Zero-knowledge environment based social networking engine

US 10,693,647 B2
Filed: 05/30/2017
Issued: 06/23/2020
Est. Priority Date: 08/12/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, from an application instance installed at a communication device, a request for a network address uniquely identifying a first software container associated with a first user identity, wherein the request includes authorization information corresponding to the first user identity, and wherein a software container is an independent server virtualization instance that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance;

authorizing the communication device to add data relating to the first user identity to the first software container based at least on the authorization information corresponding to the first user identity;

transmitting, to the communication device and in response to authorizing the communication device to add data relating to the first user identity to the first software container, information indicating the network address uniquely identifying the first software container;

receiving, from the communication device, particular data relating to the first user identity and the information indicating the network address uniquely identifying the first software container;

storing, at the first software container, the particular data relating to the first user identity;

receiving, from the application instance installed at the communication device, an election of an advertising service to be included within the first software container and operate on the data relating to the first user identity stored at the first software container, the election being made by a first user associated with the first software container;

in response to receiving the election;

selecting, by an advertising engine within the first software container, one or more advertisements determined to be appropriate for the first user based on the data relating to the first user identity stored at the first software container, wherein the advertising engine does not release the data relating to the first user identity stored at the first software container outside the first software container; and

providing, for display to the first user, the one or more selected advertisements.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus are described providing social networking engines. Specifically, the present specification relates to a method for implementing software containers implementing social network engines that may be configured to act in a zero-knowledge environment. In such implementations, all information pertaining to the social network engine associated with a user that is stored in the container is solely that of a user unless explicitly shared by the user. In some implementations, the containers may be configured to participate in a publish-and-subscribe network in order to share information. In addition, the containers may be provisioned with controls so that global operators may comply with local privacy rules.

Citations

20 Claims

1. A computer-implemented method comprising:
- receiving, from an application instance installed at a communication device, a request for a network address uniquely identifying a first software container associated with a first user identity, wherein the request includes authorization information corresponding to the first user identity, and wherein a software container is an independent server virtualization instance that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance;
  
  authorizing the communication device to add data relating to the first user identity to the first software container based at least on the authorization information corresponding to the first user identity;
  
  transmitting, to the communication device and in response to authorizing the communication device to add data relating to the first user identity to the first software container, information indicating the network address uniquely identifying the first software container;
  
  receiving, from the communication device, particular data relating to the first user identity and the information indicating the network address uniquely identifying the first software container;
  
  storing, at the first software container, the particular data relating to the first user identity;
  
  receiving, from the application instance installed at the communication device, an election of an advertising service to be included within the first software container and operate on the data relating to the first user identity stored at the first software container, the election being made by a first user associated with the first software container;
  
  in response to receiving the election;
  
  selecting, by an advertising engine within the first software container, one or more advertisements determined to be appropriate for the first user based on the data relating to the first user identity stored at the first software container, wherein the advertising engine does not release the data relating to the first user identity stored at the first software container outside the first software container; and
  
  providing, for display to the first user, the one or more selected advertisements.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, comprising:
    - accessing configuration data that specifies pre-determined publish-and-subscribe relationships between a second software container and one or more other software containers, wherein each of the pre-determined publish-and-subscribe relationships permits data relating to a user identity associated with another software container to be exchanged with the second software container;
      
      determining that the configuration data includes a pre-determined publish-and-subscribe relationship between a second user identity associated with the second software container and the first user identity that permits data relating to the first user identity stored at the first software container to be exchanged with the second software container;
      
      identifying, at a key management module and from a set of encryption key pairs that each correspond to a different pre-determined publish-and-subscribe relationship between software containers, an encryption key pair corresponding to the pre-determined publish-and-subscribe relationship between the second user identity and the first user identity;
      
      encrypting, using a first encryption key of the encryption key pair, the particular data relating to the first user identity stored in the first software container to provide encrypted particular data relating to the first user identity;
      
