PRIVATE DATA SHARING SYSTEM

US 20130318347A1
Filed: 10/11/2011
Published: 11/28/2013
Est. Priority Date: 10/08/2010
Status: Active Grant

First Claim

Patent Images

1. A method by a data sharing system (DSS) server, which is operably connected to a data distribution network (DDN) that includes a first client of a first user, a second client of a second user and a third client of a third user, of facilitating the private sharing of data between the first, second and third client, the method comprising:

receiving via the DDN a first obfuscated data packet (ODP) from the first client;

transmitting via the DDN the first ODP, or a copy thereof, to the second client;

transmitting via the DDN the first ODP, or a copy thereof, to the third client;

receiving via the DDN a second ODP from the second client;

transmitting via the DDN the second ODP, or a copy thereof, to the first client;

transmitting via the DDN the second ODP, or a copy thereof, to the third client;

receiving via the DDN a third ODP from the third client;

transmitting via the DDN the third ODP, or a copy thereof, to the first client;

transmitting via the DDN the third ODP, or a copy thereof, to the second client;

wherein the server lacks the “

value, method and/or program or portion of a program”

(VMP) needed to de-obfuscate the first ODP;

wherein the server lacks the VMP needed to de-obfuscate the second ODP; and

wherein the server lacks the VMP needed to de-obfuscate the third ODP.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A novel architecture for a data sharing system (DSS) is disclosed and seeks to ensure the privacy and security of users'"'"' personal information. In this type of network, a user'"'"'s personally identifiable information is stored and transmitted in an encrypted form, with few exceptions. The only key with which that encrypted data can be decrypted, and thus viewed, remains in the sole possession of the user and the user'"'"'s friends/contacts within the system. This arrangement ensures that a user'"'"'s personally identifiable information cannot be examined by anyone other than the user or his friends/contacts. This arrangement also makes it more difficult for the web site or service hosting the DSS to exploit its users'"'"' personally identifiable information. Such a system facilitates the encryption, storage, exchange and decryption of personal, confidential and/or proprietary data.

259 Citations

155 Claims

1. A method by a data sharing system (DSS) server, which is operably connected to a data distribution network (DDN) that includes a first client of a first user, a second client of a second user and a third client of a third user, of facilitating the private sharing of data between the first, second and third client, the method comprising:
- receiving via the DDN a first obfuscated data packet (ODP) from the first client;
  
  transmitting via the DDN the first ODP, or a copy thereof, to the second client;
  
  transmitting via the DDN the first ODP, or a copy thereof, to the third client;
  
  receiving via the DDN a second ODP from the second client;
  
  transmitting via the DDN the second ODP, or a copy thereof, to the first client;
  
  transmitting via the DDN the second ODP, or a copy thereof, to the third client;
  
  receiving via the DDN a third ODP from the third client;
  
  transmitting via the DDN the third ODP, or a copy thereof, to the first client;
  
  transmitting via the DDN the third ODP, or a copy thereof, to the second client;
  
  wherein the server lacks the “
  
  value, method and/or program or portion of a program”
  
  (VMP) needed to de-obfuscate the first ODP;
  
  wherein the server lacks the VMP needed to de-obfuscate the second ODP; and
  
  wherein the server lacks the VMP needed to de-obfuscate the third ODP.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1 wherein the server transmits the first ODP to the second and third clients as a result of a distribution list attached to, or incorporated within, the first ODP, which specifies the second and third users as intended recipients of the first ODP.
  - 3. The method of claim 1 wherein the server transmits the second ODP to the first and third clients as a result of a distribution list attached to, or incorporated within, the second ODP, which specifies the first and third users as intended recipients of the second ODP.
  - 4. The method of claim 1 wherein the server transmits the third ODP to the first and second clients as a result of a distribution list attached to, or incorporated within, the third ODP, which specifies the first and second users as intended recipients of the third ODP.
  - 5. The method of claim 1 wherein the first ODP is an encrypted data packet.
  - 6. The method of claim 1 wherein the second ODP is an encrypted data packet.
  - 7. The method of claim 1 wherein the third ODP is an encrypted data packet.
  - 8. The method of claim 1 further comprising the server storing a copy of the first ODP.
  - 9. The method of claim 1 further comprising the server storing a copy of the second ODP.
  - 10. The method of claim 1 further comprising the server storing a copy of the third ODP.
  - 11. The method of claim 1 wherein the first ODP contains at least data created, uploaded and/or modified by the first user.
  - 12. The method of claim 1 wherein the second ODP contains at least data created, uploaded and/or modified by the second user.
  - 13. The method of claim 1 wherein the third ODP contains at least data created, uploaded and/or modified by the third user.
  - 14. The method of claim 1 wherein the first ODP contains a decryption VMP of the first user.
  - 15. The method of claim 1 wherein the second ODP contains a decryption VMP of the second user.
  - 16. The method of claim 1 wherein the third ODP contains a decryption VMP of the third user.

17. A data sharing system (DSS) client architecture, comprising:
- a computing device having operatively thereon a DSS client which is initialized by a first user with at least “
  
  a data obfuscation value and/or program or portion of a program”
  
  (DOVP);
  
  wherein the first user'"'"'s client, using a DOVP of the first user, is configured to obfuscate a data file of the first user and to transmit the obfuscated data file (ODF) over a data distribution network for receipt by at least second and third DSS clients, of second and third users, respectively;
  
  wherein the second DSS client is initialized with at least a DOVP of, and by, the second user;
  
  wherein the second client, using a DOVP of the second user, is configured to obfuscate a data file of the second user and to transmit the ODF over a data distribution network for receipt by at least the first and third DSS clients, of the first and third users, respectively;
  
  wherein the third DSS client is initialized with at least a DOVP of, and by, the third user;
  
  wherein the third client, using a DOVP of the third user, is configured to obfuscate a data file of the third user and to transmit the ODF over a data distribution network for receipt by at least the first and second DSS clients, of the first and second users, respectively;
  
  wherein the DOVP of the first user is not the same as the DOVP of the second user;
  
  wherein the DOVP of the first user is not the same as the DOVP of the third user;
  
  wherein the DOVP of the second user is not the same as the DOVP of the third user;
  
  wherein the second DSS client is configured to de-obfuscate the ODF of the first user using “
  
  a data de-obfuscation value and/or program or portion of a program”
  
