METHOD AND SYSTEM FOR PRESERVING PRIVACY AND ACCOUNTABILITY

US 20140304519A1
Filed: 11/07/2012
Published: 10/09/2014
Est. Priority Date: 11/08/2011
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method (4000) on a server computer (1001) for preserving privacy and accountability, comprising:

receiving (4100) from a first client computer (1002) pseudonymous, encrypted data (1101);

storing (4200) the pseudonymous, encrypted data (1101) at the server computer (1001);

receiving (4300) from a second client computer (1003) a data request (1202) for the pseudonymous, encrypted data (1101);

providing (4400) the pseudonymous, encrypted data (1101) to the second client computer (1003) in response (1203) to the data request;

receiving (4500) from the second client computer (1003) a signed key request (1204) for at least one key (1301), wherein the at least one key (1301) to be configured to decrypt the pseudonymous, encrypted data (1101) and wherein the signed key request (1204) comprises a public key (1303-pu) of the second client computer (1003);

receiving (4600) from the first client computer (1002) the at least one key, wherein the at least one key (1301) is encrypted with the public key (1303-pu) of the second client computer (1003); and

providing (4700) the encrypted at least one key to the second client computer (1003) in response to the signed key request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented method, computer program product, server and clients for preserving privacy and accountability. The server receives from a first client computer pseudonymous, encrypted data and stores the pseudonymous, encrypted data. The -server further receives receiving at from a second client computer a data request for the pseudonymous, encrypted data and provides the pseudonymous, encrypted data to the second client computer in response to the data request. The server receives from the second client computer a signed key request for at least one key, wherein the at least one key is configured to decrypt the pseudonymous, encrypted data and wherein the signed key request comprises a public key of the second client computer. The server receives from the first client computer the at least one key, wherein the at least one key is encrypted with the public key of the second client computer and provides the at least one encrypted key to the second client computer in response to the signed key request.

13 Citations

View as Search Results

21 Claims

1. A computer implemented method (4000) on a server computer (1001) for preserving privacy and accountability, comprising:
- receiving (4100) from a first client computer (1002) pseudonymous, encrypted data (1101);
  
  storing (4200) the pseudonymous, encrypted data (1101) at the server computer (1001);
  
  receiving (4300) from a second client computer (1003) a data request (1202) for the pseudonymous, encrypted data (1101);
  
  providing (4400) the pseudonymous, encrypted data (1101) to the second client computer (1003) in response (1203) to the data request;
  
  receiving (4500) from the second client computer (1003) a signed key request (1204) for at least one key (1301), wherein the at least one key (1301) to be configured to decrypt the pseudonymous, encrypted data (1101) and wherein the signed key request (1204) comprises a public key (1303-pu) of the second client computer (1003);
  
  receiving (4600) from the first client computer (1002) the at least one key, wherein the at least one key (1301) is encrypted with the public key (1303-pu) of the second client computer (1003); and
  
  providing (4700) the encrypted at least one key to the second client computer (1003) in response to the signed key request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method (4000) of claim 1, further comprising:
    - receiving (4810) from the second client computer (1003) signed, encrypted transaction data (1102), wherein the transaction data is encrypted with a public key (1302-pu) of the first client computer (1002);
      
      storing (4820) the signed, encrypted transaction data (1102) at the server computer (1001); and
      
      providing (4830) the signed, encrypted transaction data (1102) to the first client computer (1002) on request of the first client computer (1002).
  - 3. The method (4000) of claim 2, wherein the transaction data (1102) comprises a transaction number and a transaction value:
  - 4. The method (4000) of claim 2 or 3, wherein the first client computer (1002) is configured to decrypt the signed, encrypted transaction data (1102) using a private key (1302-pr) which is related to the public key (1302-pu) of the first client computer (1002).
  - 5. The method (4000) of anyone of the claims 2 to 4, wherein the first client computer (1002) is configured to request (4840) a reimbursement from a reimbursement entity (1004) in accordance with the decrypted transaction data (1102a).
  - 6. The method (4000) of anyone of the previous claims, wherein the second client computer is configured to decrypt the at least one encrypted key (1301) by using a private key (1303-pr) which is related to the public key (1303-pu) of the second client computer (1003), and is further configured to decrypt the pseudonymous, encrypted data (1101) by using the at least one decrypted key (1301a).
  - 7. The method (4000) of anyone of the previous claims, wherein the second client computer (1003) requests and receives further pseudonymous, encrypted data provided by the first client computer (1002) while still using the already decrypted at least one key (1301a).
  - 8. The method (4000) of anyone of the previous claims, wherein the at least one key (1301) becomes invalid after a predefined validity interval.
  - 9. The method (4000) of anyone of the claims 1 to 7, wherein the at least one key (1301) becomes invalid upon an invalidation action of the first client computer (1002).
  - 10. The method (4000) of anyone of the previous claims, wherein the pseudonymous, encrypted data (1101) comprises a plurality of data sets (1101-1, 1101-2, 1101-3, 1101-n), each data set (1101-1, 1101-2, 1101-3, 1101-n) being encrypted with a separate key (1301-1, 1301-2, 1301-3, 1301-n).
  - 11. The method (4000) of claim 10, wherein the second client computer (1003) receives only a subset of the plurality of separate keys.
  - 12. The method (4000) of anyone of the previous claims, wherein the pseudonymous, encrypted data (1101) is associated with non-encrypted data (1101-0), wherein the non-encrypted data (1101-0) is configured to categorize or classify the pseudonymous, encrypted data (1101).
  - 13. The method (4000) of anyone of the previous claims, wherein the server computer (1001) is a non-trusted server computer.
  - 14. A computer program product that when loaded into a memory of a computing device and executed by at least one processor of the computing device executes the steps of the computer implemented method according to of anyone of the claims 1 to 13.

