Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020117995 - A ZERO-KNOWLEDGE DATA MANAGEMENT NETWORK

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]

What is claimed is:

1 A method, comprising;

obtaining, at a storage server, source-encrypted source data from a source, the source-encrypted source data comprising source data encrypted by the source with a source encryption key of the source, wherein the storage server is unable to decrypt the source-encrypted source data;

storing, by the storage server, the source-encrypted source data;

obtaining, at the storage server a recipient-based rekeying key from the source,

8 the recipient-based rekeying key established through an encrypting combination of a source decryption key of the source and a recipient public key of a particular recipient;

receiving, at the storage server, a request to share the source data with the 1 particular recipient;

re-encrypting, by the storage server, the source-encrypted source data with the recipient-based rekeying key, the re-encrypting resulting in recipient-based encrypted source data that is the source data encrypted with the recipient public key of the particular recipient, wherein the storage server is unable to decrypt the recipient-based encrypted source data; and

sending, from the storage server, the recipient-based encrypted source data to the s particular recipient to cause the particular recipient to decrypt the recipient-based

encrypted source data using a recipient private key of the particular recipient to obtain the source data.

1 2. A method, comprising:

obtaining, at a storage server, source data from a source, wherein no device other than the source is able to read the source data;

4 obtaining, at the storage server, a request to share the source data with a particular

5 recipient;

6 obtaining, at the storage server, a conversion key specific to the particular

7 recipient from the source;

g converting, by the storage server based on the conversion key, the source data into

9 a format readable only by the particular recipient; and

o sending, from the storage server, the source data in the format readable only by i the particular recipient to the particular recipient.

1 3. A method for protecting an entity from compromising information needed for entity- 2 based operations, the method comprising:

3 storing the information on one or more non-entity servers, wherein neither the

4 entity nor the one or more non-entity servers have visibility of the information; and

5 providing, from the one or more non-entity servers upon request from the entity,

6 the information to a particular recipient in a format such that the information is only

7 visible to the particular recipient.

4. A method, comprising:

2 receiving, at a storage server, a trigger to provide information to a particular

3 recipient, wherein the information relates to a source and is unreadable to both the

4 storage server and the particular recipient;

5 obtaining, by the storage server, approval from the source to expose the

6 information to the particular recipient; and

7 sending, from the storage server in response to the trigger and the approval, the s information to the particular recipient in a format that is readable only to the particular 9 recipient.

Ill

1 5. A method, comprising;

2 obtaining, at a source, source data;

3 encrypting, by the source, the source data with a source encryption key of the source to form source-encrypted source data;

5 sending, from the source, the source-encrypted source data to a storage server,

6 wherein the storage server is unable to decrypt the source-encrypted source data;

7 establishing, by the source, a recipient-based rekeying key through an encrypting

8 combination of a source decryption key of the source and a recipient public key of a

9 particular recipient; and

id sending, from the source, the recipient-based rekeying key to the storage server, i! wherein a request sent to the storage server to share the source data with the particular

12 recipient causes the storage server to i) re-enerypt the source-encrypted source data with

13 the recipient-based rekeying key, the re-encrypting resulting in recipient-based encrypted

14 source data that is the source data encrypted with the recipient public key of the particular is recipient, wherein the storage server is unable to decrypt the recipient-based encrypted

16 source data, and ii) send the recipient-based encrypted source data to the particular i? recipient to cause the particular recipient to decrypt the recipient- based encrypted source 18 data using a recipient private key of the particular recipient to obtain the source data.

1 6. A method, comprising;

2 obtaining, at a source, source data;

3 encrypting, by the source, the source data into a format such that no device other

4 than the source is able to read the source data;

5 sending, from the source to a storage server, the source data in the format t at no

6 device other than the source is able to read;

7 establishing, by the source a conversion key for a particular recipient; and

8 sending, from the source, the conversion key to the storage server, wherein a

9 request sent to the storage server to share the source data with the particular recipient

10 causes the storage server to i) convert, based on the conversion key, the source data into a n format readable only by the particular recipient; and ii) send the source data in the format 12 readable only by the particular recipient to the particular recipient.

