PRIVATE DATA SHARING SYSTEM
First Claim
1. A method by a data sharing system (DSS) server, which is operably connected to a data distribution network (DDN) that includes a first client of a first user, a second client of a second user and a third client of a third user, of facilitating the private sharing of data between the first, second and third client, the method comprising:
- receiving via the DDN a first obfuscated data packet (ODP) from the first client;
transmitting via the DDN the first ODP, or a copy thereof, to the second client;
transmitting via the DDN the first ODP, or a copy thereof, to the third client;
receiving via the DDN a second ODP from the second client;
transmitting via the DDN the second ODP, or a copy thereof, to the first client;
transmitting via the DDN the second ODP, or a copy thereof, to the third client;
receiving via the DDN a third ODP from the third client;
transmitting via the DDN the third ODP, or a copy thereof, to the first client;
transmitting via the DDN the third ODP, or a copy thereof, to the second client;
wherein the server lacks the “
value, method and/or program or portion of a program”
(VMP) needed to de-obfuscate the first ODP;
wherein the server lacks the VMP needed to de-obfuscate the second ODP; and
wherein the server lacks the VMP needed to de-obfuscate the third ODP.
0 Assignments
0 Petitions
Accused Products
Abstract
A novel architecture for a data sharing system (DSS) is disclosed and seeks to ensure the privacy and security of users'"'"' personal information. In this type of network, a user'"'"'s personally identifiable information is stored and transmitted in an encrypted form, with few exceptions. The only key with which that encrypted data can be decrypted, and thus viewed, remains in the sole possession of the user and the user'"'"'s friends/contacts within the system. This arrangement ensures that a user'"'"'s personally identifiable information cannot be examined by anyone other than the user or his friends/contacts. This arrangement also makes it more difficult for the web site or service hosting the DSS to exploit its users'"'"' personally identifiable information. Such a system facilitates the encryption, storage, exchange and decryption of personal, confidential and/or proprietary data.
259 Citations
155 Claims
-
1. A method by a data sharing system (DSS) server, which is operably connected to a data distribution network (DDN) that includes a first client of a first user, a second client of a second user and a third client of a third user, of facilitating the private sharing of data between the first, second and third client, the method comprising:
-
receiving via the DDN a first obfuscated data packet (ODP) from the first client; transmitting via the DDN the first ODP, or a copy thereof, to the second client; transmitting via the DDN the first ODP, or a copy thereof, to the third client; receiving via the DDN a second ODP from the second client; transmitting via the DDN the second ODP, or a copy thereof, to the first client; transmitting via the DDN the second ODP, or a copy thereof, to the third client; receiving via the DDN a third ODP from the third client; transmitting via the DDN the third ODP, or a copy thereof, to the first client; transmitting via the DDN the third ODP, or a copy thereof, to the second client; wherein the server lacks the “
value, method and/or program or portion of a program”
(VMP) needed to de-obfuscate the first ODP;wherein the server lacks the VMP needed to de-obfuscate the second ODP; and wherein the server lacks the VMP needed to de-obfuscate the third ODP. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A data sharing system (DSS) client architecture, comprising:
-
a computing device having operatively thereon a DSS client which is initialized by a first user with at least “
a data obfuscation value and/or program or portion of a program”
(DOVP);wherein the first user'"'"'s client, using a DOVP of the first user, is configured to obfuscate a data file of the first user and to transmit the obfuscated data file (ODF) over a data distribution network for receipt by at least second and third DSS clients, of second and third users, respectively; wherein the second DSS client is initialized with at least a DOVP of, and by, the second user; wherein the second client, using a DOVP of the second user, is configured to obfuscate a data file of the second user and to transmit the ODF over a data distribution network for receipt by at least the first and third DSS clients, of the first and third users, respectively; wherein the third DSS client is initialized with at least a DOVP of, and by, the third user; wherein the third client, using a DOVP of the third user, is configured to obfuscate a data file of the third user and to transmit the ODF over a data distribution network for receipt by at least the first and second DSS clients, of the first and second users, respectively; wherein the DOVP of the first user is not the same as the DOVP of the second user; wherein the DOVP of the first user is not the same as the DOVP of the third user; wherein the DOVP of the second user is not the same as the DOVP of the third user; wherein the second DSS client is configured to de-obfuscate the ODF of the first user using “
a data de-obfuscation value and/or program or portion of a program”