  (DDVP) which the first user, directly or indirectly, provided to the second user;
  
  wherein the third DSS client is configured to de-obfuscate the ODF of the first user using a DDVP which the first user provided, directly or indirectly, to the third user;
  
  wherein the first DSS client is configured to de-obfuscate the ODF of the second user using a DDVP which the second user, directly or indirectly, provided to the first user;
  
  wherein the third DSS client is configure to de-obfuscate the ODF of the second user using a DDVP which the second user provided, directly or indirectly, to the third user;
  
  wherein the first DSS client is configured to de-obfuscate the ODF of the third user using a DDVP which the third user, directly or indirectly, provided to the first user; and
  
  wherein the second DSS client is configured to de-obfuscate the ODF of the third user using a DDVP which the third user provided, directly or indirectly, to the second user.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 18. The architecture of claim 17 wherein the DOVD of the first user is an alphanumeric character string suitable for use as a symmetric-key-encryption cryptographic key.
  - 19. The architecture of claim 17 wherein the DOVD of the second user is an alphanumeric character string suitable for use as a symmetric-key-encryption cryptographic key.
  - 20. The architecture of claim 17 wherein the DOVD of the third user is an alphanumeric character string suitable for use as a symmetric-key-encryption cryptographic key.
  - 21. The architecture of claim 17 wherein transmissions between the first, second and third DSS clients are via a DSS server.
  - 22. The architecture of claim 17 wherein the ODF of the first user is stored in a DSS server of the data distribution network.
  - 23. The architecture of claim 17 wherein the ODF of the second user is stored in a DSS server of the data distribution network.
  - 24. The architecture of claim 17 wherein the ODF of the third user is stored in a DSS server of the data distribution network.
  - 25. The architecture of claim 17 wherein the DDVP is provided by means of exchanging the DDVP through a DDS server when the version of DDVP sent to, received by, and forwarded by, the DDS server was obfuscated using a DOVP for which the complementary DDVP was neither in the possession of nor accessible by the DSS server.
  - 26. The architecture of claim 17 wherein the DDVP used by the second DSS client to de-obfuscate the ODF received from the first user is stored in a data object within the second DSS client.
  - 27. The architecture of claim 26 wherein the data object is a key locker.
  - 28. The architecture of claim 27 wherein the key locker was retrieved from a DSS server.
  - 29. The architecture of claim 28 wherein the key locker which the second DSS client received from the DSS server was obfuscated using a DOVP for which the complementary DDVP was neither in the possession of nor accessible by the DSS server.
  - 30. The architecture of claim 17 wherein the DDVP used by the third DSS client to de-obfuscate the ODF received from the first user was previously stored in a key locker within the third DSS client.
  - 31. The architecture of claim 30 wherein the key locker used by the third DSS client was retrieved from a DSS server.
  - 32. The architecture of claim 31 wherein the key locker which the third DSS client received from the DSS server was obfuscated using a DOVP for which the complementary DDVP was neither in the possession of nor accessible by the DSS server.
  - 33. The architecture of claim 17 wherein the DDVP used by the first DSS client to de-obfuscate the ODF received from the second user was previously stored in a key locker within the first DSS client.
  - 34. The architecture of claim 33 wherein the key locker used by the first DSS client was retrieved from a DSS server.
  - 35. The architecture of claim 34 wherein the key locker which the first DSS client received from the DSS server was obfuscated using a DOVP for which the complementary DDVP was neither in the possession of nor accessible by the DSS server.

36. A data sharing system (DSS) method, comprising:
- receiving in a DSS server of a data distribution network first and second encrypted data packets, having non-encrypted portions and/or referencing non-encrypted data, from a DSS client of a first user wherein the encrypted data packets are neither decryptable by the DSS server nor by the operators thereof;
  
  storing the encrypted data packets in the DSS server;
  
  determining from at least a portion of the unencrypted portions and/or referenced unencrypted data that a second user and a third user in the DSS are intended recipients of the encrypted data packets;
  
  transmitting an encrypted decryption key received from the DSS client of the first user to the DSS clients of the second and third users, respectively; and
  
  transmitting the first and second encrypted data packets to the DSS client of the second user and the DSS client of the third user via the data distribution network for decryption by the DSS clients of the second and third users using the decryption key transmitted by the first user, following the decryption of that decryption key by the DSS clients of the second and third users, respectively.

37. A data sharing system (DSS) method by a DSS client of a first user, comprising:
- receiving first and second obfuscated data packets from a DSS client of a second user and via a data distribution network;
  
  wherein the first and second obfuscated data packets were obfuscated using at least a first obfuscating algorithm and/or parameter of, and unique to, the second user;
  
  de-obfuscating the first and second obfuscated data packets using at least first de-obfuscating algorithm and/or parameter of the second user, complementary to the first obfuscating algorithm and/or parameter of the second user;
  
  receiving third and fourth obfuscated data packets from a DSS client of a third user and via the data distribution network;
  
  wherein the third and fourth obfuscates data packets were obfuscated using at least a second obfuscating algorithm and/or parameter of, and unique to, the third user; and
  