ί 7. A method for protecting an entity from compromising information needed for entity- 2 based operations, the method comprising:

3 sending, from an application, the information to one or more non-entity servers,

4 wherein neither the entity nor the one or more non-entity servers have visibility of the

5 information; and

ό sending from the application, a conversion key that allows the one or more non- 7 entity servers to convert the information into a format that is only visible to a particular g recipient;

9 wherein the one or more non-entity servers, upon request from the entity, provide in the information to the particular recipient in the format based on the conversion key such n that the information is only visible to the recipient.

i 8. A method, comprising:

2 participating, by a particular recipient, in a data storage system, wherein:

3 i) a storage server is configured to obtain and store source-encrypted

4 source data received from a source the source-encrypted source data comprising

5 source data encrypted by the source with a source encryption key of the source,

6 wherein the storage server is unable to decrypt the source-encrypted source data;

7 ii) the source is configured to establish and send a recipient-based

8 rekeying key to the storage server, the recipient-based rekeying key established

9 through an encrypting combination of a source decryption key of the source and a in recipient public key of the particular recipient; and

ii iii) the storage server is further configured to re-encrypt the source-i’ encrypted source data with the recipient-based rekeying key in response to a

13 request to share the source data with the particular recipient, the re-encrypting

14 resulting in recipient-based encrypted source data that is the source data encrypted is with the recipient public key of the particular recipient, wherein the storage server

16 is unable to decrypt the recipient-based encrypted source data;

i? receiving, at the particular recipient from the storage server, the recipient-based is encrypted source data:

19 decrypting, by the particular recipient, the recipient-based encrypted source data

20 using a recipient private key of the particular recipient to obtain the source data; and

21 processing, by the particular recipient, the decrypted source data.

ί 9. A method, comprising:

2 participating, by a particular recipient, in a data storage system, wherein a storage

3 server is configured to 1) obtain source data from a source, wherein no device other than

4 the source is able to read the source data; ii) obtain a conversion key specific to a

5 particular recipient from the source; iii) convert, based on the conversion key and in

6 response to a request to share the source data vrith the particular recipient, the source data

7 into a format readable only by the particular recipient;

8 receiving, at the particular recipient from the storage server, the source data in the

9 format readable only by the particular recipient; and

in processing, by the particular recipient, the source data readable fry the particular i i recipient.

1 10. A method for protecting an entity from compromising information needed for entity- 2 based operations, the method comprising:

3 providing, from a particular recipient, a key for an application to establish a 4 conversion key that allows one or more non-entity servers to convert the information into s a format that is only visible to the particular recipient;

6 receiving, at the particular recipient upon request from the entity, the information

7 from the one or more non-entity servers in the format based on the conversion key such

8 that the information is only visible to the recipient, wherein neither the entity nor the one

9 or more non-entity servers have visibility of the information; and

10 processing, by the particular recipient, the information.

1 11. A method, comprising:

2 participating, by a device, in a data storage system, wherein:

3 i) a storage server is configured to obtain and store source-encrypted

4 source data received from a source, the source-encrypted source data comprising

5 source data encrypted by the source with a source encryption key of the source,

6 wherein the device and the storage server are unable to decrypt the source- 7 encrypted source data;

s ii) the source is configured to establish and send a recipient-based

9 rekeying key to the storage server, the recipient-based rekeying key established

10 through an encrypting combination of a source decryption key of the source and a

11 recipient public key of a particular recipient; and

12 iii) the storage server is further configured to re-encrypt the source- 13 encrypted source data with the recipient-based rekeying key in response to a

14 request to share the source data with the particular recipient, the re-encrypting is resulting in recipient-based encrypted source data that is the source data encrypted

16 with the recipient public key of the particular recipient, wherein the device and i? the storage server are unable to decrypt the recipient-based encrypted source data;

is performing, by the device, a transaction with the source;

detecting, by the device, a trigger to share the source data that is stored as the source-encrypted source data at the storage server with the particular recipient based on the transaction; and

causing, by the device, the request to share the source data with the particular recipient to be sent to the storage server in response to the trigger to cause the particular recipient to i) receive the recipient-based encrypted source data, ii) decrypt the recipient-based encrypted source data using a recipient private key of the particular recipient to obtain the source data, and iii) process the decrypted source data.

12. A method, comprising:

participating, by a device, in a data storage system, wherein a storage server is configured to i) obtain source data from a source, wherein no device other than the source is able to read the source data; ii) obtain a conversion key specific to a particular recipient from the source; iii) convert, based on the conversion key and in response to a request to share the source data with the particular recipient, the source data into a format readable only by the particular recipient;

performing, by the device, a transaction with the source:

detecting, by the device, a trigger to share the source data that is stored at the storage server with the particular recipient based on the transaction; and

causing, by the device, the request to share the source data with the particular recipient to be sent to the storage server in response to the trigger to cause the particular recipient to i) receive the source data in the format readable only by the particular recipient; and ii) process the source data readable by the particular recipient.

