SYSTEM FOR PROVIDING SESSION-BASED NETWORK PRIVACY, PRIVATE, PERSISTENT STORAGE, AND DISCRETIONARY ACCESS CONTROL FOR SHARING PRIVATE DATA

US 20150333917A1
Filed: 07/24/2015
Published: 11/19/2015
Est. Priority Date: 12/02/1999
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying data to be stored;

generating a first encryption key and a first decryption key;

encrypting the data using the first encryption key;

generating a data object identifier;

generating a challenge public-private key pair for the data;

reading an identifier for an accessing user;

generating a coded user identifier from the user identifier by hashing;

sending the coded user identifier to a server with a request for a message queue public key of the accessing user;

receiving the message queue public key from the server;

creating a message object comprising the data object identifier, the first decryption key, and the private challenge key;

encrypting the message object with the message queue public key;

sending the encrypted message object to a message queue of the server associated with the coded user identifier;

creating a data object using the data object identifier, the encrypted data, and the public challenge key;

sending the data object to the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides secure and private communication over a network, as well as persistent private storage and private access control to the stored information, which is accomplished by imposing mechanisms that separate a user'"'"'s actions from their identity. The system provides (i) anonymous network browsing, in which event the anonymity system is unaware of both the user'"'"'s identity and browsing activities, (ii) private network storage and retrieval of data such as passwords, profiles and files in a manner such that the data can be stored into the system and later retrieved without the system knowing the contents or owners of the data, and (iii) the ability of the user to control and manage access to the remotely stored data without the system knowing the contents, owners, or accessors of the data.

19 Citations

View as Search Results

6 Claims

1. A method comprising:
- identifying data to be stored;
  
  generating a first encryption key and a first decryption key;
  
  encrypting the data using the first encryption key;
  
  generating a data object identifier;
  
  generating a challenge public-private key pair for the data;
  
  reading an identifier for an accessing user;
  
  generating a coded user identifier from the user identifier by hashing;
  
  sending the coded user identifier to a server with a request for a message queue public key of the accessing user;
  
  receiving the message queue public key from the server;
  
  creating a message object comprising the data object identifier, the first decryption key, and the private challenge key;
  
  encrypting the message object with the message queue public key;
  
  sending the encrypted message object to a message queue of the server associated with the coded user identifier;
  
  creating a data object using the data object identifier, the encrypted data, and the public challenge key;
  
  sending the data object to the server.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising:
    - receiving an authentication token;
      
      generating a user object identifier based on the authentication token;
      
      sending the user object identifier and a request for a user object to the server; and
      
      receiving the user object from the server.
  - 3. The method of claim 2, further comprising:
    - requesting the message queue from the server;
      
      reading a message queue decryption key from the user object;
      
      decrypting the message object from the message queue with the message queue decryption key;
      
      reading a data object identifier from the message object;
      
      generating a challenge request;
      
      sending the challenge request and the data object identifier to the server;
      
      receiving an encrypted challenge;
      
      reading the private challenge key from the message object;
      
      decrypting the encrypted challenge using the private challenge key;
      
      sending the decrypted challenge with the data object identifier to the server;
      
      reading the first decryption key from the message object;
      
      receiving encrypted data; and
      
      decrypting the encrypted using the first decryption key.

4. A computer program product for providing private storage of data on a server within a network, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to perform a method comprising:
- identifying data to be stored;
  
  generating a first encryption key and a first decryption key;
  
  encrypting the data using the first encryption key;
  
  generating a data object identifier;
  
  generating a challenge public-private key pair for the data;
  
  reading an identifier for an accessing user;
  
  generating a coded user identifier from the user identifier by hashing;
  
  sending the coded user identifier to a server with a request for a message queue public key of the accessing user;
  
  receiving the message queue public key from the server;
  
  creating a message object comprising the data object identifier, the first decryption key, and the private challenge key;
  
  encrypting the message object with the message queue public key;
  
  sending the encrypted message object to a message queue of the server associated with the coded user identifier;
  
  creating a data object using the data object identifier, the encrypted data, and the public challenge key;
  
  sending the data object to the server.
- View Dependent Claims (5, 6)
- - 5. The computer program product of claim 4, wherein the method further comprises:
    - receiving an authentication token;
      
      generating a user object identifier based on the authentication token;
      
      sending the user object identifier and a request for a user object to the server; and
      
      receiving the user object from the server.
  - 6. The computer program product of claim 5, wherein the method further comprises:
    - requesting the message queue from the server;
      
      reading a message queue decryption key from the user object;
      
      decrypting the message object from the message queue with the message queue decryption key;
      
      reading a data object identifier from the message object;
      
      generating a challenge request;
      
      sending the challenge request and the data object identifier to the server;
      
      receiving an encrypted challenge;
      
      reading the private challenge key from the message object;
      
      decrypting the encrypted challenge using the private challenge key;
      
      sending the decrypted challenge with the data object identifier to the server;
      
      reading the first decryption key from the message object;
      
      receiving encrypted data; and
      
      decrypting the encrypted using the first decryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ponoi Corporation
Original Assignee
Ponoi Corporation
Inventors
Savage, Colin, Petro, Christopher, Goldsmith, Sascha

Granted Patent

US 9,619,632 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/62   Protecting access to data v...

G06F 21/6227   where protection concerns t...

G06F 21/78   to assure secure storage of...

G06Q 20/383   Anonymous user system

H04L 63/0407   wherein the identity of one...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3271   using challenge-response

SYSTEM FOR PROVIDING SESSION-BASED NETWORK PRIVACY, PRIVATE, PERSISTENT STORAGE, AND DISCRETIONARY ACCESS CONTROL FOR SHARING PRIVATE DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR PROVIDING SESSION-BASED NETWORK PRIVACY, PRIVATE, PERSISTENT STORAGE, AND DISCRETIONARY ACCESS CONTROL FOR SHARING PRIVATE DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links