  de-obfuscating the third and fourth obfuscated data packets using at least a second de-obfuscating algorithm and/or parameter of the third user and unique to the third user, complementary to the second obfuscating algorithm and/or parameter of the third user.
- View Dependent Claims (38, 39, 40, 41, 42)
- - 38. The method of claim 37 wherein the receiving is from a DSS server of the data distribution network.
  - 39. The method of claim 37 further comprising before the de-obfuscating, receiving the first de-obfuscating algorithm and/or parameter of the second user from a key locker of the first user.
  - 40. The method of claim 37 further comprising before the de-obfuscating, receiving the second de-obfuscating algorithm and/or parameter of the third user from a key locker of the first user.
  - 41. The method of claim 37 wherein the decrypting includes the first obfuscated data being a double-obfuscated data, and the decrypting the obfuscated data further includes decrypting using a DSS-server-generated de-obfuscation algorithm and/or parameter.
  - 42. The method of claim 41 further comprising before the decrypting the double-obfuscated data, obtaining the DSS-server-generated de-obfuscation algorithm and/or parameter from a DSS server of the data distribution network.

43. A data sharing system (DSS) client system, comprising:
- a first user'"'"'s client; and
  
  a second user'"'"'s client;
  
  wherein the first user'"'"'s client contains a computing device having operatively thereon a DSS client program;
  
  wherein the first user'"'"'s client stores at least two at least pairs of values, including a first at least pair of values and a second at least pair of values;
  
  wherein the second user'"'"'s client contains a computing device having operatively thereon a DSS client program;
  
  wherein the second user'"'"'s client stores at least two at least pairs of values, including a third at least pair of values and a fourth at least pair of values;
  
  wherein the first user'"'"'s client and the second user'"'"'s client are operably connected by at least one data distribution network;
  
  wherein the first at least pair of values contains a first value which is an identifying value (ID);
  
  wherein the first at least pair of values contains a second value which specifies or references a “
  
  value, method and/or program or portion of a program”
  
  (VMP) which can be used to de-obfuscate a packet of data;
  
  wherein the second at least pair of values contains a third value which is an ID different from the first value;
  
  wherein the second at least pair of values contains a fourth value which specifies or references a VMP which can be used to de-obfuscate a packet of data and specifies or references a different VMP from the one specified by the second value;
  
  wherein the third at least pair of values contains a fifth value which is an ID which is the same as the third value;
  
  wherein the third at least pair of values contains a sixth value which specifies or references a VMP which can be used to de-obfuscate a packet of data and is the same as the VMP specified or referenced by the fourth value;
  
  wherein the fourth at least pair of values contains a seventh value which is an ID which is the same as the first value;
  
  wherein the fourth at least pair of values contains an eighth value which specifies or references a VMP which can be used to de-obfuscate a packet of data and is the same as the VMP specified or referenced by the second value;
  
  wherein the first user'"'"'s client is configured to obfuscate a first data object in such a way that the obfuscated first data object may subsequently be de-obfuscated using the VMP specified or referenced by the second value;
  
  wherein the first user'"'"'s client is configured to associate the first obfuscated data object (ODO) with the first value;
  
  wherein the first user'"'"'s client is configured to transmit the first ODO to the second user'"'"'s client;
  
  wherein the second user'"'"'s client is configured to receive the first ODO;
  
  wherein the second user'"'"'s client is configured to use the seventh value associated with the first ODO to determine that the VMP specified or referenced by the eighth value is required to de-obfuscate the first ODO;
  
  wherein the second user'"'"'s client is configured to retrieve from its stores the VMP specified or referenced by the eighth value;
  
  wherein the second user'"'"'s client is configured to use the VMP specified or referenced by the eighth value to de-obfuscate the first ODO;
  
  wherein the second user'"'"'s client is configured to obfuscate a second data object in such a way that the second data object may subsequently be de-obfuscated using the VMP specified or referenced by the sixth value;
  
  wherein the second user'"'"'s client is configured to associate the second ODO with the fifth value;
  
  wherein the second user'"'"'s client is configured to transmit the second ODO to the first user'"'"'s client;
  
  wherein the first user'"'"'s client is configured to receive the second ODO;
  
  wherein the first user'"'"'s client is configured to use the third value associated with the second ODO to determine that the VMP specified or referenced by the fourth value is required to de-obfuscate the second ODO;
  
  wherein the first user'"'"'s client is configured to retrieve from its stores the VMP specified or referenced by the fourth value; and
  
