Description:FIELD OF THE DISCLOSURE
[0001] This invention generally relates to a field of computer science engineering, and more particularly to a system for data privacy and a method thereof for user, data and social privacy.

BACKGROUND
[0002] The subject matter discussed in the background section should not be assumed to be prior art merely as a result of its mention in the background section. Similarly, a problem mentioned in the background section or associated with the subject matter of the background section should not be assumed to have been previously recognized in the prior art. The subject matter in the background section merely represents different approaches, which in and of themselves may also correspond to implementations of the claimed technology.
[0003] Online users of websites and apps are vulnerable to identity and data theft. This is attributed to their information being captured, exploited and in many cases misused by the websites and apps for purposes of targeted marketing and profiling for business purposes. As a result, a large number of them are offering free services, which is very attractive to users, most of whom do not understand the pitfalls of such exposure and the fact that the free services are actually in exchange of their identity and data for profiteering by others.
[0004] User name, identity, profile, gender, date of birth, email id, mobile number, IP address, device id, location, contacts and other such data is categorized as personally identifiable information. Although most websites and apps have a privacy policy in which they explain how they will use the data, the language they use is not understood by all and users at large do not go through its lengthy and complex description, which in many cases is further complicated by legal verbiage too. Moreover, these websites and apps use cookies without accepting which one cannot proceed further, so users blindly accept all cookies out of compulsion rather than choice. The more vulnerable sections of society, like teenagers and senior citizens, are often targeted online for profiteering and at times fraud too. They are generally the ones least aware of online vulnerabilities. Breach of user data in various forms and shapes is the new digital age phenomenon with no easy solution in place.
[0005] When one deals with educational, financial or medical institutions, for matters related to their family in particular, any data breach could have lifelong impact, financially and otherwise. These institutions may be data secure in themselves, but eventually they send out information to their consumers through third party systems which are beyond their control. They may do it through email or messages, password-protect the documents attached or send a hyperlink only for the consumer to download the actual document from a secure storage.
[0006] People at large use free emails (e.g. Gmail) because the private secure ones are either not in this market or have a price tag, and the free ones are “free” because they thrive on user profiling, tracking and advertising. Messaging systems and apps, which are also mostly free, are exposed to user data churning for similar purposes. Password-protection and secure-storage hyperlinks are relatively secure options but user-friendly for only a fraction of the population. The latter, however, involves additional cost for the institutions. For such countries, where the use of apps is far ahead of the awareness about online data security, the last mile consumer continues to be at risk.
[0007] Securing this last mile by institutions adds to their internal costs, which impacts their price competiveness in their market. Those who do it do not actually have last mile protection as their objective, but prevention of poaching of their consumers by competitors, simply because the last mile is exposed to user profiling. Many systems have been introduced for proper authentication of user data and last mile protection.
[0008] According to a patent application “US9374369B2” discloses a system and method for authenticating a user of a client computer making a request to a server computer providing access to a network resource through an authentication platform that issues a challenge in response to the request requiring authentication of the user identity through a reply from the client computer, determining one or more items of context information related to at least one of the user, the request, and the client computer, and determining a disposition of the request based on the reply and the one or more items of context information. The reply includes a user password and may be provided by an authorizing client device.
[0009] According to another patent application “US11551209B2” discloses methods, systems, and apparatus, including computer programs encoded on computer storage media, for receiving, from a user device, a request to include financial data describing a financial account in an interface, the financial account being associated with a particular financial institution; identifying one or more metadata attributes for accessing the financial account associated with the particular financial institution; obtaining a public digital key associated with the financial institution; providing, to the user device, data describing the one or more metadata attributes and the public digital key associated with the financial institution; receiving, from the user device, respective values for the one or more metadata attributes, the corresponding values having been encrypted by the user device using the public digital key; and storing the encrypted values for the one or more metadata attributes for use in accessing and aggregating financial data describing the financial account.
[0010] Therefore, there is a need for a system of totally privacy which is a combination of user privacy, data privacy and social privacy, in which every user is in absolute control over their identity and data, and that further can be integrated with one or more entity for last mile protection.
OBJECTIVES OF THE INVENTION
[0011] The objective of present invention is to provide a system for total user and data privacy.
[0012] Furthermore, the objective of the present invention is to provide a method of encryption.
[0013] Furthermore, the objective of the present invention is to provide user privacy, data privacy and social privacy.
[0014] Furthermore, the objective of the present invention is to provide the system to store, connect and share financial, health, business and personal data privately and securely.