13. A method for protecting an entity from compromising information needed for entity-based operations, the method comprising:

participating, by an entity device, in a data storage system that stores the information, from a source, on one or more non-entity servers, wherein neither the entity device nor the one or more non-entity servers have visibility of the information ;

performing, by the entity device, a transaction with the source;

detecting, by the entity device, a trigger to share the information with a particular recipient based on the transaction; and

causing, by the entity device, the one or more non-entity servers to provide the information to the particular recipient in a format such that the information is only visible to the particular recipient.

14. A method, comprising:

receiving, at an intermediate reporting device, a first set of data, the first set of data readable by the intermediate reporting device;

receiving, at the intermediate reporting device, a second set of data, the second set of data unreadable by the intermediate reporting device;

reading, by the intermediate reporting device, the first set of data;

creating, by the intermediate reporting device, a report based on the first set of data;

packaging, by the intermediate reporting device, the second set of data with the report; and

sending, from the intermediate reporting device, the packaged report and second set of data to a second recipient, wherei the second set of data is readable by the second recipient, and wherein the second recipient is caused to read the second set of data and process the report with the second set of data.

15. A method, comprising:

2 participating, by an intermediate reporting device, in a data storage system,

3 wherein a storage server is configured to i) obtain source data from a source, wherein no

4 device other than the source is able to read the source data; ii) obtain a conversion key

5 specific to a particular recipient from the source; iii) convert, based on the conversion key

6 and in response to a request to share the source data with the particular recipient, the

7 source data into a format readable only by the particular recipient;

s receiving, at the intermediate reporting device, a first set of data, the first set of

9 data readable by the intermediate reporting device;

in receiving, at the intermediate reporting device, the source data, the source data

11 unreadable by the intermediate reporting device;

12 creating, by the intermediate reporting device, a report based on the first set of

13 data;

14 packaging, by the intermediate reporting device, the second set of data with the is report; and

16 sending, from the intermediate reporting device, the packaged report and source i? data to the particular recipient, wherein the source data is readable by the particular is recipient, and wherein the particular recipient is caused to read the source data and

19 process the report with the source data.

1 16. A method for protecting an entity from compromising information needed for entity- 2 based operations, the method comprising:

3 participating, by an intermediate reporting device, in a data storage system that

4 stores the information on one or more non-entity servers, wherein neither the entity, the

5 intermediate reporting device, nor the one or more non-entity servers have visibility of

6 the information;

7 receiving, at the intermediate reporting device from the one or more non-entity s servers upon request from the entity, the information in a format such that the

9 information is only visible to the recipient;

10 receiving, at the intermediate reporting device, a first set of data, the first set of

11 data readable by the intermediate reporting device;

12 creating, by the intermediate reporting device, a report based on the first set of

13 data; and

14 sending, from the intermediate reporting device, the report and information to the is particular recipient, wherein the information is readable by the particular recipient, and 16 wherein the particular recipient is caused to read the information and process the report i? with the information.

1 17. A method, comprising:

2 participating, by an attestation server, in a data storage system, wherein:

3 i) a storage server is configured to obtain and store source-encrypted

4 source data received from a source, the source-encrypted source data comprising source data encrypted by the source with a source encryption key of the source,

6 wherein the storage server is unable to decrypt the source-encrypted source data;

7 ii) the source is configured to establish and send a recipient- based

8 rekeying key to the storage server, the recipient-based rekeying key established

9 through an encrypting combination of a source decryption key of the source and a

10 recipient public key of a particular recipient; and

11 iii) the storage server is further configured to re-encrypt the source- 12 encrypted source data with the recipient- based rekeying key in response to a

13 request to share the source data with the particular recipient, the re-encrypting

14 resulting in recipient-based encrypted source data that is the source data encrypted

15 with the recipient public key of the particular recipient, wherein the storage server

16 is unable to decrypt the recipient-based encrypted source data;

17 sharing, by the attestation server, an attestation server public key to cause the

18 source to i) establish an atestation-server-based rekeying key through an encrypting 19 combination of the source decryption key of the source and the attestation server public 0 key, and ii) send the attestation-server-based rekeying key to the storage server, wherein 1 an attestation request at the storage server to share the source data with the attestation 2 server causes the storage server to i) re-encrypt the source-encrypted source data with the 3 attestation- server-based rekeying key, the re-encrypting resulting in the source data 4 encrypted with the attestation server public key, wherein the storage server is unable to 5 decrypt the source data encrypted with the attestation server public key, ii) send the 6 source data encrypted with the attestation server public key to the attestation server;

7 receiving, at the attestation server, the source data encrypted with the attestation 8 server public key from the storage server;

9 decrypting, by the attestation server, the source data encrypted with the attestation o server public key using an attestation server private key of the attestation server;