  wherein the first user'"'"'s client is configured to use the VMP specified or referenced by the fourth value to de-obfuscate the second ODO.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
- - 44. The system of claim 43 wherein the VMP specified or referenced by the second value is used by the first user'"'"'s client to obfuscate the first data object.
  - 45. The system of claim 44 wherein the VMP specified or referenced by the second value is a symmetric-key encryption key.
  - 46. The system of claim 43 wherein the VMP specified or referenced by the sixth value is used by the second user'"'"'s client to obfuscate the second data object.
  - 47. The system of claim 46 wherein the VMP specified or referenced by the sixth value is a symmetric-key encryption key.
  - 48. The system of claim 43 wherein the first user'"'"'s client stores at least a fifth at least pair of values.
  - 49. The system of claim 48 wherein the fifth at least pair of values contains a ninth value which is an ID;
    - and wherein the fifth at least pair of values contains a tenth value which specifies or references a VMP which can be used to obfuscate a packet of data, such that the resulting ODO can be de-obfuscated using the VMP specified or referenced by the second value.
  - 50. The system of claim 49 wherein the VMP specified or referenced by the second value is a public-key-cryptography private decryption key.
  - 51. The system of claim 50 wherein the VMP specified or referenced by the tenth value is a public-key-cryptography public encryption key.
  - 52. The system of claim 43 wherein the at least two at least pairs of values stored in the first user'"'"'s client are stored within a key locker.
  - 53. The system of claim 52 wherein the first user'"'"'s client retrieves the key locker from a DSS server operably connected to the at least one data distribution network.
  - 54. The system of claim 53 wherein the received key locker is obfuscated.
  - 55. The system of claim 54 wherein the first user'"'"'s client uses the VMP specified or referenced by the second value to de-obfuscate the obfuscated key locker.
  - 56. The system of claim 43 wherein the first user'"'"'s client receives the second at least pair of values from the second user'"'"'s client.
  - 57. The system of claim 43 wherein the second user'"'"'s client receives the fourth at least pair of values from the first user'"'"'s client.
  - 58. The system of claim 43 wherein the first user enters the VMP specified or referenced by the second value into the first user'"'"'s client.
  - 59. The system of claim 43 wherein the second user enters the VMP specified or referenced by the sixth value into the second user'"'"'s client.
  - 60. The system of claim 43 wherein the first user'"'"'s client transmits the first ODO to a DSS server, and the DSS server subsequently transmits the first ODO to the second user'"'"'s client.
  - 61. The system of claim 43 wherein the second user'"'"'s client transmits the second ODO to a DSS server, and the DSS server subsequently transmits the second ODO to the first user'"'"'s client.
  - 62. The system of claim 61 wherein the DSS server saves a copy of the first ODO.
  - 63. The system of claim 62 wherein the DSS server saves a copy of the second ODO.
  - 64. The system of claim 43 wherein at least some of the data within the second ODO is proprietary data which includes, but is not limited to:
    - digital movies, videos, photos, screen savers, news reports, financial analyses and/or predictions, financial data, audio files, documents, books, retail products, advise, guidance, other products, other services, and/or other types of data.
  - 65. The system of claim 64 wherein the first user pays at least the second user and/or some other person or company in order to induce the second user to transmit to the first user the second ODO.

66. A data sharing system (DSS) method by a DSS client of a first user wherein the DSS client contains or stores or has access to a first encryption key, and a corresponding first decryption key which may be the same as the first encryption key, with the first encryption key able to be used to encrypt data, comprising:
- generating by the DSS client of the first user a second encryption key, and a corresponding second decryption key which may be the same as the second encryption key, with the second key(s) stored within the DSS client of the first user, and the second encryption key able to be used to encrypt data;
  
  wherein the first and second encryption keys are not the same, and do not possess the same value;
  
  encrypting first and second unencrypted data packets, or copies thereof, using the first encryption key to form first and second encrypted data packets;
  
  encrypting third and fourth unencrypted data packets, or copies thereof, using the second encryption key to form third and fourth encrypted data packets;
  
  making the first decryption key available to the DSS client of a first other user so that the DSS client of the first other user can decrypt the first and second encrypted data packets;
  
  making the second decryption key available to the DSS client of a second other user so that the DSS client of the second other user can decrypt the third and fourth encrypted data packets;
  
  making neither the first decryption key nor the second decryption key available to the DSS client of a third other user so that the DSS client of the third other user is not able to decrypt any of the first, second, third or fourth encrypted data packets.
- View Dependent Claims (67, 68, 69, 70)
- - 67. The method of claim 66 further comprising:
    - generating by the DSS client of the first user a third encryption key, and a corresponding third decryption key which may be the same as the third encryption key, with said third key(s) stored within the DSS client of the first user, in addition to the first and second encryption keys stored therein with the third encryption key able to be used to encrypt data;
      
      wherein the first and second and third encryption keys are all different from one another, and do not possess the same value;
      
      encrypting an unencrypted data packet, or a copy thereof, using the third encryption key to form a third encrypted data packet; and
      
      making the third decryption key available to a first set of users so that the first set of users can decrypt the third encrypted data packet.
  - 68. The method of claim 67 wherein the first set of users is a subset of the first user'"'"'s contacts, with the subset being statically defined, or dynamically defined with respect to a corresponding subset of data types, subset of topical categories and/or an arbitrary distribution modality defined by the first user.
  - 69. The method of claim 68 wherein the third encryption key is a temporally-transient key so that the first user can enforce subscription-based access to any data packets encrypted with it.
  - 70. The method of claim 66 wherein the second key is dynamically defined such that the key can be used only for a limited period of time and subsequently redefined with a new dynamically-defined value whereby any data subsequently encrypted with the new key is unable to be decrypted using only the original second key.

71. A method by a data sharing system (DSS) client of a first user of exchanging decryption keys with a DSS client of a second user over a DSS network, comprising:
- generating a first-user public encryption key and a first-user private decryption key;
  
  sending to the second-user'"'"'s DSS client over the DSS network the first first-user'"'"'s public encryption key;
  
  receiving a second-user personal decryption key, encrypted with the first-user public encryption key, and receiving a second-user public encryption key, from the second-user'"'"'s DSS client; and
  
  decrypting the second-user'"'"'s encrypted personal decryption key using the first-user'"'"'s private decryption key to form a decrypted second-user'"'"'s personal decryption key.
- View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79)
- - 72. The method of claim 71 wherein the receiving is from the DSS server.
  - 73. The method of claim 71 further comprising:
    - after the receiving, adding the decrypted second-user'"'"'s personal decryption key to a first-user'"'"'s key locker to form a modified key locker;
      
      generating an encrypted version of the modified key locker using the first-user'"'"'s personal encryption key to form an encrypted key locker; and
      
      sending the encrypted key locker to the DSS server.
  - 74. The method of claim 73 wherein the generating an encrypted version further includes encrypting the first-user'"'"'s key locker with a DSS locker encryption key to form a doubly-encrypted key locker, and the sending the encrypted key locker includes sending the doubly-encrypted key locker to the DSS server.
  - 75. The method of claim 74 further comprising receiving the DSS locker encryption key from the DSS server before the generating the doubly-encrypted key locker.
  - 76. The method of claim 71 further comprising:
    - encrypting the first-user'"'"'s personal decryption key using the second-user'"'"'s public encryption key to form a first-user'"'"'s encrypted personal decryption key; and
      
