US2014237558A1PendingUtilityA1

Device for generating a virtual network user

48
Assignee: UNISCON UNIVERSAL IDENTITY CONTROL GMBHPriority: Jan 22, 2009Filed: Apr 24, 2014Published: Aug 21, 2014
Est. expiryJan 22, 2029(~2.5 yrs left)· nominal 20-yr term from priority
H04L 63/00H04L 63/10G06F 21/77G06F 21/32G06F 21/6254H04L 9/3231G06F 2221/2115G06Q 20/34G06Q 20/383H04L 63/0421G06Q 20/02H04L 63/30G06Q 20/4014G06F 21/31H04L 63/0407H04L 63/08G06F 21/41
48
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A device for generating a virtual network user that can be used, for data protection purposes, as a pseudonym by which a physical person or legal entity can gain access to the Internet and engage services that can be implemented via the network. The network user is defined by a freely specifiable combination of real and/or arbitrarily specifiable attributes. The input of these attributes into the network access device (PC) of the user activates a transformation system which facilitates the generation of the data flows that implement the virtual network user and that can be saved with the temporal sequence of the data flow in a storage device of the transformation system. An access system allocated to an independent authority is provided, which upon activation can initiate the readout of such data from a memory allocated to the storage device of the transformation system.

Claims

exact text as granted — not AI-modified
We claim: 
     
         1 . A method for generating a virtual network user, for the purpose of privacy, that is usable as a pseudonym under which a physical person may gain access to the internet as a user and engage services that is implementable via the internet,
 wherein the physical person proves, by authentication with a combination of plausible attributes, that he is associated with the virtual network user which can be hidden behind the pseudonym, and   whereupon a predefined combination of selectable attributes is assigned to the physical person,
 which define the properties of the virtual network user usable as a pseudonym, and 
 which by means of an access device which the physical person uses for controlling the virtual network user, can be input into a transformation system,
 which procures the generation of the data streams implementing the virtual network user, and 
 whereby the data streams are stored in temporal sequence of the data flow of the temporal sequence of the generated data in a storage device of the transformation system, 
 
   
       wherein
 A) role data characterizing the virtual network user and data related to the physical person to be stored based on legal provisions by means of which the physical person is controlling the virtual network user, are each encrypted with different keys, 
 B) the key for the role data is input by the physical person himself into the transformation system, and 
 C) the key for the data related to the physical person is only made accessible to the legal authority, 
 and data which comprises the information concerning the access device through which the virtual network user has accessed the network is stored in permanent storage devices of the transformation system and can be subjected to the access of a legal authority, whereas the role data which is generated for the service usage is stored in transient storage devices of the transformation system, which are erased at the end of the service usage, and 
 the transformation system comprises at least two transformation channels which implement alternately the generation of the virtual network user, wherein in the transformation channels of the transformation system all data is transiently stored, and when one transformation channel is opened for maintenance, prior to releasing the access to the transformation channel all storage devices of the transformation channel are written with information free data sets. 
 
     
     
         2 . The method of  claim 1 , wherein the data representing operations of the virtual network user is stored in an associated register. 
     
     
         3 . The method of  claim 2 , wherein the independent authority, for proofing its access authorization to data which could give an indication to the physical person, is provided with a data carrier, by an operator of the network in which the virtual network user is acting, on which, in machine-readable form, certified data is stored which proofs the identity of the physical person representing the independent authority and its competence for the access to the storage of the transformation system, and that the verification of the access authorization and the release of the access is performed by a conjunctive linkage of the data read from the data carrier with identification data which characterizes the representative of the independent authority. 
     
     
         4 . The method of  claim 3 , wherein the physical person gets access to the transformation system which generates the network user, by means of a data carrier on which data is stored in machine-readable form which comprises authentic attributes of the user or only attributes characterizing the virtual network user, and that the release of the network access results from a conjunctive link of data stored on the data carrier with authentic data proofed at least to the service provider prior to handing out of the card, by which the satisfaction of necessary conditions can be verified. 
     
     
         5 . The method of  claim 4 , wherein an authentication station which comprises an authentication module by means of which a cooperation of the role provider with the user is performed for establishing a role characterizing the network user, role user data which is to be certified is confirmed by a role provider. 
     
     
         6 . The method of  claim 5 , wherein simultaneously or within an input time period of defined length attributes uniquely characterizing exclusively the provider or his representative on the one hand, and the user on the other hand, respectively, is input into an authentication module which comprises input devices uniquely associated with the provider on the one hand, and to the role user on the other hand. 
     
     
         7 . A device for generating a virtual user network of claim, wherein a virtual network user, for the purpose of privacy, is usable as a pseudonym under which a physical person may gain access to the internet as a user and engage services that is implementable via the internet,
 wherein the physical person proves, by authentication with a combination of plausible attributes, that he is associated with the virtual network user which can be hidden behind the pseudonym, and   whereupon a predefined combination of selectable attributes is assigned to the physical person,
 which define the properties of the virtual network user usable as a pseudonym, and 
 which by means of the access device which the physical person uses for controlling the virtual network user, can be input into a transformation system,
 which procures the generation of the data streams implementing the virtual network user, and 
 whereby the data streams are stored in temporal sequence of the data flow of the temporal sequence of the generated data in a storage device of the transformation system, 
 
   
       wherein
 A) role data characterizing the virtual network user and data related to the physical person to be stored based on legal provisions by means of which the physical person is controlling the virtual network user, are each encrypted with different keys, 
 B) the key for the role data is input by the physical person himself into the transformation system, and 
 C) the key for the data related to the physical person is only made accessible to the legal authority, 
 and data which comprises the information concerning the access device through which the virtual network user has accessed the network is stored in permanent storage devices of the transformation system and can be subjected to the access of a legal authority, whereas the role data which is generated for the service usage is stored in transient storage devices of the transformation system, which are erased at the end of the service usage, and 
 the transformation system comprises at least two transformation channels which implement alternately the generation of the virtual network user, wherein in the transformation channels of the transformation system all data is transiently stored, and when one transformation channel is opened for maintenance, prior to releasing the access to the transformation channel all storage devices of the transformation channel are written with information free data sets. 
 
     
     
         8 . The device of  claim 7 , wherein the data created in the alternatively operating channels generating virtual network users, can be correlated from time to time. 
     
     
         9 . The device of  claim 8 , wherein the transformation system is connected over mix nodes with a plurality of network access devices. 
     
     
         10 . The device of  claim 9 , wherein a portable mobile reader, that can be carried along by the user of the device, is provided, which can be connected with the particular network access device by near field radio technology. 
     
     
         11 . The device of  claim 10 , wherein an input device is provided that allows activation of the virtual network user solely by user-initiated control commands.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.