Invented by Shamim A. Naqvi, Robert F. Raucci, Safelishare Inc
The Safelishare Inc invention works as followsThe process of online service provisioning is designed to ensure that the provider does not gain more knowledge about the person receiving the service. The service provider is presented with user attributes as obfuscated, independently verifiable objects. This preserves privacy.
Background for Software-based switch to provide products and/or service without compromising users’ privacy
Service experiences are abundant on the Internet and Web. Smart contracts, computer programs based on block-chain systems, are being developed to deliver services to smart devices like autonomous cars. The overall service experience can be broken down into components, where more than one provider could provide each component. Data from sensors located on user computing devices and in physical environments near user devices is also used by many smart devices, computer programs, and service experiences. Service experiences that involve autonomous cars could collect an increasing amount of data from users. The majority of service experiences also depend on information provided by the user. The privacy of user data is becoming increasingly important to consumers. “A service provisioning system which preserves the privacy of user data in online networks, with sensor devices collecting increasing amounts of data from users will be of great commercial and social benefit.
According to one aspect of this subject matter, a system is provided that facilitates the delivery of a service or product to an end user. According to the method, a first executable code computer is inserted into an environment where a user session has been established. The first executable code is linked to an entity providing the product or service. In the computing environment, a user session is created. A first virtual machine in the user’s session is created when the first executable code is inserted. In the first virtual computer, the first executable code is executed. This includes retrieving, via a communications network, and from a computing device owned by the user, the first subset of information required for delivery of the service or product. The first subset is less than the complete set of information required from the user’s computing device to deliver the product or service. The first executable code processes the first subset of information. First output data is produced by the first executable code. The first subset of proper information can be selectively enabled or disallowed by an entity that obscures the attributes of user information before the first executable code obtains the first information. After the first executable code is completed, the first virtual machine terminates. The second executable code is derived based on at least a portion of the output data generated by the first executable code. The second executable code is inserted into the established user session in the computing environment. A second virtual machine in the user’s session is created as a result of the second executable code being inserted. In the second virtual computer, the second executable code is executed. This includes obtaining over the communications network, and from the computing device of the user, a second subset of information required from the computing device of the user to complete delivery of the service or product. The second subset is a smaller set than the entire information required from the user computing devices to complete delivery of the service or product. It also includes information that was not in the first subset. The second executable code processes the second subset of information. Second output data is produced by the second executable code. The entity that obscures the attributes of user information before the second information can be obtained by the second executable code, enables or disables the mediation of the information within the second subset of proper information. The second virtual computer terminates after the second executable code has been executed. The product or service is delivered to the end-user of the computing device based at least in part upon the second output data generated by the second executable code.
According to another aspect of this subject matter, a method and system are provided for performing a communication network transaction. According to the method, in response to a request from a user received over the communication network, a session of a user is created in a computing system. In the computing environment, a plurality of executable codes are executed that perform different portions of the transaction. Each of these executable codes requires a communication network to obtain information from the user’s computing device. Each of the subsets is a smaller set than the complete information required from the computing device of the user to complete the transaction. Each executable code processes the subset of data that it receives. The entity that obscures the attributes of user information before the executable computer code obtains the information can be used to enable or disable the mediation of the information within the various subsets. During the execution of each executable code, information is exchanged only between and among them by obtaining the encrypted output data that had been previously output. The output information is encoded in such a way that the user must provide one or more decryption key to be able to decrypt it. The user session is terminated after the final executable code necessary to complete the transaction has been completed.
According to yet another aspect described in this document, a system is provided that runs on one or multiple processors and facilitates the delivery of a service and/or product to an end user by a provider of services over a communication network. According to the method, an initial product/service delivery is started by creating a new session. In the session, a first virtual machine runs. The first virtual computer is configured only to perform a limited set of operations. The first virtual computer runs a program. The first computer program is invited to the session of a user computing device. The user computing device transmits obfuscated data to the communications network. Obfuscated user data is data required by the first computer program in order to deliver the product or service to the end user. The user data in the obfuscated data is verified upon a first computer program’s request. The verification is performed without revealing the user data contained in the obfuscated data, so that the computer program can provide delivery of the service or product to the customer without knowing any personal information about them after delivery. Upon receiving a request by the user computing devices, the first computer program is forced to remove the user computing devices from the session.
Web services and business models of the internet are critical dependent on data collected from and about consumers. Data gathered by consumers, and in some cases acquired from third-party providers, is used to create customized, personalized services and experiences for users. Advertising, marketing content and services and recommendations are all based on the analysis of user data. The gathering of data from users is expected to grow as the web develops to support sensor-based devices, such as smart cars and smart household appliances.
At the same time, users are becoming more aware that web companies store large quantities of personal data. This awareness has led many to question how data is stored and used. Privacy concerns are increasing. Such concerns are exacerbated by data breaches and outages at businesses and hacking into enterprise software systems.