      transmitting the first-user'"'"'s encrypted personal decryption key to the second-user'"'"'s client.
  - 77. The method of claim 76 wherein the transmitting the first-user'"'"'s encrypted personal decryption key to the second-user'"'"'s client is via the DSS server.
  - 78. The method of claim 71 wherein the first-user'"'"'s public encryption key and the first-user'"'"'s private decryption key are complementary public-key cryptographic encryption keys, wherein the first-user'"'"'s public encryption key is used to encrypt data, and wherein the first user'"'"'s private decryption key is used to decrypt data encrypted by the first user'"'"'s public encryption key.
  - 79. The method of claim 71 further comprising:
    - before the receiving, sending over the DSS network to the DSS client of the second user an invitation to share data with the first user; and
      
      before the decrypting, receiving over the DSS network an invitation acceptance from the second user'"'"'s DSS client.

80. A data sharing system (DSS) architecture, comprising:
- a DSS server having therein a DSS program which allows a first decryption key of a first DSS client and a second decryption key of a second DSS client to be exchanged between the first and second DSS clients, through the DSS server and through a DSS transmission system in which the DSS server and operators thereof do not have access to the decryption keys and are unable to recover, generate or discern the values of the decryption keys.
- View Dependent Claims (81, 82)
- - 81. The architecture of claim 80 wherein the DSS program is embodied in and runs on a microprocessor of the DSS server.
  - 82. The architecture of claim 80 wherein the DSS transmission system includes the Internet.

83. A data sharing system (DSS) method, comprising:
- receiving in a second user'"'"'s DSS client from a first user'"'"'s DSS client a first user'"'"'s public encryption key;
  
  encrypting in the second user'"'"'s DSS client the second user'"'"'s personal decryption key using the first user'"'"'s public encryption key to generate an encrypted copy of the second user'"'"'s personal decryption key;
  
  generating, using the second user'"'"'s DSS client, a second user'"'"'s public encryption key and private decryption key; and
  
  transmitting the second user'"'"'s encrypted personal decryption key and the second user'"'"'s public encryption key from the second user'"'"'s DSS client to the first user'"'"'s DSS client.
- View Dependent Claims (84, 85, 86)
- - 84. The method of claim 83 further comprising decrypting the second user'"'"'s personal decryption key in the first user'"'"'s computing device using the first user'"'"'s private decryption key.
  - 85. The method of claim 83 wherein the receiving is via a DSS server.
  - 86. The method of claim 83 further comprising adding to a key locker of the first user, using the first user'"'"'s DSS client, the decrypted second user'"'"'s personal decryption key.

87. A data sharing system (DSS) method, comprising:
- transmitting a public encryption key from a first user client DSS program executing on a first user DSS client of a first user via a data distribution network to a second client DSS program executing on a second user DSS client of a second user;
  
  receiving in the first user DSS client from the second user DSS client one or more encrypted personal decryption keys of the second user and a public encryption key of the second user;
  
  using a private decryption key of the first user, decrypting in the first user DSS client the second user'"'"'s public-key encrypted personal decryption key(s);
  
  using the first user'"'"'s DSS client, adding the second user'"'"'s personal decryption key(s) to a key locker of the DSS client of the first user and thereby modifying the key locker;
  
  after the modifying the key locker of the DSS client of the first user, generating using the first user'"'"'s DSS client and the first user'"'"'s personal encryption key, an encrypted version of the modified key locker; and
  
  sending the encrypted modified key locker of the DSS client of the first user from the first user'"'"'s client to a DSS server.
- View Dependent Claims (88, 89, 90, 91, 92, 93, 94, 95)
- - 88. The method of claim 87 further comprising before the sending, encrypting, using the first user'"'"'s DSS client, the modified encrypted key locker with an encryption key provided to the DSS client by a DSS server.
  - 89. The method of claim 87 wherein transmissions from the first user'"'"'s DSS client to the second user'"'"'s DSS client, and from the second user'"'"'s DSS client to the first user'"'"'s DSS client, are made via a DSS server.
  - 90. The method of claim 87 further comprising using the public encryption key from the second user'"'"'s client to encrypt using the first user'"'"'s client and the second user'"'"'s public encryption key, an encrypted copy of one or more of the first user'"'"'s personal decryption keys.
  - 91. The method of claim 90 further comprising transmitting using the first user'"'"'s client the one or more encrypted personal decryption keys of the first user to the second user'"'"'s DSS client.
  - 92. The method of claim 91 further comprising using a private encryption key of the second user, decrypting in the second user DSS client the first user'"'"'s public-key encrypted personal decryption key(s).
  - 93. The method of claim 92 further comprising adding the first user'"'"'s personal decryption key(s) to a key locker of the DSS client of the second user and thereby modifying the key locker.
  - 94. The method of claim 93 further comprising after the modifying the key locker of the DSS client of the second user, generating using the second user'"'"'s DSS client and the second user'"'"'s personal encryption key, an encrypted version of the modified key locker of the DSS client of the second user.
  - 95. The method of claim 94 further comprising sending the encrypted modified key locker of the DSS client of the second user from the second user'"'"'s client to a DSS server.