(DDVP) which the first user, directly or indirectly, provided to the second user;wherein the third DSS client is configured to de-obfuscate the ODF of the first user using a DDVP which the first user provided, directly or indirectly, to the third user; wherein the first DSS client is configured to de-obfuscate the ODF of the second user using a DDVP which the second user, directly or indirectly, provided to the first user; wherein the third DSS client is configure to de-obfuscate the ODF of the second user using a DDVP which the second user provided, directly or indirectly, to the third user; wherein the first DSS client is configured to de-obfuscate the ODF of the third user using a DDVP which the third user, directly or indirectly, provided to the first user; and wherein the second DSS client is configured to de-obfuscate the ODF of the third user using a DDVP which the third user provided, directly or indirectly, to the second user. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A data sharing system (DSS) method, comprising:
-
receiving in a DSS server of a data distribution network first and second encrypted data packets, having non-encrypted portions and/or referencing non-encrypted data, from a DSS client of a first user wherein the encrypted data packets are neither decryptable by the DSS server nor by the operators thereof; storing the encrypted data packets in the DSS server; determining from at least a portion of the unencrypted portions and/or referenced unencrypted data that a second user and a third user in the DSS are intended recipients of the encrypted data packets; transmitting an encrypted decryption key received from the DSS client of the first user to the DSS clients of the second and third users, respectively; and transmitting the first and second encrypted data packets to the DSS client of the second user and the DSS client of the third user via the data distribution network for decryption by the DSS clients of the second and third users using the decryption key transmitted by the first user, following the decryption of that decryption key by the DSS clients of the second and third users, respectively.
-
-
37. A data sharing system (DSS) method by a DSS client of a first user, comprising:
-
receiving first and second obfuscated data packets from a DSS client of a second user and via a data distribution network; wherein the first and second obfuscated data packets were obfuscated using at least a first obfuscating algorithm and/or parameter of, and unique to, the second user; de-obfuscating the first and second obfuscated data packets using at least first de-obfuscating algorithm and/or parameter of the second user, complementary to the first obfuscating algorithm and/or parameter of the second user; receiving third and fourth obfuscated data packets from a DSS client of a third user and via the data distribution network; wherein the third and fourth obfuscates data packets were obfuscated using at least a second obfuscating algorithm and/or parameter of, and unique to, the third user; and de-obfuscating the third and fourth obfuscated data packets using at least a second de-obfuscating algorithm and/or parameter of the third user and unique to the third user, complementary to the second obfuscating algorithm and/or parameter of the third user. - View Dependent Claims (38, 39, 40, 41, 42)
-
-
43. A data sharing system (DSS) client system, comprising:
-
a first user'"'"'s client; and a second user'"'"'s client; wherein the first user'"'"'s client contains a computing device having operatively thereon a DSS client program; wherein the first user'"'"'s client stores at least two at least pairs of values, including a first at least pair of values and a second at least pair of values; wherein the second user'"'"'s client contains a computing device having operatively thereon a DSS client program; wherein the second user'"'"'s client stores at least two at least pairs of values, including a third at least pair of values and a fourth at least pair of values; wherein the first user'"'"'s client and the second user'"'"'s client are operably connected by at least one data distribution network; wherein the first at least pair of values contains a first value which is an identifying value (ID); wherein the first at least pair of values contains a second value which specifies or references a “
value, method and/or program or portion of a program”
(VMP) which can be used to de-obfuscate a packet of data;wherein the second at least pair of values contains a third value which is an ID different from the first value; wherein the second at least pair of values contains a fourth value which specifies or references a VMP which can be used to de-obfuscate a packet of data and specifies or references a different VMP from the one specified by the second value; wherein the third at least pair of values contains a fifth value which is an ID which is the same as the third value; wherein the third at least pair of values contains a sixth value which specifies or references a VMP which can be used to de-obfuscate a packet of data and is the same as the VMP specified or referenced by the fourth value; wherein the fourth at least pair of values contains a seventh value which is an ID which is the same as the first value; wherein the fourth at least pair of values contains an eighth value which specifies or references a VMP which can be used to de-obfuscate a packet of data and is the same as the VMP specified or referenced by the second value; wherein the first user'"'"'s client is configured to obfuscate a first data object in such a way that the obfuscated first data object may subsequently be de-obfuscated using the VMP specified or referenced by the second value; wherein the first user'"'"'s client is configured to associate the first obfuscated data object (ODO) with the first value; wherein the first user'"'"'s client is configured to transmit the first ODO to the second user'"'"'s client; wherein the second user'"'"'s client is configured to receive the first ODO; wherein the second user'"'"'s client is configured to use the