      in response to determining that the configuration data includes the pre-determined publish-and-subscribe relationship that permits data relating to the first user identity stored at the first software container to be exchanged with the second software container, transmitting the encrypted particular data relating to the first user identity to the second software container;
      
      receiving, from an application instance installed at a second communication device, a second request for the first software container to exchange data relating to the first user identity with the second software container; and
      
      accessing the configuration data that specifies the pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers based at least on receiving the request for the first software container to exchange data relating to the first user identity with the second software container.
  - 3. The computer-implemented method of claim 2, wherein the second request comprises (i) information indicating the network address uniquely identifying the first software container, and (ii) information indicating a second network address uniquely identifying the second software container.
  - 4. The computer-implemented method of claim 2, wherein encrypting the particular data relating to the first user identity comprises:
    - providing the first encryption key of the encryption key pair from the key management module to the communication device, wherein providing the first encryption key of the encryption key pair from the key management module to the communication device enables encryption of the particular data relating to the first user identity using the first encryption key of the encryption key pair; and
      
      receiving, from the communication device, the encrypted particular data relating to the first user identity.
  - 5. The computer-implemented method of claim 2, comprising:
    - providing a second encryption key of the encryption key pair from the key management module to a second communication device, wherein providing the second encryption key of the encryption key pair from the key management module to the second communication device enables decryption of the particular encrypted data relating to the first user identity using the second encryption key of the encryption key pair.
  - 6. The computer-implemented method of claim 2, comprising:
    - determining that the particular data relating to the first user identity is included among published data relating to the first user identity that is stored at the first software container; and
      
      transmitting the particular data relating to the first user identity included in the first software container to the second software container in response to (i) determining that the configuration data includes the pre-determined publish-and-subscribe relationship that permits data relating to the first user identity stored at the first software container to be exchanged with the second software container, and (ii) determining that the particular data relating to the first user identity is included among the published data relating to the first user identity that is stored at the first software container.
  - 7. The computer-implemented method of claim 2, wherein each of the first software container and the second software container is associated with controls that permit access to social network data relating to an online user identity included in the software container according to privacy rules.
  - 8. The computer-implemented method of claim 1, wherein the application instance installed at the communication device is a social network application instance installed at the communication device.
  - 9. The computer-implemented method of claim 1, wherein the information indicating the network address uniquely identifying the first software container is information indicating an Internet Protocol version 6 (IPv6) or domain name system (DNS) address that points to the first software container and that does not point to any additional software containers.
  - 10. The method of claim 1, wherein selecting, by an advertising engine within the first software container, one or more advertisements determined to be appropriate for the first user based on the data relating to the first user identity stored at the first software container comprises:
    - receiving, by the advertising engine from an advertising server, a collection of information describing a plurality of advertisements; and
      
      in response to receiving the collection of information describing a plurality of advertisements, determining, by the advertising engine, one or more advertisements appropriate for the first user based on the data relating to the first user identity stored at the first software container and the collection of information describing the plurality of advertisements.
  - 11. The method of claim 1, wherein selecting, by an advertising engine within the first software container, one or more advertisements determined to be appropriate for the first user based on the data relating to the first user identity stored at the first software container comprises:
    - receiving, by the advertising engine from an advertising server, suggested advertisements; and
      
      in response to receiving the suggested advertisements, inspecting, by the advertising engine, the suggested advertisements received from the advertising server to determine one or more advertisements of the suggested advertisements received from the advertising server responsive to an interest of the first user based on the data relating to the first user identity stored at the first software container.