[0015] Furthermore, the objective of the present invention is to provide last mile protection against unsolicited profiling, tracking, advertising and breaches of data.
[0016] Furthermore, the objective of the present invention is to provide backend integration with one or more entity.

SUMMARY
[0017] According to an aspect, the present embodiments disclose a system for data privacy. The system comprising a memory communicatively coupled to a processor via a network interface. The memory is configured to store one or more instructions executed by the processor. The system further comprises a database. The database is configured to store at least one or more user’s data. The system further comprises a base module communicatively coupled to the processor via the network interface. The base module further comprises an account management module. The account management module is configured to create one or more user accounts of one or more users having the one or more user’s data. The account management module further creates one or more datasheets of the one or more user’s data. The account management module further generates one or more keys of the one or more datasheets. The base module further comprises a security module. The security module is configured to encrypt and decrypt one or more keys of the one or more user’s data, wherein the one or more keys are uniquely generated for the one or more user’s data. Further, the system comprises an integration module that is configured to provide backend integration of the base module with one or more entity to receive the encrypted one or more user’s data that is only decrypted and viewed by one or more users via re-login. The one or more entity includes at least one or more businesses. It should be noted that the one or more user datasheets of the one or more user accounts is uniquely encrypted, and the one or more user’s data is encrypted uniquely for each of the one or more user to keep the one or more user anonymous from each other and the system itself.
[0018] In an embodiment, the one or more user’s data includes at least passwords, education details, financial data, insurance data, health records, business information, and work and family related data. Further, the one or more keys include at least a login key, a vault key, a public key, a private key and a connect key. It should be noted that the one or more keys remain encrypted in the database at all times.
[0019] In an embodiment, the security module authenticates the one or more user while accessing the one or more datasheet by comparing the login key of the one or more user with the login key encrypted within the connect key of the one or more datasheets. Further, at least the login key, the riddle answer, the vault key, the public key, the private key and the connect key remain encrypted in the database at all times.
[0020] In another embodiment, a method for encryption is disclosed. The method comprises receiving, via a user interface, one or more user login credentials for signup including at least a login key, a riddle question, a riddle answer. Further, encrypting, via a security module, the one or more user login credentials. Further, creating, via an account management module, one or more user accounts with the one or more user login credentials, having one or more datasheets of one or more user’s data of the one or more user accounts. Further, generating, via the account management module, at least a vault key, a public key, a private key for each of the one or more datasheets. Further, encrypting, via the security module, at least the vault key with the encrypted at least one login key and at least the private key with at least the encrypted vault key. Further, storing, in a database, at least the encrypted vault key and at least the encrypted private key.
[0021] It should be noted that at least the vault key is a combination of one or more user accounts signup timestamp, at least the login key and a random 32-character string. Also, at least the login key, the riddle answer, the vault key, the public key, the private key and the connect key remain encrypted in the database at all times.
[0022] In an embodiment, the one or more datasheets is further encrypted, comprising generating, via the account management module, at least a connect key, wherein the connect key is a combination of at least the login key and one or more user accounts current timestamp. Further, encrypting, via the security module, at least the connect key with a combination of at least the encrypted login key and the riddle answer. Further, encrypting, via the security module, at least the encrypted connect key with at least the public key of the one or more user accounts. And, storing, in the database, at least the encrypted connect key of the one or more datasheets, wherein the one or more datasheets is decrypted with at least the private key.
[0023] In an embodiment, the method further provides backend integration with one or more entity to receive the encrypted one or more keys of the one or more datasheets that is only decrypted and viewed by the one or more user accounts via re-login.
BRIEF DESCRIPTION OF THE DRAWINGS
[0024] The accompanying drawings illustrate various embodiments of systems, methods, and embodiments of various other aspects of the disclosure. Any person with ordinary skills in the art will appreciate that the illustrated element boundaries (e.g. boxes, groups of boxes, or other shapes) in the figures represent one example of the boundaries. It may be that in some examples one element may be designed as multiple elements or that multiple elements may be designed as one element. In some examples, an element shown as an internal component of one element may be implemented as an external component in another, and vice versa. Furthermore, elements may not be drawn to scale. Non-limiting and non-exhaustive descriptions are described with reference to the following drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating principles.