seventh value associated with the first ODO to determine that the VMP specified or referenced by the eighth value is required to de-obfuscate the first ODO; wherein the second user'"'"'s client is configured to retrieve from its stores the VMP specified or referenced by the eighth value; wherein the second user'"'"'s client is configured to use the VMP specified or referenced by the eighth value to de-obfuscate the first ODO; wherein the second user'"'"'s client is configured to obfuscate a second data object in such a way that the second data object may subsequently be de-obfuscated using the VMP specified or referenced by the sixth value; wherein the second user'"'"'s client is configured to associate the second ODO with the fifth value; wherein the second user'"'"'s client is configured to transmit the second ODO to the first user'"'"'s client; wherein the first user'"'"'s client is configured to receive the second ODO; wherein the first user'"'"'s client is configured to use the third value associated with the second ODO to determine that the VMP specified or referenced by the fourth value is required to de-obfuscate the second ODO; wherein the first user'"'"'s client is configured to retrieve from its stores the VMP specified or referenced by the fourth value; and wherein the first user'"'"'s client is configured to use the VMP specified or referenced by the fourth value to de-obfuscate the second ODO. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
-
-
66. A data sharing system (DSS) method by a DSS client of a first user wherein the DSS client contains or stores or has access to a first encryption key, and a corresponding first decryption key which may be the same as the first encryption key, with the first encryption key able to be used to encrypt data, comprising:
-
generating by the DSS client of the first user a second encryption key, and a corresponding second decryption key which may be the same as the second encryption key, with the second key(s) stored within the DSS client of the first user, and the second encryption key able to be used to encrypt data; wherein the first and second encryption keys are not the same, and do not possess the same value; encrypting first and second unencrypted data packets, or copies thereof, using the first encryption key to form first and second encrypted data packets; encrypting third and fourth unencrypted data packets, or copies thereof, using the second encryption key to form third and fourth encrypted data packets; making the first decryption key available to the DSS client of a first other user so that the DSS client of the first other user can decrypt the first and second encrypted data packets; making the second decryption key available to the DSS client of a second other user so that the DSS client of the second other user can decrypt the third and fourth encrypted data packets; making neither the first decryption key nor the second decryption key available to the DSS client of a third other user so that the DSS client of the third other user is not able to decrypt any of the first, second, third or fourth encrypted data packets. - View Dependent Claims (67, 68, 69, 70)
-
-
71. A method by a data sharing system (DSS) client of a first user of exchanging decryption keys with a DSS client of a second user over a DSS network, comprising:
-
generating a first-user public encryption key and a first-user private decryption key; sending to the second-user'"'"'s DSS client over the DSS network the first first-user'"'"'s public encryption key; receiving a second-user personal decryption key, encrypted with the first-user public encryption key, and receiving a second-user public encryption key, from the second-user'"'"'s DSS client; and decrypting the second-user'"'"'s encrypted personal decryption key using the first-user'"'"'s private decryption key to form a decrypted second-user'"'"'s personal decryption key. - View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79)
-
-
80. A data sharing system (DSS) architecture, comprising:
a DSS server having therein a DSS program which allows a first decryption key of a first DSS client and a second decryption key of a second DSS client to be exchanged between the first and second DSS clients, through the DSS server and through a DSS transmission system in which the DSS server and operators thereof do not have access to the decryption keys and are unable to recover, generate or discern the values of the decryption keys. - View Dependent Claims (81, 82)
-
83. A data sharing system (DSS) method, comprising:
-
receiving in a second user'"'"'s DSS client from a first user'"'"'s DSS client a first user'"'"'s public encryption key; encrypting in the second user'"'"'s DSS client the second user'"'"'s personal decryption key using the first user'"'"'s public encryption key to generate an encrypted copy of the second user'"'"'s personal decryption key; generating, using the second user'"'"'s DSS client, a second user'"'"'s public encryption key and private decryption key; and transmitting the second user'"'"'s encrypted personal decryption key and the second user'"'"'s public encryption key from the second user'"'"'s DSS client to the first user'"'"'s DSS client. - View Dependent Claims (84, 85, 86)
-
-
87. A data sharing system (DSS) method, comprising:
-