12. A system for exchanging social network data, the system comprising:
- one or more processors and one or more memories storing instructions that are operable, when executed by the one or more processors, to cause the one or more processors to perform operations comprising;
  
  receiving, from an application instance installed at a communication device, a request for a network address uniquely identifying a first software container associated with a first user identity, wherein the request includes authorization information corresponding to the first user identity, and wherein a software container is an independent server virtualization instance that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance;
  
  authorizing the communication device to add data relating to the first user identity to the first software container based at least on the authorization information corresponding to the first user identity;
  
  transmitting, to the communication device and in response to authorizing the communication device to add data relating to the first user identity to the first software container, information indicating the network address uniquely identifying the first software container;
  
  receiving, from the communication device, particular data relating to the first user identity and the information indicating the network address uniquely identifying the first software container;
  
  storing, at the first software container, the particular data relating to the first user identity;
  
  receiving, from the application instance installed at the communication device, an election of an advertising service to be included within the first software container and operate on the data relating to the first user identity stored at the first software container, the election being made by a first user associated with the first software container;
  
  in response to receiving the election;
  
  selecting, by an advertising engine within the first software container, one or more advertisements determined to be appropriate for the first user based on the data relating to the first user identity stored at the first software container, wherein the advertising engine does not release the data relating to the first user identity stored at the first software container outside the first software container; and
  
  providing, for display to the first user, the one or more selected advertisements;
  
  accessing configuration data that specifies pre-determined publish-and-subscribe relationships between a second software container and one or more other software containers, wherein each of the pre-determined publish-and-subscribe relationships permits data relating to a user identity associated with another software container to be exchanged with the second software container;
  
  determining that the configuration data includes a pre-determined publish-and-subscribe relationship between a second user identity associated with the second software container and the first user identity that permits data relating to the first user identity stored at the first software container to be exchanged with the second software container;
  
  identifying, at a key management module and from a set of encryption key pairs that each correspond to a different pre-determined publish-and-subscribe relationship between software containers, an encryption key pair corresponding to the pre-determined publish-and-subscribe relationship between the second user identity and the first user identity;
  
  encrypting, using a first encryption key of the encryption key pair, the particular data relating to the first user identity stored in the first software container to provide encrypted particular data relating to the first user identity;
  
  in response to determining that the configuration data includes the pre-determined publish-and-subscribe relationship that permits data relating to the first user identity stored at the first software container to be exchanged with the second software container, transmitting the encrypted particular data relating to the first user identity to the second software container;
  
  receiving, from an application instance installed at a second communication device, a second request for the first software container to exchange data relating to the first user identity with the second software container; and
  
  accessing the configuration data that specifies the pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers based at least on receiving the request for the first software container to exchange data relating to the first user identity with the second software container.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The system of claim 12, wherein the second request comprises (i) information indicating the network address uniquely identifying the first software container, and (ii) information indicating a second network address uniquely identifying the second software container.
  - 14. The system of claim 12, wherein encrypting the particular data relating to the first user identity comprises:
    - providing the first encryption key of the encryption key pair from the key management module to the communication device, wherein providing the first encryption key of the encryption key pair from the key management module to the communication device enables encryption of the particular data relating to the first user identity using the first encryption key of the encryption key pair; and
      
      receiving, from the communication device, the encrypted particular data relating to the first user identity.
  - 15. The system of claim 12, wherein the operations comprise:
    - providing a second encryption key of the encryption key pair from the key management module to a second communication device, wherein providing the second encryption key of the encryption key pair from the key management module to the second communication device enables decryption of the particular encrypted data relating to the first user identity using the second encryption key of the encryption key pair.
  - 16. The system of claim 12, wherein the operations comprise:
    - determining that the particular data relating to the first user identity is included among published data relating to the first user identity that is stored at the first software container; and
      
      transmitting the particular data relating to the first user identity included in the first software container to the second software container in response to (i) determining that the configuration data includes the pre-determined publish-and-subscribe relationship that permits data relating to the first user identity stored at the first software container to be exchanged with the second software container, and (ii) determining that the particular data relating to the first user identity is included among the published data relating to the first user identity that is stored at the first software container.
  - 17. The system of claim 12, wherein each of the first software container and the second software container is associated with controls that permit access to social network data relating to an online user identity included in the software container according to privacy rules.