[0025] FIG. 1 illustrates a block diagram of system (100) for data privacy, according to an embodiment of the present invention;
[0026] FIG. 2A illustrates a flow chart of a method (200A) for encryption, according to an embodiment of the present invention;
[0027] FIG. 2B illustrates another flow chart of a method (200B) for encryption, according to an embodiment of the present invention;
[0028] FIG. 3 illustrates a signup page (300) of the system (100), according to an embodiment of the present invention;
[0029] FIG. 4 illustrates a screenshot (400) of the system (100), according to an embodiment of the present invention;
[0030] FIG. 5 illustrates another screenshot (500) of the system (100), according to an embodiment of the present invention; and
[0031] FIG. 6 illustrates key principles (600) of the system (100), according to an embodiment of the present invention.
DETAILED DESCRIPTION
[0032] Some embodiments of this disclosure, illustrating all its features, will now be discussed in detail. The words “comprising,” “having,” “containing,” and “including,” and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise.
[0033] Although any systems and methods similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present disclosure, the preferred, systems and methods are now described. Embodiments of the present disclosure will be described more fully hereinafter with reference to the accompanying drawings in which like numerals represent like elements throughout the several figures, and in which example embodiments are shown. Embodiments of the claims may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. The examples set forth herein are non-limiting examples and are merely examples among other possible examples.
[0034] With the increasing world digitization, privacy vulnerabilities and breaches are growing proportionately too. Various organizations repeatedly flout privacy of their consumers for profiteering, and continue to do so. There is a need of providing a “digital safety net” for online users. Further, there is a need for a safe platform for users to store, connect and share their data.
[0035] The present invention discloses a system and a method for total privacy to protect user data. The present invention is a combination of user privacy, data privacy and social privacy, in which every user is in absolute control over their identity and data. The present invention is secure as the user data cannot be read even in the backend. The present invention is unable to assist a user in case they forget their login credentials because the present invention has no way of knowing who the user actually is in order to reset their login. As a result, the present invention protects user identity and data. Further, the present invention protects user identity and data such that it cannot be used for advertising, marketing or other business purposes. The present invention does not ask for user’s name, identity, profile, gender, date of birth, email id, mobile number, contacts, location, device id or any other personally identifiable information.
[0036] The present invention is meant to store sensitive private real-life data of the users, such as account ids, passwords, financial data, medical history, business information, education records and any other data which is of value to its users. Thus, the present invention protects data of a last mile user or consumer. For last mile protection in dealing with businesses, the present invention directly integrates with the businesses to receive encrypted user or consumer data in the latter’s account. In the present invention, the data is maintained with historical updates and timestamps, grouped as per the business entity of the consumer, and sub-grouped by the services availed by the consumer. Thus, the present invention protects the last mile consumers because none of their data goes through the free communication channels currently being used by them.
[0037] With the help of the present invention, businesses will be free from their last mile challenges of user profiling and poaching by third parties. In all the embodiments, the terms “data” and “information” may have the same meaning. And, the terms “data” and “information” may be used in place of one another.
[0038] FIG. 1 illustrates a system (100) for data privacy, in an embodiment of the present invention. The system (100) may comprise a computer (not shown) having a user interface (102), a processor (104) and a memory (106). Further, the computer is linked to a database (108), via a network interface (110). Further, the processor (104) may be coupled with a base module (112), via the network interface (110).
[0039] In an embodiment, the processor (104) may be coupled to different elements of the system (100), via the network interface (110). Further, the processor (104) may be responsible for performing the operations of the elements of the system (100), as described below in detail. Further, the processor (104) may be configured to process incoming requests from the user interface (102). Further, the processor (104) may interact with the elements based on the required operations. Further, the processor (104) may return the result back to the user interface (102) for display.
[0040] In an embodiment, the user interface (102) may include screens, forms and/or control to allow one or more users to manage their data. Further, the user interface (102) may be configured to receive one or more user login credentials for signup. The one or more user login credentials may include at least a login key, a riddle question, a riddle answer, etc. Further, the user interface (102) may allow to configure privacy setting of one or more user data. Further, the user interface (102) may be configured to share one or more user data.
[0041] Further, the system (100) may comprise the memory (106) communicatively coupled to the processor (104) via the network interface (110). Further, the memory (106) may be configured to store a set of instructions executed by the processor (104).
[0042] Further, the computer may be linked to the database (108). The database (108) may be configured to store at least one or more user’s data. In an embodiment, the one or more user’s data includes at least passwords, education details, financial data, insurance data, health records, business information, and work and family related data. Further, the database (108) may be configured to store one or more user accounts access permissions. In an embodiment, one or more datasheets may be created by one or more user accounts, having the one or more user’s data, which is later described in the detailed description. The database (108) may further be configured to store the one or more datasheets. For example, a user account may create a datasheet titled “Citibank” and add all Citibank-related data and files in multiple posts over a period of time. This datasheet may further be stored in the database (108) to access later.