1 attesting, by the attestation server, to the decrypted source data:

2 creating, by the attestation server, a signed certificate based on attesting to the 3 source data, the signed certificate to allow a verifying recipient to confirm that the source 4 data has been attested to by the attestation server based on the signed certificate, wherein 5 the signed certificate is associated with the source data; and

6 sharing, from the attestation server, the signed certificate to cause the verifying 7 recipient to confirm that the source data has been attested to by the attestation server 8 based on the signed certificate.

i 18. A method, comprising:

2 storing information on a third-party server, wherein the third-party server and an

3 attestation service cannot read the stored information;

4 storing, on the third-party server, a re -encryption key that converts the stored

5 information to a format readable to only the attestation sendee;

6 requesting, by the third-party server from the attestation service, attestation of

7 whether the stored information is correct, wherein requesting comprises applying the re- encryption key to the stored information and sending the stored information, in the format readable to only the attestation service, to the attestation service;

receiving, by the third-party server from the atestation service, an indication as to whether the stored information, which cannot be read by the third-party server, is attested as correct by the atestation service; and

providing, from the third-party server, the indication as to whether the stored information is attested as correct by the attestation service to an interested device, without the third-party server knowing the information.

19. A method, comprising:

participating, by an attestation server, in a data storage system, wherein a storage server is configured to i) obtain source data from a source, wherein no device other than the source is able to read the source data; ii) obtain a conversion key specific to a particular recipient from the source; iii) convert, based on the conversion key and in response to a request to share the source data with the particular recipient, the source data into a format readable only by the particular recipient;

receiving, at the attestation server from the storage server, the source data converted into a format readable by only the attestation server;

attesting, by the attestation server, to the source data;

creating, by the attestation server, a signed certificate based on attesting to the source data, the signed certificate to allow a verifying recipient to confirm that the source data has been attested to by the attestation server based on the signed certificate, wherein the signed certificate is associated with the source data; and

sharing, from the attestation server, the signed certificate to cause the verifying recipient to confirm that the source data has been attested to by the attestation server based on the signed certificate.

20. A method for protecting an entity from compromising information needed for entity-based operations, the method comprising:

participating, by an attestation server, in a data storage system that stores the information on one or more non-entity servers wherein neither the entity, the attestation server, nor the one or more non-entity servers have visibility of the information;

receiving, at the attestation server from the one or more non-entity servers, the information in a converted format such that the information is only visible to the attestation server;

attesting, by the attestation server, to the information;

creating, by the attestation server, a signed certificate based on attesting to the information the signed certificate to allow a verifying recipient to confirm that the information has been attested to by the atestation server based on the signed certificate, wherein the signed certificate is associated with the information; and

sharing, from the attestation server, the signed certificate to cause the verifying recipient to confirm that the information has been attested to by the attestation server based on the signed certificate.

21. A method for performing a transaction between a first party and a second party, the method comprising:

storing, by a third party service, first party identifying information, wherein the first party identifying information is inaccessible by any party other than the first party;

obtaining, by the third party service, first account information of a first account corresponding to the first party;

obtaining, by the third party service, second account information of a second account corresponding to the second party;

obtaining, by the third party service, a value to transfer from the first account to the second account as the transaction;

11 obtaining, by the third party service, verified approval of the first party to

12 complete the transaction; and

is instructing, by the third party service in response to the verified approval of the

14 first party, an account-maintaining entity associated with the first account to complete the is transaction without sharing the first party identifying information or the first account

16 information with the second party.

ί 22. A method for providing secure financial transactions between a buyer and a seller,

2 the method comprising:

3 obtaining, by a storage server, financial account identification information of the

4 buyer, wherein the storage server and the seller ha ve no access to read the financial

5 account identification information of the buyer;

6 obtaining, by the storage server, financial account identification information of

7 the seller, wherein the storage server and the buyer have no access to read the financial g account identification information of the seller;

9 obtaining, by the storage server, an invoice for a financial transaction between the

10 buyer and the seller, the invoice indicating a financial value to transfer from the financial

11 account identification information of the buyer to the financial account identification a information of the seller, wherein the storage has no access to read the invoice;

is obtaining, by the storage server, an authorization from the buyer for the

1 transaction, the authorization signed with a private key of the buyer; and

is providing, from the storage server in response to the authorization, the financial

16 account identification information of the buyer, the financial account identification

17 information of the seller, and the invoice to a financial institution associated with the is financial account identification information of the buyer, hereinafter collectively“the

19 provided data”, the provided data being in a format such that the only the financial

20 institution has access to read the provided data to complete the financial transaction.