US 9,813,233 B2
Private overlay for information networks
Stephen B. Wicker, Ithaca, NY (US)
Assigned to Cornell University, Ithaca, NY (US)
Appl. No. 13/641,030
Filed by Stephen B. Wicker, Ithaca, NY (US)
PCT Filed Apr. 12, 2011, PCT No. PCT/US2011/032118
§ 371(c)(1), (2), (4) Date Jan. 2, 2013,
PCT Pub. No. WO2011/130274, PCT Pub. Date Oct. 20, 2011.
Claims priority of provisional application 61/323,713, filed on Apr. 13, 2010.
Prior Publication US 2013/0101117 A1, Apr. 25, 2013
Int. Cl. H04L 29/06 (2006.01); H04L 9/00 (2006.01); H04W 8/16 (2009.01); H04L 9/32 (2006.01); H04W 12/02 (2009.01); H04W 12/04 (2009.01)
CPC H04L 9/006 (2013.01) [H04L 9/3218 (2013.01); H04L 9/3263 (2013.01); H04W 8/16 (2013.01); H04L 63/04 (2013.01); H04L 2209/127 (2013.01); H04L 2209/42 (2013.01); H04L 2209/80 (2013.01); H04W 12/02 (2013.01); H04W 12/04 (2013.01)] 26 Claims
OG exemplary drawing
 
1. A system for protecting privacy of an authorized user of a platform in a network, the system comprising:
a private overlay 10, the private overlay comprising a system for distributing certified public keys in a public key cryptosystem 20; and
a platform 40, the platform operating in a private mode, having a private encryption key, and comprised in authorized user equipment 30,
wherein:
the system for distributing certified public keys provides the network and each authorized user with a public encryption key for the network and for each authorized user,
the private overlay does not create a location and usage record tied to the authorized user,
the network is unable to associate location data for the platform with a specific user when the platform operates in the private mode, and
the network performs private registration, the private registration comprising:
the network periodically transmitting an identical certification message to each authorized user,
the network encrypting the certification message that is transmitted to each authorized user using that user's public encryption key, and
the platform storing the certification message in a cryptographically secure vault such that the certification message cannot be accessed by an authorized user,
wherein:
the platform operating in the private mode enters the private mode by:
appending a random tag to the certification message,
signing the certification message having the appended random tag using the platform's private key,
encrypting the signed certification message having the appended random tag using the network's public key, and
transmitting the encrypted, signed certification message having the appended random tag to the network, and
the network uses the appended random tag to address the platform, to track the platform and/or to provide services to the platform.