[0043] In an exemplary embodiment, the database (108) may be selected from the group of database including, but not limited to structured query language (SQL) server database, MySQL, Oracle, PostgreSQL, MongoDB, Redis, Elasticsearch, Cassandra, MariaDB, IBM Db2.
[0044] In an embodiment, the network interface (110) may be configured to facilitate a communication link among the components of the system (100). It can be noted that the network interface (110) may be a wired network and/or a wireless network. The network interface (110), if wireless, may be implemented using one or more communication techniques. The one or more communication techniques may be Visible Light Communication (VLC), Worldwide Interoperability for Microwave Access (WiMAX), Long Term Evolution (LTE), Wireless Local Area Network (WLAN), Infrared (IR) communication, Public Switched Telephone Network (PSTN), Radio waves, and other communication techniques, known in the art.
[0045] Further, the system (100) may comprise the base module (112) communicatively coupled to the processor (104), the memory (106) and the database (108) via the network interface (110). In one embodiment, the base module (112) may be configured to manage at least the one or more user accounts, one or more user’s data, privacy setting for authorized online access. In one embodiment, the base module (112) may act as a central module to receive and send instructions to each of the plurality of modules. In one embodiment, the base module (112) may be configured to activate and/or deactivate a plurality of sub-modules according to the information received from the processor (104) and the memory (106).
[0046] Further, the base module (112) may comprise an account management module (114), a security module (116) and an integration module (118). The account management module (114) may be configured to create one or more user accounts of one or more users having the one or more user’s data. The account management module (114) may create a share handle for the one or more user accounts. In a case when the share handle is created, then the one or more users may connect with other one or more users, via the share handle. In a case when the share handle is not created, no other user may see the one or more users.
[0047] The account management module (114) may further be configured to create the one or more datasheets of the one or more user’s data. In the system (100), the one or more users may connect with each other at a datasheet level. Further, the one or more users may choose to connect one or more datasheets with other users. The one or more datasheets that the one or more users do not connect remains private and hidden from the other users. In an embodiment, when one or more users connects one or more datasheets with the other users, the other users may not sub-connect the one or more datasheets with other users.
[0048] Further, the account management module (114) may be configured to generate one or more keys of the one or more datasheets. Further, the one or more keys include at least a login key, a vault key, a public key, a private key and a connect key.
[0049] In an example embodiment, a “datasheet” may be a list of posts and files a user adds over time in a given page. For example, a user may create a datasheet titled “Citibank” and add all Citibank-related data and files in multiple posts over a period of time. And the one or more keys is generated for the “Citibank”.
[0050] Further, the base module (112) may comprise a security module (116). The security module (116) may be configured to encrypt and decrypt the generated one or more keys for data security. Further, the security module (116) may be configured to ensure security and privacy of the one or more user accounts. Further, the security module (116) may comprise security protocol to protect data from unauthorized access and/or breaches. The security module (116) may be configured to encrypt and decrypt the one or more keys. The one or more keys remain encrypted in the database (108) at all times.
[0051] In an embodiment, the one or more users may sign up to make one or more user accounts with the login key and a personal riddle that comprises of the riddle question and the riddle answer. The login key, the riddle question and the riddle answer are stored encrypted in the database (108). The login key is self-encrypted. The riddle question is encrypted with login key. The riddle answer is self-encrypted.
[0052] In an example embodiment, if a user’s login key is “james-bond”, it is encrypted with “james-bond”. Thereafter, unless the user enters “james-bond” in the next login, the login key cannot be decrypted. Similarly, for the riddle answer.
[0053] In another embodiment, the one or more users may create at least ninety-nine riddles in the one or more user accounts. It should be noted that riddles are picked at random each time the one or more user logs in or resumes an existing login session. Further, the one or more users may change the login key at any time.
[0054] Further, on signup, the account management module (114) may generate the vault key, and the public key and private key pair for every user. The vault key may be generated randomly. The vault key may be a system-generated as a combination of the user’s signup timestamp, login key and a 32-character cryptography random string. The vault key may be stored in the database (108). The vault key may be encrypted with the user’s login key and the riddle answer. Further, the public key and the private key may be a system-generated 1024 RSA keys. Further, the private key is encrypted with the vault key and stored in the database (108).
