Private overlay for information networks

US 9,813,233 B2
Filed: 04/12/2011
Issued: 11/07/2017
Est. Priority Date: 04/13/2010
Status: Active Grant

First Claim

Patent Images

1. A system for protecting privacy of an authorized user of a platform in a network, the system comprising:

a private overlay 10, the private overlay comprising a system for distributing certified public keys in a public key cryptosystem 20; and

a platform 40, the platform operating in a private mode, having a private encryption key, and comprised in authorized user equipment 30,wherein;

the system for distributing certified public keys provides the network and each authorized user with a public encryption key for the network and for each authorized user,the private overlay does not create a location and usage record tied to the authorized user,the network is unable to associate location data for the platform with a specific user when the platform operates in the private mode, andthe network performs private registration, the private registration comprising;

the network periodically transmitting an identical certification message to each authorized user,the network encrypting the certification message that is transmitted to each authorized user using that user'"'"'s public encryption key, andthe platform storing the certification message in a cryptographically secure vault such that the certification message cannot be accessed by an authorized user,wherein;

the platform operating in the private mode enters the private mode by;

appending a random tag to the certification message,signing the certification message having the appended random tag using the platform'"'"'s private key,encrypting the signed certification message having the appended random tag using the network'"'"'s public key, andtransmitting the encrypted, signed certification message having the appended random tag to the network, andthe network uses the appended random tag to address the platform, to track the platform and/or to provide services to the platform.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A private overlay is provided for information networking that puts the user in charge of the user'"'"'s personal information. User identity is separated from a numeric tag that points to the cell in which the user equipment can be paged. The private overlay is created by addition of a registration and certification authority such as Public Key Infrastructure and Certification Authority (PKI). The registration and certification authority provides the network and all subscribers with public encryption keys for the network and the users. Private decryption key are generated and stored locally in a suitable manner. With this addition, a private overlay to the existing cellular, wireless or utility distribution infrastructure can be established for a device that has registered with, e.g., a cellular or wireless network or with a utility distribution system.

28 Citations

View as Search Results

26 Claims

1. A system for protecting privacy of an authorized user of a platform in a network, the system comprising:
- a private overlay 10, the private overlay comprising a system for distributing certified public keys in a public key cryptosystem 20; and
  
  a platform 40, the platform operating in a private mode, having a private encryption key, and comprised in authorized user equipment 30,wherein;
  
  the system for distributing certified public keys provides the network and each authorized user with a public encryption key for the network and for each authorized user,the private overlay does not create a location and usage record tied to the authorized user,the network is unable to associate location data for the platform with a specific user when the platform operates in the private mode, andthe network performs private registration, the private registration comprising;
  
  the network periodically transmitting an identical certification message to each authorized user,the network encrypting the certification message that is transmitted to each authorized user using that user'"'"'s public encryption key, andthe platform storing the certification message in a cryptographically secure vault such that the certification message cannot be accessed by an authorized user,wherein;
  
  the platform operating in the private mode enters the private mode by;
  
  appending a random tag to the certification message,signing the certification message having the appended random tag using the platform'"'"'s private key,encrypting the signed certification message having the appended random tag using the network'"'"'s public key, andtransmitting the encrypted, signed certification message having the appended random tag to the network, andthe network uses the appended random tag to address the platform, to track the platform and/or to provide services to the platform.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system for protecting privacy of claim 1 wherein the user equipment is a cellular or mobile telephone, a computer or a customer data collection system, a utility meter, or a wired terminal.
  - 3. The system for protecting privacy of claim 1 wherein the system for distributing certified public keys is Public Key Infrastructure and Certification Authority (PKI).
  - 4. The system for protecting privacy of claim 1 wherein:
    - the platform is a cellular platform and the network is a cellular network,the platform is a wireless platform and the network is a wireless network, orthe platform is a utility platform or third party data reception and management platform and the network is a communications network that communicates with a customer data collection unit.
  - 5. The system for protecting privacy of claim 1 comprising a cryptographic chip 60, wherein the platform comprises the cryptographic chip and wherein the cryptographic chip is programmed to keep the certification message in the cryptographically secure vault.
  - 6. The system for protecting privacy of claim 5 wherein the cryptographic chip is a Trusted Platform Module (TPM).
  - 7. The system for protecting privacy of claim 5 wherein the cryptographic chip is programmed to support remote attestation, whereby the network remotely determines whether user equipment is authorized.
  - 8. The system for protecting privacy of claim 5 wherein the cryptographic chip is programmed to support remote attestation, whereby the network remotely determines whether user equipment has been cloned.
  - 9. The system for protecting privacy of claim 5 wherein the cryptographic chip is programmed to support remote attestation, whereby the network remotely determines whether user equipment hardware and/or software has been altered.
  - 10. The system for protecting privacy of claim 1 wherein the cryptographically secure vault is a Trusted Platform Module (TPM).

