ZERO-KNOWLEDGE ENVIRONMENT BASED SOCIAL NETWORKING ENGINE

US 20180183595A1
Filed: 02/21/2018
Published: 06/28/2018
Est. Priority Date: 08/12/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method performed by a network engine comprising:

receiving, at the network engine and from a first application instance installed at a first communication device that is associated with a first software container related to a first user identity, data indicating a request for healthcare related network data relating to a second user identity included in a second software container, wherein each of the first software container and the second software container is an independent server virtualization instance stored at the network engine that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance, and wherein the request comprises at least (i) a first network address uniquely identifying the first software container, and (ii) a second network address uniquely identifying the second software container;

accessing configuration data that specifies pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers, wherein the pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers are specified by data received at the network engine from a second application instance installed at a second communication device that is associated with the second software container, and wherein the pre-determined publish-and-subscribe relationships indicate one or more software containers that are permitted to receive healthcare related network data relating to the second user identity included in the second software container or one or more software containers that are permitted to transmit healthcare related network data relating to user identities to the second software container;

determining that the configuration data specifies a pre-determined publish-and-subscribe relationship between the second software container and the first software container that permits healthcare related network data relating to the second user identity included in the second software container to be transmitted to the first software container;

identifying, at a key management module and from a set of encryption key pairs that each correspond to a different pre-determined publish-and-subscribe relationship between software containers, an encryption key pair corresponding to the pre-determined publish-and-subscribe relationship between the second software container and the first software container;

providing, from the key management module, (i) a first key of the encryption key pair to the first application instance and (ii) a second key of the encryption key pair to the second application instance;

receiving, at the network engine and from the second application instance, encrypted healthcare related network data corresponding to the healthcare related network data relating to the second user identity included in the second software container that has been encrypted using the second key of the encryption key pair; and

in response to receiving the encrypted healthcare related network data, transmitting the encrypted healthcare related network data to the first software container.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus are described providing social networking engines. Specifically, the present specification relates to a method for implementing software containers implementing social network engines that may be configured to act in a zero-knowledge environment. In such implementations, all information pertaining to the social network engine associated with a user that is stored in the container is solely that of a user unless explicitly shared by the user. In some implementations, the containers may be configured to participate in a publish-and-subscribe network in order to share information. In addition, the containers may be provisioned with controls so that global operators may comply with local privacy rules.

7 Citations

20 Claims

1. A computer-implemented method performed by a network engine comprising:
- receiving, at the network engine and from a first application instance installed at a first communication device that is associated with a first software container related to a first user identity, data indicating a request for healthcare related network data relating to a second user identity included in a second software container, wherein each of the first software container and the second software container is an independent server virtualization instance stored at the network engine that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance, and wherein the request comprises at least (i) a first network address uniquely identifying the first software container, and (ii) a second network address uniquely identifying the second software container;
  
  accessing configuration data that specifies pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers, wherein the pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers are specified by data received at the network engine from a second application instance installed at a second communication device that is associated with the second software container, and wherein the pre-determined publish-and-subscribe relationships indicate one or more software containers that are permitted to receive healthcare related network data relating to the second user identity included in the second software container or one or more software containers that are permitted to transmit healthcare related network data relating to user identities to the second software container;
  
  determining that the configuration data specifies a pre-determined publish-and-subscribe relationship between the second software container and the first software container that permits healthcare related network data relating to the second user identity included in the second software container to be transmitted to the first software container;
  
  identifying, at a key management module and from a set of encryption key pairs that each correspond to a different pre-determined publish-and-subscribe relationship between software containers, an encryption key pair corresponding to the pre-determined publish-and-subscribe relationship between the second software container and the first software container;
  
  providing, from the key management module, (i) a first key of the encryption key pair to the first application instance and (ii) a second key of the encryption key pair to the second application instance;
  
  receiving, at the network engine and from the second application instance, encrypted healthcare related network data corresponding to the healthcare related network data relating to the second user identity included in the second software container that has been encrypted using the second key of the encryption key pair; and
  