18. A non-transitory computer-readable storage medium encoded with a computer program for exchanging social network data, the computer program comprising instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising:
- receiving, from an application instance installed at a communication device, a request for a network address uniquely identifying a first software container associated with a first user identity, wherein the request includes authorization information corresponding to the first user identity, and wherein a software container is an independent server virtualization instance that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance;
  
  authorizing the communication device to add data relating to the first user identity to the first software container based at least on the authorization information corresponding to the first user identity;
  
  transmitting, to the communication device and in response to authorizing the communication device to add data relating to the first user identity to the first software container, information indicating the network address uniquely identifying the first software container;
  
  receiving, from the communication device, particular data relating to the first user identity and the information indicating the network address uniquely identifying the first software container;
  
  storing, at the first software container, the particular data relating to the first user identity;
  
  receiving, from the application instance installed at the communication device, an election of an advertising service to be included within the first software container and operate on the data relating to the first user identity stored at the first software container, the election being made by a first user associated with the first software container;
  
  in response to receiving the election;
  
  selecting, by an advertising engine within the first software container, one or more advertisements determined to be appropriate for the first user based on the data relating to the first user identity stored at the first software container, wherein the advertising engine does not release the data relating to the first user identity stored at the first software container outside the first software container; and
  
  providing, for display to the first user, the one or more selected advertisements.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable storage medium of claim 18, wherein the operations further comprise:
    - accessing configuration data that specifies pre-determined publish-and-subscribe relationships between a second software container and one or more other software containers, wherein each of the pre-determined publish-and-subscribe relationships permits data relating to a user identity associated with another software container to be exchanged with the second software container;
      
      determining that the configuration data includes a pre-determined publish-and-subscribe relationship between a second user identity associated with the second software container and the first user identity that permits data relating to the first user identity stored at the first software container to be exchanged with the second software container;
      
      identifying, at a key management module and from a set of encryption key pairs that each correspond to a different pre-determined publish-and-subscribe relationship between software containers, an encryption key pair corresponding to the pre-determined publish-and-subscribe relationship between the second user identity and the first user identity;
      
      encrypting, using a first encryption key of the encryption key pair, the particular data relating to the first user identity stored in the first software container to provide encrypted particular data relating to the first user identity; and
      
      in response to determining that the configuration data includes the pre-determined publish-and-subscribe relationship that permits data relating to the first user identity stored at the first software container to be exchanged with the second software container, transmitting the encrypted particular data relating to the first user identity to the second software container.
  - 20. The non-transitory computer-readable storage medium of claim 18, wherein selecting, by an advertising engine within the first software container, one or more advertisements determined to be appropriate for the first user based on the data relating to the first user identity stored at the first software container comprises:
    - receiving, by the advertising engine from an advertising server, suggested advertisements; and
      
      in response to receiving the suggested advertisements, inspecting, by the advertising engine, the suggested advertisements received from the advertising server to determine one or more advertisements of the suggested advertisements received from the advertising server responsive to an interest of the first user based on the data relating to the first user identity stored at the first software container.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eIngot LLC
Original Assignee
eIngot LLC
Inventors
Raduchel, William J.
Primary Examiner(s)
Elfervig, Taylor A

Application Number

US15/607,924
Publication Number

US 20170331630A1
Time in Patent Office

1,120 Days
Field of Search

709224
US Class Current
CPC Class Codes

G06F 21/6263   during internet communicati...

H04L 51/00   User-to-user messaging in p...

H04L 51/52   for supporting social netwo...

H04L 61/4594   Address books, i.e. directo...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1063   Application servers providi...

H04L 65/1073   Registration or de-registra...

H04L 65/1089   by adding media; by removin...

H04L 65/1104   Session initiation protocol...

H04L 65/403   Arrangements for multi-part...

H04L 67/1095   Replication or mirroring of...

H04L 9/3221   interactive zero-knowledge ...

H04N 7/173   with two-way working, e.g. ...

Zero-knowledge environment based social networking engine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Zero-knowledge environment based social networking engine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links