The present invention, in some embodiments describes a system and method by which a decentralized open marketplace can be built that provides several features to address these concerns. The term “open” is used to describe the concept of a marketplace that allows for multiple service providers to interact without proprietary interfaces. The term?open’ refers to the ability of multiple service providers to interact without proprietary interfaces. The term “decentralized” is used. The term?decentralized’ refers to the idea that no one entity is in charge and that multiple entities can combine to offer a service overall.
The invention described in this document allows users to reveal certain elements of their personal data to one service provider or more and receive services. The user controls the provisioning of data by revealing it to a computational entity which, by design cannot retain or store the data. The computational construct, then, receives user data and executes in a sterile environment. In a way described later, the computational construct receives user data and executes itself in an environment that is?sterile?
The one or more service provider may be organized into separate entities that perform distinct functions, which when combined form the product or service offered to the user. Consider an online book seller who enters into a business agreement with a payment processor, shipper and shipper. A user can purchase a book through the seller and pay using the payment processor, and then receive the book in a shipment that is managed by the shipper.
In the present technology, the book seller and payment processor are represented by executable code, such as programs or apps, that are configured in a special way (described more fully later) and are downloaded by the user device. The user devices inject the programs in a computing environment (distributed), which contains a database processor. “For purposes of illustration, the executable computer codes are referred to herein as computer programs. However, any type of suitable computer code can be used that is configured according to the described manner.
Before proceeding, it is helpful to define some terms that are used in the description.
The term “virtual machine” is used in this context. The term “virtual machine” should be used in its ordinary meaning by people with common knowledge. A virtual machine is a computer system that emulates a physical one using software, hardware or firmware. For instance, ?operating system level virtualization? Virtual machines can be implemented using a variety of techniques. This technique virtualizes a physical computer at the operating system layer, enabling multiple “isolated” virtual machines. This technique allows for multiple?secure? ?guest? Virtual machines (software), i.e. virtual machines that run on one physical computer. The term “secure” is used. The term’secure’ implies that only certain operations can be performed on the guest machine. “Isolated” means that the operations cannot access resources in other guest machines. The term ‘isolated’ means that operations cannot access resources on other guest machines. All guest machines have the same kernel but can have different user spaces. Computer/application programs that run in a virtual/guest machine see it as a stand-alone computer system. Solaris Containers (software systems) using operating system-level virtualization techniques include iCore Virtual Accounts and Linux-VServer.
We are aware of another technique that is used to support virtual machines. This involves a hypervisor, or virtual machine monitor. It allows guest machines run their own kernels. Hypervisor, for example, may allow three virtual machines to run macOS, Windows and Linux on one physical computer. Virtualized hardware is available from major Unix vendors, such as Sun Microsystems and HP.
In the following descriptions, a computing (or simply environment) is an programmable configuration of hardware, firmware, and/or software. The term “distributed computer environment” is used. The term ‘distributed computing environment’ refers to a programmable interconnected arrangement of hardware and software. The term “database processor” is used. In one embodiment, a database processor may be an operating system of a computing environment (distributed), the OS being configured to support such features as virtual machines, sessions management, etc. as described herein.
The term “session” as used herein refers to a process of information exchange between two or more communicating devices or computer programs in which the information used during the exchange may be stored in a specific memory or set of registers that are then cleared (?torn down? The term “session” as used herein refers a process in which information is exchanged between two or multiple communicating devices or computer software programs, in which the information may be stored on a memory or set registers and then cleared. As used herein, the term refers to a process of information exchange between two or more communicating devices or computer programs in which information used during the exchange may be stored in a specific memory or set of registers that are then cleared (?torn down? later. “Devices and/or programs can also be invited to a session and removed, or they may initiate and terminate one or several dialogs within a session. A dialog is a series of data items that are exchanged between the devices and/or programs.
Certain common operations such as login, signout, registration, and de-registration may include or involve one or more aspects in our notion of a Session. A client device that logs in to a web server can include establishing a connection between the client and server. “A computer program can register with a server that provides instant messaging services. This action could also include establishing a sessions.
We will also use the term “ephemeral” at times. This term refers to a data item created in a session by a computer programme and cleared either before or during the termination of the session. A computer program that is operating within a session can receive data from the user and store it, or read data from a memory. The computer program can then complete its execution, and the session can be terminated or cleared. The memory unit, as well as any internal registers in the computer system, are cleared during the session termination. The data items will be considered ephemeral.
It is important to note that the data processor performs a number of actions that conventional database processors do not. The database processor can perform three specific actions.
First, the database processor creates, upon connecting to a computing device of a user seeking service, a session with the computing device. In certain embodiments, it is preferred that the communication channel between the user device (and the database processor) be secured. Below is an example of a possible secure protocol.
Secondly, the database processor creates one or more virtual machine (VM) instances that are pre-loaded with the computer program. The VMs can be created sequentially or simultaneously. Each VM runs one of the provisioned programs. These can each produce output which is restricted, as will be explained later. The VMs have been configured to terminate at the end of the execution of a provisioned program.
Click here to view the patent on Google Patents.