96. A data sharing system (DSS) method, comprising:
- transmitting a first public obfuscating “
  
  value and/or program or portion of a program”
  
  (VMP) from a first user client DSS program executing on a first user DSS client of a first user via a data distribution network to a second client DSS program executing on a second user DSS client of a second user;
  
  receiving in the first user DSS client from the second user DSS client an obfuscated de-obfuscating VMP of the second user and a second public obfuscating VMP of the second user; and
  
  using a private de-obfuscating VMP of the first user, de-obfuscating in the first user DSS client the second user'"'"'s public-obfuscated de-obfuscating VMP.
- View Dependent Claims (97, 98)
- - 97. The method of claim 96 wherein the first public obfuscating VMP is different from the second public obfuscating VMP.
  - 98. The method of claim 96 wherein:
    - the first public obfuscating VMP of the first user is a public-key cryptographic encryption key of the first user;
      
      the public-obfuscated de-obfuscating VMP of the second user is an encrypted decryption key of the second user;
      
      the second public obfuscating VMP of the second user is a public-key cryptographic public encryption key of the second user;
      
      the private obfuscating VMP of the first user is a public-key cryptographic private decryption key of the first user; and
      
      the de-obfuscating is decrypting.

99. A method for sharing data in a data sharing system (DSS), comprising:
- specifying by a first user obfuscating data and/or functionality which is used by a DSS client to obfuscate data of the first user;
  
  sharing by the first user with a second user in the DSS the de-obfuscating data and/or functionality required to de-obfuscate data which has been obfuscated using the first user'"'"'s obfuscating data and/or functionality via a DSS server in a manner such that neither the DSS server nor operators thereof have access to the de-obfuscating data and/or functionality;
  
  obfuscating, by the first user, data of the first user by using the first user'"'"'s obfuscating data and/or functionality; and
  
  transmitting by the first user the obfuscated data to the DSS server in a manner that obfuscated data can be made available to the second user.
- View Dependent Claims (100, 101, 102)
- - 100. The method of claim 99 wherein the obfuscating data is an encryption key used in relation to a publicly-documented encryption algorithm.
  - 101. The method of claim 99 wherein:
    - the obfuscating is encrypting;
      
      the obfuscated data is encrypted data;
      
      the obfuscating data and/or functionality is an encryption key used in conjunction with a symmetric-key encryption algorithm; and
      
      the de-obfuscating data and/or functionality is a decryption key used in conjunction with a symmetric-key encryption algorithm, and shares the same value as the corresponding encryption key.
  - 102. The method of claim 99 wherein:
    - the sharing by the first user with a second user is sharing by the DSS client of the first user with the DSS client of the second user;
      
      obfuscating, by the first user, is obfuscating by the DSS client of the first user; and
      
      ,transmitting by the first user is transmitting by the DSS client of the first user.

103. A data sharing system (DSS) key locker, comprising:
- a data object of a first user and in a DSS client of the user;
  
  the data object including at least a pair of data values;
  
  the at least pair of data values including a first value which is an identifier of an encryption key and/or a decryption key of the first user or another user and a second value which is an encryption key and/or a decryption key, respectively, of the first user or other user, respectively; and
  
  wherein the data object is in an encrypted format and is decryptable at least in part by the DSS client and using at least in part at least one of the user'"'"'s decryption keys.
- View Dependent Claims (104, 105, 106, 107)
- - 104. The key locker of claim 103 wherein:
    - the first user or another user is a first user, the data object defines a first data object and the at least pair of data values defines a first at least pair of data values;
      
      the data object includes a second at least pair of data values; and
      
      the second at least pair includes a third value which is an identifier of a decryption key supplied to the first user by a second user and a fourth value which is a decryption key of the second user.
  - 105. The key locker of claim 103 wherein the data object is in a doubly-encrypted format and is decryptable at least in part by the DSS client and using at least one of the user'"'"'s decryption keys and using a DSS decryption key.
  - 106. The key locker of claim 105 wherein the DSS client obtains the DSS decryption key from a DSS server.
  - 107. The key locker of claim 105 wherein the DSS decryption key is unique to the user.

108. A data sharing system (DSS) method, comprising:
- receiving in a DSS client a user'"'"'s encrypted key locker from a DSS server;
  
  the key locker being encrypted with a key which is neither known by nor available to the DSS server;
  
  decrypting a user'"'"'s encrypted key locker using a user'"'"'s decryption key;
  
  the user decryption key having been entered in to the DSS client;
  
  receiving at least a subset of the user'"'"'s encrypted data files from the DSS server and/or at least a subset of one or more other users'"'"' encrypted data files from the DSS server; and
  
  decrypting the requested data file or files using, at least in part, a decryption key obtained by the DSS client directly from the user and/or a decryption key obtained from the decrypted key locker.
- View Dependent Claims (109, 110, 111, 112, 113, 114, 115, 116)
- - 109. The method of claim 108 further comprising:
    - encrypting new or modified user content with at least one of the user'"'"'s encryption keys; and
      
      transmitting at least one encrypted data file to the DSS server.
  - 110. The method of claim 108 further comprising:
    - facilitating the user'"'"'s access to, examination of, and/or editing of, data files stored in an encrypted form in the DSS server, and facilitating the user'"'"'s creation and/or uploading of data, and the storing of encrypted versions of the data.
  - 111. The method of claim 110 wherein the facilitating includes reading, viewing, listening to, editing, creating and/or modifying.
  - 112. The method of claim 108 wherein the requesting, decrypting, encrypting and transmitting steps are conducted on a DSS program executing on the DSS client of the user.
  - 113. The method of claim 108 further comprising:
    - composing a user interface populated with appropriate user data, the user interface including modules useful to the facilitation of a user'"'"'s viewing, reading, watching, listening to and/or otherwise experiencing user data.
  - 114. The method of claim 113 wherein the user data is obtained by the DSS client at least in part through the decrypting of the requested data file or files.
  - 115. The method of claim 108 wherein the entered user decryption key is automatically loaded into the user'"'"'s DSS client by the client.
  - 116. The method of claim 115 wherein the loaded user decryption key is loaded from a file of digital data stored in, or accessible by, the user'"'"'s computing device.