transmitting a public encryption key from a first user client DSS program executing on a first user DSS client of a first user via a data distribution network to a second client DSS program executing on a second user DSS client of a second user; receiving in the first user DSS client from the second user DSS client one or more encrypted personal decryption keys of the second user and a public encryption key of the second user; using a private decryption key of the first user, decrypting in the first user DSS client the second user'"'"'s public-key encrypted personal decryption key(s); using the first user'"'"'s DSS client, adding the second user'"'"'s personal decryption key(s) to a key locker of the DSS client of the first user and thereby modifying the key locker; after the modifying the key locker of the DSS client of the first user, generating using the first user'"'"'s DSS client and the first user'"'"'s personal encryption key, an encrypted version of the modified key locker; and sending the encrypted modified key locker of the DSS client of the first user from the first user'"'"'s client to a DSS server. - View Dependent Claims (88, 89, 90, 91, 92, 93, 94, 95)
-
-
96. A data sharing system (DSS) method, comprising:
-
transmitting a first public obfuscating “
value and/or program or portion of a program”
(VMP) from a first user client DSS program executing on a first user DSS client of a first user via a data distribution network to a second client DSS program executing on a second user DSS client of a second user;receiving in the first user DSS client from the second user DSS client an obfuscated de-obfuscating VMP of the second user and a second public obfuscating VMP of the second user; and using a private de-obfuscating VMP of the first user, de-obfuscating in the first user DSS client the second user'"'"'s public-obfuscated de-obfuscating VMP. - View Dependent Claims (97, 98)
-
-
99. A method for sharing data in a data sharing system (DSS), comprising:
-
specifying by a first user obfuscating data and/or functionality which is used by a DSS client to obfuscate data of the first user; sharing by the first user with a second user in the DSS the de-obfuscating data and/or functionality required to de-obfuscate data which has been obfuscated using the first user'"'"'s obfuscating data and/or functionality via a DSS server in a manner such that neither the DSS server nor operators thereof have access to the de-obfuscating data and/or functionality; obfuscating, by the first user, data of the first user by using the first user'"'"'s obfuscating data and/or functionality; and transmitting by the first user the obfuscated data to the DSS server in a manner that obfuscated data can be made available to the second user. - View Dependent Claims (100, 101, 102)
-
-
103. A data sharing system (DSS) key locker, comprising:
-
a data object of a first user and in a DSS client of the user; the data object including at least a pair of data values; the at least pair of data values including a first value which is an identifier of an encryption key and/or a decryption key of the first user or another user and a second value which is an encryption key and/or a decryption key, respectively, of the first user or other user, respectively; and wherein the data object is in an encrypted format and is decryptable at least in part by the DSS client and using at least in part at least one of the user'"'"'s decryption keys. - View Dependent Claims (104, 105, 106, 107)
-
-
108. A data sharing system (DSS) method, comprising:
-
receiving in a DSS client a user'"'"'s encrypted key locker from a DSS server; the key locker being encrypted with a key which is neither known by nor available to the DSS server; decrypting a user'"'"'s encrypted key locker using a user'"'"'s decryption key; the user decryption key having been entered in to the DSS client; receiving at least a subset of the user'"'"'s encrypted data files from the DSS server and/or at least a subset of one or more other users'"'"' encrypted data files from the DSS server; and decrypting the requested data file or files using, at least in part, a decryption key obtained by the DSS client directly from the user and/or a decryption key obtained from the decrypted key locker. - View Dependent Claims (109, 110, 111, 112, 113, 114, 115, 116)
-
-
117. A data sharing system (DSS) method, comprising:
-
receiving into a client of a user an encrypted data file of the user from a data distribution network; the encrypted data file including one or more at least pairs of data values; each of the at least pairs of data values including at least a first value which is an identifier and at least a second value which is an encryption key and/or a decryption key; at least partially decrypting the data file in the client using the decryption key of the user; and the decrypting does not allow the decrypted user encryption keys and/or decryption keys to leave the client of the user, nor to be known to the user. - View Dependent Claims (118, 119, 120, 121, 122, 123, 124, 125)
-
-
126. A non-transitory computer-readable storage medium with an executable program stored therein wherein the program instructs a microprocessor to perform the following steps:
-
encrypting data prior to transmission of the data to another program and/or to a data distribution network; decrypting at least some of the data received from a data distribution network using a “
decryption key and/or a decryption methodology”
determined at least in part by a user of the program and/or another user of a similar program connected to the program by the data distribution network; andsharing of data between, among and by at least three users of three different instances of the program operating on three different computing devices; wherein each user'"'"'s key used for both encryption and decryption, and/or pair of complementary encryption and decryption keys, is different from the key or keys of the other at least two users, thereby requiring each user to possess a different at east one decryption key for each other user in order to decrypt the data received from each other user. - View Dependent Claims (127, 128)