15. A server computer (1001) comprising:
- an interface component (1011) configured;
  
  to receive (4100) from a first client computer (1002) pseudonymous, encrypted data (1101) and further;
  
  to receive (4300) from a second client computer (1003) a data request (1202) for the pseudonymous, encrypted data (1101);
  
  to provide (4400) the pseudonymous, encrypted data (1101) to the second client computer (1003) in response (1203) to the data request (1202);
  
  to receive (4500) from the second client computer (1003) a signed key request (1204) for at least one key (1301), wherein the at least one key (1301) is to be configured to decrypt the pseudonymous, encrypted data (1101) and wherein the signed key request (1204) comprises a public key (1303-pu) of the second client computer (1003);
  
  to receive (4600) from the first client computer (1002) the at least one key (1301), wherein the at least one key (1301) is encrypted with the public key (1303-pu) of the second client computer (1003); and
  
  to provide (4700) the at least one encrypted key (1301) to the second client computer (1003) in response (1206) to the signed key request (1204);
  
  anda data storage (1031) component configured to store (4200) the pseudonymous, encrypted data (1101) at the server computer (1001).
- View Dependent Claims (16)
- - 16. The server computer (1001) of claim 15, wherein:
    - the interface component (1011) is further configured;
      
      to receive (4810) from the second client computer (1003) signed, encrypted transaction data (1102), wherein the transaction data is encrypted with a public key (1302-pu) of the first client computer (1002); and
      
      to provide (4830) the signed, encrypted transaction data (1102) to the first client computer (1002);
      
      andthe data storage component (1031) is further configured to store (4820) the signed, encrypted transaction data (1102) at the server computer (1001).

17. A data consumer client computer (1003), comprising:
- an interface component (1013) configured;
  
  to send a data request (1202) for pseudonymous, encrypted data (1101) to a server computer (1001), wherein the pseudonymous, encrypted data (1101) originate from a data producer client computer (1002);
  
  to receive in response (1203) to the data request (1202) the pseudonymous, encrypted data (1101) from the server computer (1001);
  
  to send a signed key request (1204) for at least one key (1301), wherein the at least one key (1301) is to be configured to decrypt the pseudonymous, encrypted data (1101) and wherein the signed key request (1204) comprises a public key (1303-pu) of the data consumer client computer (1003);
  
  to receive in response (1206) to the signed key request (1204) the at least one key (1301) from the server computer, wherein the at least one key is encrypted with the public key (1303-pu) of the data consumer client computer (1003);
  
  anda data processing component (1023) configured;
  
  to decrypt the at least one encrypted key (1301) by using a private key (1303-pr) which is related to the public key (1303-pu) of the data consumer client computer; and
  
  to decrypt the pseudonymous, encrypted data (1101) by using the at least one decrypted key (1301a).
- View Dependent Claims (18)
- - 18. The data consumer client computer (1003) of claim 17, wherein:
    - the interface component (1013) is further configured;
      
      to send signed, encrypted transaction data (1102) to the server (1001); and
      
      the data processing component (1023) is further configured;
      
      to encrypt the transaction data with a public key (1302-pu) of the data producer client computer (1002).

19. A data producer client computer (1002), comprising:
- an interface component (1012) configured;
  
  to send pseudonymous, encrypted data (1001) to a server computer (1001);
  
  to receive from the server computer (1001) a signed key request for at least one key (1301), wherein the at least one key (1301) is to be configured to decrypt the pseudonymous, encrypted data (1101) and wherein the signed key request comprises a public key (1303-pu) of a data consumer client computer (1003); and
  
  to send the at least one key (1301) to the server computer (1001), wherein the at least one key (1301) is encrypted with the public key (1303-pu) of the data consumer client computer (1003);
  
  anda data processing component (1022) configured;
  
  to encrypt the at least one key with the public key (1303-pu) of the data consumer client computer (1003).
- View Dependent Claims (20, 21)
- - 20. The data producer client computer of claim 19, wherein:
    - the interface component (1012) is further configured;
      
      to receive from the server computer (1001) encrypted transaction data (1102), wherein the transaction data (1102) is encrypted with a public key (1302-pu) of the data producer client computer (1002) and wherein the transaction data (1102) is signed by the data consumer client computer (1003); and
      
      the data processing component (1022) is further configured to decrypt the signed, encrypted transaction data (1102) using a private key (1302-pr) which is related to the public key (1302-pu) of the data producer client computer (1002).
  - 21. The data producer client computer of claim 20, wherein:
    - the interface component (1012) is further configured to request (4840) a reimbursement from a reimbursement entity (1004) in accordance with the decrypted transaction data (1102a).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AGT International GMBH
Original Assignee
Ats Group (Ip Holdings) Limited
Inventors
Gorecki, Christian, Zeiger, Florian

Granted Patent

US 9,344,285 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06Q 20/383   Anonymous user system

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 2463/062   applying encryption of the ...

H04L 63/0421   Anonymous communication, i....

H04L 63/045   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3247   involving digital signatures

METHOD AND SYSTEM FOR PRESERVING PRIVACY AND ACCOUNTABILITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR PRESERVING PRIVACY AND ACCOUNTABILITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links