11. A method for protecting privacy of an authorized user of a platform in a network, the method comprising:
- providing a private overlay 10 to the authorized user, the private overlay comprising a system for distributing certified public keys in a public key crypto system 20;
  
  providing a platform 40 to the authorized user, the platform operating in a private mode, having a private encryption key, and comprised in authorized user equipment 30;
  
  the system for distributing certified public keys providing the network and each authorized user with a public encryption key for the network and for each authorized user,wherein;
  
  the private overlay does not create a location and usage record tied to the authorized user,the network is unable to associate location data for the platform with a specific user when the platform operates in the private mode; and
  
  the network performing private registration, the private registration comprising;
  
  the network periodically transmitting an identical certification message to each authorized user,the network encrypting the certification message that is transmitted to each authorized user using that user'"'"'s public encryption key, andthe platform storing the certification message in a cryptographically secure vault such that the certification message cannot be accessed by an authorized user,wherein;
  
  the platform operating in the private mode enters the private mode by;
  
  appending a random tag to the certification message,signing the certification message having the appended random tag using the platform'"'"'s private key,encrypting the signed certification message having the appended random tag using the network'"'"'s public key, andtransmitting the encrypted, signed certification message having the appended random tag to the network, andthe network uses the appended random tag to address the platform, to track the platform and/or to provide services to the platform.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 12. The method of claim 11 wherein the user equipment is a cellular or mobile telephone, a computer or a customer data collection system, a utility meter, or a wired terminal.
  - 13. The method of claim 11 wherein the system for distributing certified public keys is Public Key Infrastructure and Certification Authority (PKI).
  - 14. The method of claim 11 wherein:
    - the platform is a cellular platform and the network is a cellular network,the platform is a wireless platform and the network is a wireless network, orthe platform is a utility platform or third party data reception and management platform and the network is a communications network that communicates with a customer data collection unit.
  - 15. The method of claim 11 wherein the platform comprises a cryptographic chip, and wherein the cryptographic chip is programmed to keep the certification message in the cryptographically secure vault.
  - 16. The method of claim 15 wherein the cryptographic chip is a Trusted Platform Module (TPM).
  - 17. The method of claim 15 wherein the cryptographic chip is programmed to support remote attestation, the method comprising the network remotely determining whether user equipment is authorized.
  - 18. The method of claim 15 wherein the cryptographic chip is programmed to support remote attestation, the method comprising the network remotely determining whether user equipment has been cloned.
  - 19. The method of claim 15 wherein the cryptographic chip is programmed to support remote attestation, the method comprising the network remotely determining whether user equipment hardware and/or software have been altered.
  - 20. The method of claim 11 comprising building a cryptographic chip into the platform, wherein the cryptographic chip is programmed to keep the certification message in the cryptographically secure vault.
  - 21. The method of claim 20 wherein the cryptographic chip is programmed to support remote attestation, the method comprising the network remotely determining whether user equipment is authorized.
  - 22. The method of claim 20 wherein the cryptographic chip is programmed to support remote attestation, the method comprising the network remotely determining whether user equipment has been cloned.
  - 23. The method of claim 20 wherein the cryptographic chip is a Trusted Platform Module (TPM) and wherein the TPM is programmed to support remote attestation, the method comprising the network remotely determining whether user equipment hardware and/or software has been altered.
  - 24. The method of claim 11 wherein the cryptographically secure vault is a Trusted Platform Module (TPM).

25. A method for determining whether user equipment is authorized, wherein the user is a user of a platform in a network, the method comprising:
- providing a private overlay to an authorized user, the private overlay comprising a system for distributing certified public keys in a public key crypto system;
  
  providing a platform to the authorized user, the platform;
  
  comprising a cryptographic chip,operating in a private mode,having a private encryption key, andcomprised in authorized user equipment;
  
  the system for distributing certified public keys providing the network and each authorized user with a public encryption key for the network and for each authorized user,wherein;
  
  the private overlay does not create a location and usage record tied to the authorized user,the network is unable to associate location data for the platform with a specific user when the platform operates in the private mode; and
  
  the network performing private registration, the private registration comprising;
  
  the network periodically transmitting an identical certification message to each authorized user,the network encrypting the certification message that is transmitted to each authorized user using that user'"'"'s public encryption key,the platform storing the certification message in a cryptographically secure vault such that the certification message cannot be accessed by an authorized user; and
  
  the network remotely determining whether the user equipment is authorized,wherein;
  
  the cryptographic chip is programmed to keep the certification message in the cryptographically secure vault, andthe cryptographic chip is programmed to support remote attestation,wherein;
  
  the platform operating in the private mode enters the private mode by;
  
  appending a random tag to the certification message,signing the certification message having the appended random tag using the platform'"'"'s private key,encrypting the signed certification message having the appended random tag using the network'"'"'s public key, andtransmitting the encrypted, signed certification message having the appended random tag to the network, andthe network uses the appended random tag to address the platform, to track the platform and/or to provide services to the platform.
- View Dependent Claims (26)
- - 26. The method of claim 25 wherein the cryptographically secure vault is a Trusted Platform Module (TPM).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cornell University
Original Assignee
Cornell University
Inventors
Wicker, Stephen B.
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Harris, Christopher C

Application Number

US13/641,030
Publication Number

US 20130101117A1
Time in Patent Office

2,401 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/127   Trusted platform modules [TPM]

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/80   Wireless network architectu...

H04L 63/04   for providing a confidentia...

H04L 9/006   involving public key infras...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3263   involving certificates, e.g...

H04W 12/02   Protecting privacy or anony...

H04W 12/04   Key management, e.g. using ...

H04W 8/16   selectively restricting mob...

Private overlay for information networks

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Private overlay for information networks

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links