117. A data sharing system (DSS) method, comprising:
- receiving into a client of a user an encrypted data file of the user from a data distribution network;
  
  the encrypted data file including one or more at least pairs of data values;
  
  each of the at least pairs of data values including at least a first value which is an identifier and at least a second value which is an encryption key and/or a decryption key;
  
  at least partially decrypting the data file in the client using the decryption key of the user; and
  
  the decrypting does not allow the decrypted user encryption keys and/or decryption keys to leave the client of the user, nor to be known to the user.
- View Dependent Claims (118, 119, 120, 121, 122, 123, 124, 125)
- - 118. The method of claim 117 wherein the receiving is from a DSS server of the data distribution network.
  - 119. The method of claim 117 wherein the decryption key of the user is specified at least in part by the user.
  - 120. The method of claim 117 wherein the decrypted encryption key and/or decryption key is specified at least in part by a user of the DSS.
  - 121. The method of claim 117 wherein the decrypted encryption key and/or decryption key is a derivative of a key specified at least in part by a user of the DSS or a subordinate key.
  - 122. The method of claim 117 wherein the decrypted user encryption key and/or decryption key is randomly generated.
  - 123. The method of claim 117 further comprising positioning in a key locker of the keys of the user and/or the keys of other users.
  - 124. The method of claim 117 further comprising positioning in a key locker of the user keys of the user each of which defines, by means of its distribution to potential recipients of the user'"'"'s data, a distribution list of users.
  - 125. The method of claim 124 wherein at least some of the keys were generated automatically and randomly.

126. A non-transitory computer-readable storage medium with an executable program stored therein wherein the program instructs a microprocessor to perform the following steps:
- encrypting data prior to transmission of the data to another program and/or to a data distribution network;
  
  decrypting at least some of the data received from a data distribution network using a “
  
  decryption key and/or a decryption methodology”
  
  determined at least in part by a user of the program and/or another user of a similar program connected to the program by the data distribution network; and
  
  sharing of data between, among and by at least three users of three different instances of the program operating on three different computing devices;
  
  wherein each user'"'"'s key used for both encryption and decryption, and/or pair of complementary encryption and decryption keys, is different from the key or keys of the other at least two users, thereby requiring each user to possess a different at east one decryption key for each other user in order to decrypt the data received from each other user.
- View Dependent Claims (127, 128)
- - 127. The storage medium of claim 126 wherein the at least three users of instances of the program include:
    - a first user client which has a first decryption key and a different second decryption key;
      
      a second user client which has a copy of the first decryption key and which does not have a copy of the second decryption key; and
      
      a third user client which has a copy of the second decryption key and which does not have a copy of the first decryption key.
  - 128. The storage medium of claim 126 wherein the storage medium is a hard drive, disk drive or other non-volatile memory device positioned in a private data sharing system server.

129. A non-transitory computer-readable storage medium with an executable program stored therein wherein the program instructs a microprocessor to perform the following steps:
- a data sharing system (DSS) server transmitting to a first user'"'"'s computing device a DSS computer program (DSS_CP) which requests the first user to enter at least his personal decryption key;
  
  after receiving the first user'"'"'s personal decryption key, the server transmitting the first user'"'"'s encryption-key-encrypted key locker to the DSS_CP of the first user;
  
  after receiving the encrypted key locker, the DSS_CP decrypting the key locker using a decryption key of the first user to restore a decryption key of a second user with which the first user has agreed to share data contained therein;
  
  the DSS_CP decrypting data of the second user using the second user'"'"'s decryption key; and
  
  the DSS_CP making the decrypted second-user data available to the first user.
- View Dependent Claims (130)
- - 130. The storage medium of claim 129 wherein the storage medium is a hard drive, disk drive or other non-volatile memory device positioned in the DSS server.

131. A non-transitory computer-readable storage medium with an executable program stored therein wherein the program instructs a microprocessor to perform the following steps:
- encrypting data prior to transmission of the data to another program and/or to a data distribution network;
  
  decrypting at least some of the data received from the data distribution network using a “
  
  decryption key and/or a decryption methodology”
  
  determined at least in part by a user of the program and/or another user of a similar program connected to the program at least in part by the data distribution network; and
  
  presenting at least some of the decrypted data in a user interface that segments the at least some of the data on the basis of different attributes and/or contexts.
- View Dependent Claims (132, 133)
- - 132. The storage medium of claim 131 wherein the different attributes and/or contexts include data related to photos, data related to comments, and/or data related to a particular subset of users.
  - 133. The storage medium of claim 131 wherein the storage medium is a hard drive, disk drive or other non-volatile memory device positioned in a private data sharing system server of the data distribution network.

134. A non-transitory computer-readable storage medium with an executable program stored therein wherein the program instructs a microprocessor to perform the following steps:
- encrypting data prior to transmission of the data to another program and/or to a data distribution network;
  
  decrypting at least some of the data received from a data distribution network using a “
  
  decryption key and/or a decryption methodology”
  
  determined at least in part by a user of the program and/or another user of a similar program connected to the program at least in part by the data distribution network; and
  
  presenting at least some of the decrypted data to a user of the program in a user interface that provides tools with which to create new instances of at least some types of data.
- View Dependent Claims (135, 136, 137, 138)
- - 135. The storage medium of claim 134 wherein the new instances of at least some types of data include documents, comments, photos from a webcam, video recordings from a webcam and/or audio recordings from a microphone.
  - 136. The storage medium of claim 134 wherein the new instances of at least some types of data include data resulting from the editing of at least some types of data, e.g. changing text;
    - identifying people in photos with metadata;
      
      cropping, sizing, rotating, and/or enhancing photos and/or annotating videos.
  - 137. The storage medium of claim 136 wherein the editing of at least some types of data includes changing text.
  - 138. The storage medium of claim 134 wherein the storage medium is a hard drive, disk drive or other non-volatile memory device positioned in a private data sharing system server of the data distribution network.

