System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data
First Claim
1. A method for providing private storage of data on a server within a network, wherein the storage is persistent, encrypted, and anonymous, to a user having a client computer connected to the network, comprising:
- (a) providing to the user a client application, the client application being configured to;
generate a first encryption key and a first decryption key;
encrypt the data using the first encryption key;
generate a data object identifier;
create a data object comprising the data object identifier and the encrypted data;
write the data object identifier to a user object;
write the first decryption key to the user object;
generate a user object encryption key based on information private to the user and reproducible in future sessions by the user, in a manner such that the private information cannot practicably be derived from the user object encryption key;
encrypt the user object with the user object encryption key;
generate a user object identifier based on information private to the user and reproducible in future sessions by the user, in a manner such that the private information cannot practicably be derived from the user object identifier;
associate the user object identifier with the user object;
send the data object to the server; and
send the user object and user object identifier to the server;
(b) responsive to receiving the data object from the user, storing the data object in a database under the control of the server, using the data object identifier as a locator; and
(c) responsive to receiving the user object from the user, storing the user object in the database, using the user object identifier as a locator.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides secure and private communication over a network, as well as persistent private storage and private access control to the stored information, which is accomplished by imposing mechanisms that separate a user'"'"'s actions from their identity. The system provides (i) anonymous network browsing, in which event the anonymity system is unaware of both the user'"'"'s identity and browsing activities, (ii) private network storage and retrieval of data such as passwords, profiles and files in a manner such that the data can be stored into the system and later retrieved without the system knowing the contents or owners of the data, and (iii) the ability of the user to control and manage access to the remotely stored data without the system knowing the contents, owners, or accessors of the data.
11 Citations
4 Claims
-
1. A method for providing private storage of data on a server within a network, wherein the storage is persistent, encrypted, and anonymous, to a user having a client computer connected to the network, comprising:
-
(a) providing to the user a client application, the client application being configured to; generate a first encryption key and a first decryption key; encrypt the data using the first encryption key; generate a data object identifier; create a data object comprising the data object identifier and the encrypted data; write the data object identifier to a user object; write the first decryption key to the user object; generate a user object encryption key based on information private to the user and reproducible in future sessions by the user, in a manner such that the private information cannot practicably be derived from the user object encryption key; encrypt the user object with the user object encryption key; generate a user object identifier based on information private to the user and reproducible in future sessions by the user, in a manner such that the private information cannot practicably be derived from the user object identifier; associate the user object identifier with the user object; send the data object to the server; and send the user object and user object identifier to the server; (b) responsive to receiving the data object from the user, storing the data object in a database under the control of the server, using the data object identifier as a locator; and (c) responsive to receiving the user object from the user, storing the user object in the database, using the user object identifier as a locator. - View Dependent Claims (2, 3, 4)
-
Specification