Private overlay for information networks
First Claim
1. A system for protecting privacy of an authorized user of a platform in a network, the system comprising:
- a private overlay 10, the private overlay comprising a system for distributing certified public keys in a public key cryptosystem 20; and
a platform 40, the platform operating in a private mode, having a private encryption key, and comprised in authorized user equipment 30,wherein;
the system for distributing certified public keys provides the network and each authorized user with a public encryption key for the network and for each authorized user,the private overlay does not create a location and usage record tied to the authorized user,the network is unable to associate location data for the platform with a specific user when the platform operates in the private mode, andthe network performs private registration, the private registration comprising;
the network periodically transmitting an identical certification message to each authorized user,the network encrypting the certification message that is transmitted to each authorized user using that user'"'"'s public encryption key, andthe platform storing the certification message in a cryptographically secure vault such that the certification message cannot be accessed by an authorized user,wherein;
the platform operating in the private mode enters the private mode by;
appending a random tag to the certification message,signing the certification message having the appended random tag using the platform'"'"'s private key,encrypting the signed certification message having the appended random tag using the network'"'"'s public key, andtransmitting the encrypted, signed certification message having the appended random tag to the network, andthe network uses the appended random tag to address the platform, to track the platform and/or to provide services to the platform.
4 Assignments
0 Petitions
Accused Products
Abstract
A private overlay is provided for information networking that puts the user in charge of the user'"'"'s personal information. User identity is separated from a numeric tag that points to the cell in which the user equipment can be paged. The private overlay is created by addition of a registration and certification authority such as Public Key Infrastructure and Certification Authority (PKI). The registration and certification authority provides the network and all subscribers with public encryption keys for the network and the users. Private decryption key are generated and stored locally in a suitable manner. With this addition, a private overlay to the existing cellular, wireless or utility distribution infrastructure can be established for a device that has registered with, e.g., a cellular or wireless network or with a utility distribution system.
28 Citations
26 Claims
-
1. A system for protecting privacy of an authorized user of a platform in a network, the system comprising:
-
a private overlay 10, the private overlay comprising a system for distributing certified public keys in a public key cryptosystem 20; and a platform 40, the platform operating in a private mode, having a private encryption key, and comprised in authorized user equipment 30, wherein; the system for distributing certified public keys provides the network and each authorized user with a public encryption key for the network and for each authorized user, the private overlay does not create a location and usage record tied to the authorized user, the network is unable to associate location data for the platform with a specific user when the platform operates in the private mode, and the network performs private registration, the private registration comprising; the network periodically transmitting an identical certification message to each authorized user, the network encrypting the certification message that is transmitted to each authorized user using that user'"'"'s public encryption key, and the platform storing the certification message in a cryptographically secure vault such that the certification message cannot be accessed by an authorized user, wherein; the platform operating in the private mode enters the private mode by; appending a random tag to the certification message, signing the certification message having the appended random tag using the platform'"'"'s private key, encrypting the signed certification message having the appended random tag using the network'"'"'s public key, and transmitting the encrypted, signed certification message having the appended random tag to the network, and the network uses the appended random tag to address the platform, to track the platform and/or to provide services to the platform. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for protecting privacy of an authorized user of a platform in a network, the method comprising:
-
providing a private overlay 10 to the authorized user, the private overlay comprising a system for distributing certified public keys in a public key crypto system 20; providing a platform 40 to the authorized user, the platform operating in a private mode, having a private encryption key, and comprised in authorized user equipment 30; the system for distributing certified public keys providing the network and each authorized user with a public encryption key for the network and for each authorized user, wherein; the private overlay does not create a location and usage record tied to the authorized user, the network is unable to associate location data for the platform with a specific user when the platform operates in the private mode; and the network performing private registration, the private registration comprising; the network periodically transmitting an identical certification message to each authorized user, the network encrypting the certification message that is transmitted to each authorized user using that user'"'"'s public encryption key, and the platform storing the certification message in a cryptographically secure vault such that the certification message cannot be accessed by an authorized user, wherein; the platform operating in the private mode enters the private mode by; appending a random tag to the certification message, signing the certification message having the appended random tag using the platform'"'"'s private key, encrypting the signed certification message having the appended random tag using the network'"'"'s public key, and transmitting the encrypted, signed certification message having the appended random tag to the network, and the network uses the appended random tag to address the platform, to track the platform and/or to provide services to the platform. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for determining whether user equipment is authorized, wherein the user is a user of a platform in a network, the method comprising:
-
providing a private overlay to an authorized user, the private overlay comprising a system for distributing certified public keys in a public key crypto system; providing a platform to the authorized user, the platform; comprising a cryptographic chip, operating in a private mode, having a private encryption key, and comprised in authorized user equipment; the system for distributing certified public keys providing the network and each authorized user with a public encryption key for the network and for each authorized user, wherein; the private overlay does not create a location and usage record tied to the authorized user, the network is unable to associate location data for the platform with a specific user when the platform operates in the private mode; and the network performing private registration, the private registration comprising; the network periodically transmitting an identical certification message to each authorized user, the network encrypting the certification message that is transmitted to each authorized user using that user'"'"'s public encryption key, the platform storing the certification message in a cryptographically secure vault such that the certification message cannot be accessed by an authorized user; and the network remotely determining whether the user equipment is authorized, wherein; the cryptographic chip is programmed to keep the certification message in the cryptographically secure vault, and the cryptographic chip is programmed to support remote attestation, wherein; the platform operating in the private mode enters the private mode by; appending a random tag to the certification message, signing the certification message having the appended random tag using the platform'"'"'s private key, encrypting the signed certification message having the appended random tag using the network'"'"'s public key, and transmitting the encrypted, signed certification message having the appended random tag to the network, and the network uses the appended random tag to address the platform, to track the platform and/or to provide services to the platform. - View Dependent Claims (26)
-
Specification