System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data
First Claim
1. A method for providing session protection for user privacy over a network, by means including at least a client and a remote server, wherein a user, using a client application, may submit a request through said client for a specified action to be performed in response to said request by said remote server, said user-submitted request comprising identity information that identifies the user making the request, and action information that specifies the action requested from said remote server by said user, wherein said communications are provided in a secure and anonymous manner in that said action information is submitted to said remote server without revealing said identity information to said remote server, and in that only said client, and not any facility through which said action information or any response thereto passes in the course of being submitted to or received from said remote server, possesses both said identity information and said action information, said system comprising (in addition to said client and remote server):
- (a) separating, within said client application, said identity information and said action information from the user'"'"'s information request, encrypting said action information, and sending said identity information and said action information as so encrypted to an identity server;
(b) transmitting said encrypted action information from said identity server to an action server;
(c) decrypting, within said action server, said action information, transmitting said decrypted action information to said remote server, receiving the remote server'"'"'s response, encrypting said remote server response, and transmitting said encrypted remote server response to said identity server;
(d) receiving, within said identity server said encrypted remote server response from said action server, associating said encrypted remote server response with said identity information and sending said encrypted remote server response to said client application; and
(e) decrypting, within said client application, said remote server response and forwarding said decrypted remote server response to said client for presentation to said user.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides secure and private communication over a network, as well as persistent private storage and private access control to the stored information, which is accomplished by imposing mechanisms that separate a user'"'"'s actions from their identity. The system provides (i) anonymous network browsing, in which event the anonymity system is unaware of both the user'"'"'s identity and browsing activities, (ii) private network storage and retrieval of data such as passwords, profiles and files in a manner such that the data can be stored into the system and later retrieved without the system knowing the contents or owners of the data, and (iii) the ability of the user to control and manage access to the remotely stored data without the system knowing the contents, owners, or accessors of the data.
42 Citations
3 Claims
-
1. A method for providing session protection for user privacy over a network, by means including at least a client and a remote server, wherein a user, using a client application, may submit a request through said client for a specified action to be performed in response to said request by said remote server, said user-submitted request comprising identity information that identifies the user making the request, and action information that specifies the action requested from said remote server by said user, wherein said communications are provided in a secure and anonymous manner in that said action information is submitted to said remote server without revealing said identity information to said remote server, and in that only said client, and not any facility through which said action information or any response thereto passes in the course of being submitted to or received from said remote server, possesses both said identity information and said action information, said system comprising (in addition to said client and remote server):
-
(a) separating, within said client application, said identity information and said action information from the user'"'"'s information request, encrypting said action information, and sending said identity information and said action information as so encrypted to an identity server; (b) transmitting said encrypted action information from said identity server to an action server; (c) decrypting, within said action server, said action information, transmitting said decrypted action information to said remote server, receiving the remote server'"'"'s response, encrypting said remote server response, and transmitting said encrypted remote server response to said identity server; (d) receiving, within said identity server said encrypted remote server response from said action server, associating said encrypted remote server response with said identity information and sending said encrypted remote server response to said client application; and (e) decrypting, within said client application, said remote server response and forwarding said decrypted remote server response to said client for presentation to said user. - View Dependent Claims (2, 3)
-
Specification
-
- Resources
-
Current AssigneePonoi Corporation
-
Original AssigneePonoi Corporation
-
InventorsGoldsmith, Sascha, Savage, Colin, Petro, Christopher
-
Primary Examiner(s)Sheikh; Ayaz
-
Assistant Examiner(s)DOAN, TRANG T
-
Application NumberUS10/695,507Publication NumberTime in Patent Office1,813 DaysField of Search713155-156, 705/74, 709/203, 709/229, 726/6, 726/27US Class Current713/156CPC Class CodesG06F 21/31 User authenticationG06F 21/62 Protecting access to data v...G06F 21/6227 where protection concerns t...G06F 21/78 to assure secure storage of...G06Q 20/383 Anonymous user systemH04L 63/0407 wherein the identity of one...H04L 9/3213 using tickets or tokens, e....H04L 9/3271 using challenge-response
