconstituting data files encrypted with the first recipient encryption key; and
decrypting the file decryption key using the encryption/decryption module of the third personal computing device to reconstitute the file decryption key from the second encrypted file decryption key and a second recipient decryption key, the second recipient decryption key being usable for reconstituting data files encrypted with the second recipient encryption key;
decrypting the encrypted data file using the encryption/decryption module of the second personal computing device to reconstitute the original data file from the encrypted data file and the file decryption key; and
decrypting the encrypted data file using the encryption/decryption module of the third personal computing device to reconstitute the original data file from the encrypted data file and the file decryption key.
0 Assignments
0 Petitions
Accused Products
Abstract
A novel architecture for a data sharing system (DSS) is disclosed and seeks to ensure the privacy and security of users'"'"' personal information. In this type of network, a user'"'"'s personally identifiable information is stored and transmitted in an encrypted form, with few exceptions. The only key with which that encrypted data can be decrypted, and thus viewed, remains in the sole possession of the user and the user'"'"'s friends/contacts within the system. This arrangement ensures that a user'"'"'s personally identifiable information cannot be examined by anyone other than the user or his friends/contacts. This arrangement also makes it more difficult for the web site or service hosting the DSS to exploit its users'"'"' personally identifiable information. Such a system facilitates the encryption, storage, exchange and decryption of personal, confidential and/or proprietary data.
-
Citations
4 Claims
-
1. A method for data exchange between a plurality of personal computing devices where a third party receives, stores, and transmits data between each of said personal computing devices, comprising:
-
providing a third party data sharing server connecting the personal computing devices; establishing an encryption/decryption module on each personal computing device connected to the data sharing server; generating a file encryption key and a file decryption key associated with and unique to an original data file using the encryption/decryption module of a first personal computing device associated with a first user, the file decryption key being usable for reconstituting data files encrypted with the file encryption key; encrypting the original data file with the file encryption key for sharing with a second personal computing device associated with a second user selected by the first user and with a third personal computing device associated with a third user selected by the first user; encrypting the file decryption key with a first recipient encryption key unique to the second user to produce a first encrypted file decryption key; encrypting the file decryption key with a second recipient encryption key unique to the third user to produce a second encrypted file decryption key; transmitting the encrypted data file, the first encrypted file decryption key, and the second encrypted file decryption key to the third party data sharing server for storage, the third party data sharing server being without a capability to decrypt the file decryption key from the first encrypted file decryption key and without a capability to decrypt the file decryption key from the second encrypted file decryption key and without a capability to decrypt the original data file from the encrypted data file; forwarding the encrypted data file and the first encrypted file decryption key from the third party server to the second personal computing device; forwarding the encrypted data file and the second encrypted file decryption key from the third party server to the third personal computing device; decrypting the file decryption key using the encryption/decryption module of the second personal computing device to reconstitute the file decryption key from the first encrypted file decryption key and a first recipient decryption key, the first recipient decryption key being usable for reconstituting data files encrypted with the first recipient encryption key; and decrypting the file decryption key using the encryption/decryption module of the third personal computing device to reconstitute the file decryption key from the second encrypted file decryption key and a second recipient decryption key, the second recipient decryption key being usable for reconstituting data files encrypted with the second recipient encryption key; decrypting the encrypted data file using the encryption/decryption module of the second personal computing device to reconstitute the original data file from the encrypted data file and the file decryption key; and decrypting the encrypted data file using the encryption/decryption module of the third personal computing device to reconstitute the original data file from the encrypted data file and the file decryption key. - View Dependent Claims (2)
-
-
3. A method for data exchange between a plurality of personal computing devices where a server receives and transmits data between each of said personal computing devices, comprising:
-
providing a server connecting the personal computing devices; establishing an encryption/decryption module on each personal computing device connected to the server, each encryption/decryption module being initialized with a private key unique to a respective encryption/decryption module initialized therewith, and a plurality of public keys each being unique with respect to a particular encryption/decryption module of another personal computing device connected to the server; encrypting a first original data packet on a first personal computing device with a first public key selected from the plurality of public keys initialized on the encryption/decryption module of the first personal computing device to produce a first encrypted data packet; encrypting a second original data packet on the first personal computing device with a second public key selected from the plurality of public keys initialized on the encryption/decryption module of the first personal computing device to produce a second encrypted data packet; transmitting the first encrypted data packet to the server for transmission to the second personal computing device; transmitting the second encrypted data packet to the server for transmission to a third personal computing device; transmitting the first encrypted data packet from the server to the second personal computing device; transmitting the second encrypted data packet from the server to the third personal computing device; decrypting the first encrypted data packet using the encryption/decryption module of the second personal computing device to reconstitute the first original data packet from the first encrypted data packet and the private key with which the encryption/decryption module of the second personal computing device was initialized; and decrypting the second encrypted data packet using the encryption/decryption module of the third personal computing device to reconstitute the second original data packet from the second encrypted data packet and the private key with which the encryption/decryption module of the third personal computing device was initialized.
-
-
4. A method for data exchange between a plurality of personal computing devices where a server receives and transmits data between each of said personal computing devices, comprising:
-
providing a server connecting the personal computing devices; establishing an encryption/decryption module on each personal computing device connected to the server; initializing the encryption/decryption module of a first personal computing device connected to the server with a first private key unique to the first personal computing device, a second public key unique to a second personal computing device connected to the server, and a third public key unique to a third personal computing device connected to the server; initializing the encryption/decryption module of the second personal computing device with a second private key unique to the second personal computing device, a first public key unique to the first personal computing device, and a third public key unique to the third personal computing device; initializing the encryption/decryption module of the third personal computing device with a third private key unique to the third personal computing device, a first public key unique to the first personal computing device, and a second public key unique to the second personal computing device; encrypting a first original data packet on the first personal computing device with the second public key to produce a first encrypted data packet for sharing with the second personal computing device; encrypting a second original data packet on the first personal computing device with the third public key to produce a second encrypted data packet for sharing with the third personal computing device; transmitting the first encrypted data packet from the first personal computing device to the server for transmission to the second personal computing device; transmitting the second encrypted data packet from the first personal computing device to the server for transmission to the third personal computing device; transmitting the first encrypted data packet from the server to the second personal computing device; transmitting the second encrypted data packet from the server to the third personal computing device; decrypting the first encrypted data packet using the encryption/decryption module of the second personal computing device to reconstitute the first original data packet from the first encrypted data packet and the second private key; and decrypting the second encrypted data packet using the encryption/decryption module of the third personal computing device to reconstitute the original second data packet from the second encrypted data packet and the third private key.
-
Specification