  in response to receiving the encrypted healthcare related network data, transmitting the encrypted healthcare related network data to the first software container.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, comprising:
    - receiving, at the network engine and from the second application instance, data indicating a request for the second network address uniquely identifying the second software container, wherein the request includes network authorization information corresponding to the second user identity;
      
      authorizing the second communication device to add healthcare related network data relating to the second user identity to the second software container based at least on the network authorization information corresponding to the second user identity;
      
      based on authorizing the second communication device to add healthcare related network data relating to the second user identity to the second software container, transmitting, to the second communication device, information indicating the second network address uniquely identifying the second software container;
      
      receiving, from the second application instance, healthcare related network data and information specifying the second network address uniquely identifying the second software container; and
      
      storing, as the healthcare related network data relating to the second user identity included in the second software container and based at least on authorizing the second communication device to add healthcare related network data relating to the second user identity to the second software container and receiving the information specifying the second network address uniquely identifying the second software container, the healthcare related network data received from the second application instance installed in the second software container.
  - 3. The computer-implemented method of claim 1, comprising:
    - determining, based on the configuration data, that the healthcare related network data relating to the second user identity included in the second software container is included among published healthcare related network data relating to the second user identity included in the second software container, wherein including healthcare related network data relating to the second user identity among published healthcare related network data relating to the second user identity in the second software container enables one or more other software containers that subscribe to the published healthcare related network data relating to the second user identity included in the second software container to access the published healthcare related network data relating to the second user identity included in the second software container;
      
      accessing second configuration data that specifies pre-determined publish-and-subscribe relationships between the first software container and one or more other software containers, wherein the pre-determined publish-and-subscribe relationships between the first software container and one or more other software containers are specified by data received at the network engine from the first application instance installed at the first communication device, and wherein the pre-determined publish-and-subscribe relationships indicate one or more software containers that are permitted to receive healthcare related network data relating to the first user identity included in the first software container or one or more software containers that are permitted to transmit healthcare related network data relating to user identities to the first software container;
      
      determining, based on the second configuration data, that the first software container subscribes to the published healthcare related network data relating to the second user identity included in the second software container, wherein the first software container subscribing to the published healthcare related network data relating to the second user identity included in the second software container enables the first software container to access the published healthcare related network data relating to the second user identity included in the second software container; and
      
      transmitting the encrypted healthcare related network data to the first software container based at least on determining that the healthcare related network data relating to the second user identity included in the second software container is included among published healthcare related network data relating to the second user identity included in the second software container, and determining that the first software container subscribes to the published healthcare related network data relating to the second user identity included in the second software container.
  - 4. The computer-implemented method of claim 1, wherein each of the first software container and the second software container is associated with controls that permit access to healthcare related network data relating to an user identity included in the software container according to privacy rules.
  - 5. The computer-implemented method of claim 1, wherein the second software container includes healthcare related network data relating to two or more different networks.
  - 6. The computer-implemented method of claim 1, wherein the first application instance installed at the first communication device is a network application instance installed at the first communication device, wherein the network application instance is associated with the network engine.
  - 7. The computer-implemented method of claim 1, wherein the healthcare related network data relating to the second user identity included in the second software container is provided for output at a display of the first communication device.
  - 8. The computer-implemented method of claim 1, wherein the first network address uniquely identifying the first software container is a first IPv6 or DNS address that points to the first software container and that does not point to any additional software containers, and the second network address uniquely identifying the second software container is a second IPv6 or DNS address that points to the second software container and that does not point to any additional software containers.
  - 9. The computer-implemented method of claim 1, the encrypted healthcare related network data is decrypted using the first key of the encryption key pair.
  - 10. The computer-implemented method of claim 1, wherein the configuration data is included in the second software container.
  - 11. The computer-implemented method of claim 1, wherein the healthcare related network data includes protected health information that is regulated by the Health Insurance Portability and Accountability Act of 1996.