139. A method of restoring a data sharing system (DSS) encryption and/or decryption key to a first user by a client of the first user, comprising:
- generating by a DSS computer program operating in the first user'"'"'s client a public encryption key and a complementary private decryption key;
  
  transmitting the public encryption key to the DSS client of a second user;
  
  receiving from the DSS client of the second user an encrypted copy of the first user'"'"'s encryption and/or decryption key encrypted with the public encryption key of the first user by a client of the second user; and
  
  decrypting the encrypted copy of the first user'"'"'s encryption and/or decryption key using the private decryption key to restore the DSS encryption and/or decryption key of the first user.
- View Dependent Claims (140, 141, 142, 143)
- - 140. The method of claim 139 wherein the second user is a registered contact of the first user in that the second user has agreed to share data with the first user.
  - 141. The method of claim 139 further comprising:
    - before the generating, sending a key restoration request to the DSS server.
  - 142. The method of claim 139 wherein the public encryption key is first transmitted to a DSS server, which server subsequently transmits the public encryption key to the DSS client of the second user.
  - 143. The method of claim 142 wherein the public-key encrypted first user'"'"'s encryption and/or decryption key received by the DSS client of the first user is transmitted by a DSS server.

144. A method of restoring a data sharing system (DSS) encryption and/or decryption key to a first user by a DSS server, comprising:
- receiving a public encryption key from a client of the first user;
  
  transmitting the public encryption key to a client of a second user, the second user having already agreed to share data with the first user;
  
  receiving from the client of the second user an encrypted copy of the first user'"'"'s encryption and/or decryption key encrypted with the public encryption key; and
  
  transmitting the encrypted copy to the client of the first user.
- View Dependent Claims (145, 146)
- - 145. The method of claim 144 further comprising:
    - before the receiving, obtaining a key restoration request.
  - 146. The method of claim 145 wherein the key restoration request is generated after receiving key restoration approval from at least one other user of the DSS.

147. A data sharing system (DSS) method, comprising:
- receiving in a user'"'"'s computing device (UCD) a client;
  
  wherein the client was transmitted from a server;
  
  wherein the client transmitted from the server and received by the UCD is one of many different clients stored in, or accessible by, the server;
  
  wherein each of the different clients which the server was capable of transmitting to the UCD is capable of performing a first set of tasks and/or behaviors;
  
  wherein each of the different clients which the server was capable of transmitting to the UCD is capable of performing a unique combination of a second set of tasks and/or behaviors;
  
  wherein a server can, at least partially, determine which combination of the second set of tasks and/or behaviors the first user'"'"'s client is able to perform;
  
  wherein the server can compare the at least partially determined combination of the second set of tasks and/or behaviors that the user'"'"'s client is able to perform against the expected corresponding at least partial combination of the second set of tasks and/or behaviors which should have been characteristic of the client transmitted to the user by the server; and
  
  wherein if the server determines that the at least partially determined combination of the second set of tasks and/or behaviors do not adequately match the expected corresponding at least partial combination of the second set of tasks and/or behaviors, then the server limits the client'"'"'s access to the DSS, blocks the client'"'"'s access to the DSS, or responds in some other useful manner.
- View Dependent Claims (148, 149, 150, 151, 152, 153, 154, 155)
- - 148. The method of claim 147 wherein the client which the server transmits to the UCD of the first user is randomly selected and/or randomly configured from among the possible different variations of clients which may be so transmitted.
  - 149. The method of claim 147 wherein the second set of tasks and/or behaviors includes at least one of:
    - responding to specific queries received from the server with specific responses;
      
      incorporating specific values within the set(s) of attributes associated with data packets transmitted to the server by the client;
      
      determining a value derived from the computer codes of the client wherein the starting and ending locations which define the range of computer codes over which the value is calculated are specified dynamically by the server with respect to each such query which it transmits to the client; and
      
      formatting data transmitted to the server in a variety of distinctive ways (such as through the inclusion or omission of unnecessary data-packet attributes and/or through a distinctive ordering of such data-packet attributes).
  - 150. The method of claim 149 wherein the value is a “
    - cyclic redundancy check”
      
      performed by the client over a segment of the client'"'"'s computer codes (i.e. the digital values incorporated within, and defining, the executable file which determines the size, operation, and other characteristics of the client program).
  - 151. The method of claim 147 wherein the client operates for at most a limited duration after which the user is forced to obtain a new client from the server in order to re-connect with the DSS.
  - 152. The method of claim 147 wherein the client terminates its connection to the DSS after a statically-determined period of time, thereafter requiring that the user obtain a new client from the server in order to re-connect with the DSS.
  - 153. The method of claim 147 wherein the client terminates its connection to the DSS after a dynamically-determined period of time, thereafter requiring that the user obtain a new client from the server in order to re-connect with the DSS.
  - 154. The method of claim 153 wherein the dynamically-determined period of time is specified by the server at the time the client is transmitted to the UCD.
  - 155. The method of claim 153 wherein the dynamically-determined period of time is specified by the server during the period during which the client is connected to the DSS.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Brian Lee Moffat
Original Assignee
Brian Lee Moffat
Inventors
Moffat, Brian Lee

Granted Patent

US 9,015,281 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 50/01   Social networking

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 2209/60   Digital content management,...

H04L 51/066   Format adaptation, e.g. for...

H04L 51/212   using filtering or selectiv...

H04L 51/52   for supporting social netwo...

H04L 63/0421   Anonymous communication, i....

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/065   for group communications cr...

H04L 63/08   for authentication of entit...

H04L 67/303   Terminal profiles

H04L 67/306   User profiles

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

PRIVATE DATA SHARING SYSTEM

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

259 Citations

155 Claims

Specification

Use Cases

Quick Links

Others

PRIVATE DATA SHARING SYSTEM

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

259 Citations

155 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others