-
-
129. A non-transitory computer-readable storage medium with an executable program stored therein wherein the program instructs a microprocessor to perform the following steps:
-
a data sharing system (DSS) server transmitting to a first user'"'"'s computing device a DSS computer program (DSS_CP) which requests the first user to enter at least his personal decryption key; after receiving the first user'"'"'s personal decryption key, the server transmitting the first user'"'"'s encryption-key-encrypted key locker to the DSS_CP of the first user; after receiving the encrypted key locker, the DSS_CP decrypting the key locker using a decryption key of the first user to restore a decryption key of a second user with which the first user has agreed to share data contained therein; the DSS_CP decrypting data of the second user using the second user'"'"'s decryption key; and the DSS_CP making the decrypted second-user data available to the first user. - View Dependent Claims (130)
-
-
131. A non-transitory computer-readable storage medium with an executable program stored therein wherein the program instructs a microprocessor to perform the following steps:
-
encrypting data prior to transmission of the data to another program and/or to a data distribution network; decrypting at least some of the data received from the data distribution network using a “
decryption key and/or a decryption methodology”
determined at least in part by a user of the program and/or another user of a similar program connected to the program at least in part by the data distribution network; andpresenting at least some of the decrypted data in a user interface that segments the at least some of the data on the basis of different attributes and/or contexts. - View Dependent Claims (132, 133)
-
-
134. A non-transitory computer-readable storage medium with an executable program stored therein wherein the program instructs a microprocessor to perform the following steps:
-
encrypting data prior to transmission of the data to another program and/or to a data distribution network; decrypting at least some of the data received from a data distribution network using a “
decryption key and/or a decryption methodology”
determined at least in part by a user of the program and/or another user of a similar program connected to the program at least in part by the data distribution network; andpresenting at least some of the decrypted data to a user of the program in a user interface that provides tools with which to create new instances of at least some types of data. - View Dependent Claims (135, 136, 137, 138)
-
-
139. A method of restoring a data sharing system (DSS) encryption and/or decryption key to a first user by a client of the first user, comprising:
-
generating by a DSS computer program operating in the first user'"'"'s client a public encryption key and a complementary private decryption key; transmitting the public encryption key to the DSS client of a second user; receiving from the DSS client of the second user an encrypted copy of the first user'"'"'s encryption and/or decryption key encrypted with the public encryption key of the first user by a client of the second user; and decrypting the encrypted copy of the first user'"'"'s encryption and/or decryption key using the private decryption key to restore the DSS encryption and/or decryption key of the first user. - View Dependent Claims (140, 141, 142, 143)
-
-
144. A method of restoring a data sharing system (DSS) encryption and/or decryption key to a first user by a DSS server, comprising:
-
receiving a public encryption key from a client of the first user; transmitting the public encryption key to a client of a second user, the second user having already agreed to share data with the first user; receiving from the client of the second user an encrypted copy of the first user'"'"'s encryption and/or decryption key encrypted with the public encryption key; and transmitting the encrypted copy to the client of the first user. - View Dependent Claims (145, 146)
-
-
147. A data sharing system (DSS) method, comprising:
-
receiving in a user'"'"'s computing device (UCD) a client; wherein the client was transmitted from a server; wherein the client transmitted from the server and received by the UCD is one of many different clients stored in, or accessible by, the server; wherein each of the different clients which the server was capable of transmitting to the UCD is capable of performing a first set of tasks and/or behaviors; wherein each of the different clients which the server was capable of transmitting to the UCD is capable of performing a unique combination of a second set of tasks and/or behaviors; wherein a server can, at least partially, determine which combination of the second set of tasks and/or behaviors the first user'"'"'s client is able to perform; wherein the server can compare the at least partially determined combination of the second set of tasks and/or behaviors that the user'"'"'s client is able to perform against the expected corresponding at least partial combination of the second set of tasks and/or behaviors which should have been characteristic of the client transmitted to the user by the server; and wherein if the server determines that the at least partially determined combination of the second set of tasks and/or behaviors do not adequately match the expected corresponding at least partial combination of the second set of tasks and/or behaviors, then the server limits the client'"'"'s access to the DSS, blocks the client'"'"'s access to the DSS, or responds in some other useful manner. - View Dependent Claims (148, 149, 150, 151, 152, 153, 154, 155)
-
Specification