12. A system for exchanging healthcare related network data, the system comprising:
- one or more processors and one or more memories storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising;
  
  receiving, at the network engine and from a first application instance installed at a first communication device that is associated with a first software container related to a first user identity, data indicating a request for healthcare related network data relating to a second user identity included in a second software container, wherein each of the first software container and the second software container is an independent server virtualization instance stored at the network engine that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance, and wherein the request comprises at least (i) a first network address uniquely identifying the first software container, and (ii) a second network address uniquely identifying the second software container;
  
  accessing configuration data that specifies pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers, wherein the pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers are specified by data received at the network engine from a second application instance installed at a second communication device that is associated with the second software container, and wherein the pre-determined publish-and-subscribe relationships indicate one or more software containers that are permitted to receive healthcare related network data relating to the second user identity included in the second software container or one or more software containers that are permitted to transmit healthcare related network data relating to user identities to the second software container;
  
  determining that the configuration data specifies a pre-determined publish-and-subscribe relationship between the second software container and the first software container that permits healthcare related network data relating to the second user identity included in the second software container to be transmitted to the first software container;
  
  identifying, at a key management module and from a set of encryption key pairs that each correspond to a different pre-determined publish-and-subscribe relationship between software containers, an encryption key pair corresponding to the pre-determined publish-and-subscribe relationship between the second software container and the first software container;
  
  providing, from the key management module, (i) a first key of the encryption key pair to the first application instance and (ii) a second key of the encryption key pair to the second application instance;
  
  receiving, at the network engine and from the second application instance, encrypted healthcare related network data corresponding to the healthcare related network data relating to the second user identity included in the second software container that has been encrypted using the second key of the encryption key pair; and
  
  in response to receiving the encrypted healthcare related network data, transmitting the encrypted healthcare related network data to the first software container.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the operations comprise:
    - receiving, at the network engine and from the second application instance, data indicating a request for the second network address uniquely identifying the second software container, wherein the request includes network authorization information corresponding to the second user identity;
      
      authorizing the second communication device to add healthcare related network data relating to the second user identity to the second software container based at least on the network authorization information corresponding to the second user identity;
      
      based on authorizing the second communication device to add healthcare related network data relating to the second user identity to the second software container, transmitting, to the second communication device, information indicating the second network address uniquely identifying the second software container;
      
      receiving, from the second application instance, healthcare related network data and information specifying the second network address uniquely identifying the second software container; and
      
      storing, as the healthcare related network data relating to the second user identity included in the second software container and based at least on authorizing the second communication device to add healthcare related network data relating to the second user identity to the second software container and receiving the information specifying the second network address uniquely identifying the second software container, the healthcare related network data received from the second application instance installed in the second software container.
  - 14. The system of claim 12, wherein in the operations comprise:
    - determining, based on the configuration data, that the healthcare related network data relating to the second user identity included in the second software container is included among published healthcare related network data relating to the second user identity included in the second software container, wherein including healthcare related network data relating to the second user identity among published healthcare related network data relating to the second user identity in the second software container enables one or more other software containers that subscribe to the published healthcare related network data relating to the second user identity included in the second software container to access the published healthcare related network data relating to the second user identity included in the second software container;
      
      accessing second configuration data that specifies pre-determined publish-and-subscribe relationships between the first software container and one or more other software containers, wherein the pre-determined publish-and-subscribe relationships between the first software container and one or more other software containers are specified by data received at the network engine from the first application instance installed at the first communication device, and wherein the pre-determined publish-and-subscribe relationships indicate one or more software containers that are permitted to receive healthcare related network data relating to the first user identity included in the first software container or one or more software containers that are permitted to transmit healthcare related network data relating to user identities to the first software container;
      
      determining, based on the second configuration data, that the first software container subscribes to the published healthcare related network data relating to the second user identity included in the second software container, wherein the first software container subscribing to the published healthcare related network data relating to the second user identity included in the second software container enables the first software container to access the published healthcare related network data relating to the second user identity included in the second software container; and
      
      transmitting the encrypted healthcare related network data to the first software container based at least on determining that the healthcare related network data relating to the second user identity included in the second software container is included among published healthcare related network data relating to the second user identity included in the second software container, and determining that the first software container subscribes to the published healthcare related network data relating to the second user identity included in the second software container.
  - 15. The system of claim 12, wherein each of the first software container and the second software container is associated with controls that permit access to healthcare related network data relating to an user identity included in the software container according to privacy rules.
  - 16. The system of claim 12, wherein the second software container includes healthcare related network data relating to two or more different networks.
  - 17. The system of claim 12, wherein the first application instance installed at the first communication device is a network application instance installed at the first communication device, wherein the network application instance is associated with the network engine.
  - 18. The system of claim 12, wherein the healthcare related network data relating to the second user identity included in the second software container is provided for output at a display of the first communication device.
  - 19. The system of claim 12, wherein the first network address uniquely identifying the first software container is a first IPv6 or DNS address that points to the first software container and that does not point to any additional software containers, and the second network address uniquely identifying the second software container is a second IPv6 or DNS address that points to the second software container and that does not point to any additional software containers.

20. A non-transitory computer-readable storage medium encoded with a computer program for exchanging healthcare related network data, the computer program comprising instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising:
- receiving, at the network engine and from a first application instance installed at a first communication device that is associated with a first software container related to a first user identity, data indicating a request for healthcare related network data relating to a second user identity included in a second software container, wherein each of the first software container and the second software container is an independent server virtualization instance stored at the network engine that is configured to operate independently of other processes operating on a same processing resource as the independent server virtualization instance, and wherein the request comprises at least (i) a first network address uniquely identifying the first software container, and (ii) a second network address uniquely identifying the second software container;
  
  accessing configuration data that specifies pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers, wherein the pre-determined publish-and-subscribe relationships between the second software container and one or more other software containers are specified by data received at the network engine from a second application instance installed at a second communication device that is associated with the second software container, and wherein the pre-determined publish-and-subscribe relationships indicate one or more software containers that are permitted to receive healthcare related network data relating to the second user identity included in the second software container or one or more software containers that are permitted to transmit healthcare related network data relating to user identities to the second software container;
  
  determining that the configuration data specifies a pre-determined publish-and-subscribe relationship between the second software container and the first software container that permits healthcare related network data relating to the second user identity included in the second software container to be transmitted to the first software container;
  
  identifying, at a key management module and from a set of encryption key pairs that each correspond to a different pre-determined publish-and-subscribe relationship between software containers, an encryption key pair corresponding to the pre-determined publish-and-subscribe relationship between the second software container and the first software container;
  
  providing, from the key management module, (i) a first key of the encryption key pair to the first application instance and (ii) a second key of the encryption key pair to the second application instance;
  
  receiving, at the network engine and from the second application instance, encrypted healthcare related network data corresponding to the healthcare related network data relating to the second user identity included in the second software container that has been encrypted using the second key of the encryption key pair; and
  
  in response to receiving the encrypted healthcare related network data, transmitting the encrypted healthcare related network data to the first software container.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eIngot LLC
Original Assignee
eIngot LLC
Inventors
Raduchel, William J.

Granted Patent

US 10,044,507 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6263   during internet communicati...

H04L 51/00   User-to-user messaging in p...

H04L 51/52   for supporting social netwo...

H04L 61/4594   Address books, i.e. directo...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1063   Application servers providi...

H04L 65/1073   Registration or de-registra...

H04L 65/1089   by adding media; by removin...

H04L 65/1104   Session initiation protocol...

H04L 65/403   Arrangements for multi-part...

H04L 67/1095   Replication or mirroring of...

H04L 9/3221   interactive zero-knowledge ...

H04N 7/173   with two-way working, e.g. ...

ZERO-KNOWLEDGE ENVIRONMENT BASED SOCIAL NETWORKING ENGINE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ZERO-KNOWLEDGE ENVIRONMENT BASED SOCIAL NETWORKING ENGINE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links