[0055] For one or more user data thereafter, the one or more connect keys may be generated for every datasheet the one or more user creates. The one or more connect keys may be system-generated as a combination of the one or more user’s current timestamp, login key and riddle answer. This is done for every new datasheet the one or more user creates. Further, the one or more connect keys are encrypted with the user’s public key and stored in the database (108). As a result, every datasheet has a unique connect key. Further, when a datasheet is connected between two users, it is encrypted with their respective public keys. Further, when one or more user logs in, their private key then decrypts their own data and connected datasheets thereof. Further, the one or more user accounts are either hidden from other one or more users, or the one or more user controls who they connect with, when and for which data item of the one or more datasheets.
[0056] In an embodiment, the one or more users may be private by default in the system (100). In an embodiment, even when one or more users may create the share handle, the share handle is not displayed to other users by default. Thus, the only way for other user to discover one or more users is when the other user knows the share handle of the one or more users.
[0057] In an embodiment, when one or more users connect with the one or more datasheets, the database (108) level check may be performed to ensure the one or more users is the owner of the one or more datasheets. In case, the one or more users is not the owner of the one or more datasheets, an “unauthorized” error is returned. Otherwise, the one or more users is connected to the one or more datasheets to access the data stored in the one or more datasheets.
[0058] Further, the base module (112) may comprise an integration module (118). The integration module (118) may be configured to provide backend integration with one or more entity to receive the encrypted one or more datasheets. The encrypted one or more datasheets is only decrypted and viewed by the one or more user accounts via re-login. The one or more entity includes at least one or more businesses.
[0059] The integration with one or more entity may be driven with one or more system-generated parameters. The system-generated parameters include at least a business id, a customer id, a group id, subgroup id, a data id, etc. The business id may be a unique system-generated identifier for a given business entity. The customer id may be a unique system-generated identifier for a given business consumer. The consumer may be the one or more users. The group id may be a unique system-generated identifier for the consumer’s business entity in the one or more user accounts. The subgroup id may be a unique system-generated identifier for the consumer’s business entity services in the one or more users account. The data id may be a unique system-generated identifier for the consumer’s business data in the one or more user accounts.
[0060] Further, the backend integration with the one or more entity may be achieved through backend application programing interfaces (APIs) by mapping the aforementioned parameters in their respective systems for every consumer. In an embodiment, the one or more entity may implement an “acquisition plan” in which every consumer is encouraged to “subscribe” to the system (100) for their data security.
[0061] In an embodiment, data of the consumers is obtained from one or more entity’s database. Further, the data is encrypted, via the security module (116), with the one or more keys. Further, a business group may be created for business id. Also, one or more subgroups may be created for business services. And, one or more datasheets may be created from the data id. Further, the created business groups, the subgroups and the one or more datasheets may be encrypted with the one or more connect keys. The one or more connect keys may be encrypted with the public key and stored in the database (108). It should be noted that, at no point data of the consumers may be divulged by the one or more entity. Also, the data of the consumer is only decrypted when the consumer logs in again.
[0062] In an embodiment, the data of the consumer in the one or more entity may automatically invoke the integration module (118) to transmit the data of the consumer into the one or more user accounts in the system (100).
[0063] In another embodiment, the system (100) may use various technologies for the protection of the one or more user data while online. The various technologies may include at least Web Cryptography API (WebCrypto), Content Security Policy (CSP), Secure Sockets Layer (SSL), Transport layer security (TLS) 1.2, IndexedDB.
[0064] In an embodiment, the system (100) may be configured with a “offline access” feature. In the system (100), one or more users may be offline by default. The one or more user’s data may be stored in a local browser-controlled database, called IndexedDB, on the computer. In an embodiment, the IndexedDB is a global standard for secure data storage. Further, for encryption of the one or more user’s data stored in the IndexedDB on the computer, the system (100) may use Web Cryptography. The Web Cryptography is a global browser standard. The Web Cryptography may be used for generating encryption keys. The generated encryption keys may be used for encryption and decryption. It should be noted that the generated encryption keys may not be retrieved for viewing even in the backend. This may further be enforced by one or more browsers, including but not limited to, Chrome, Edge, Safari, Firefox, Brave.
[0065] When one or more user signs-up or login on the computer, Web Cryptography keys may be generated for the user. The generated Web Cryptography keys may be stored in the IndexedDB on the computer. Thereafter, the one or more user data stored in the IndexedDB may be encrypted using the generated Web Cryptography keys.
[0066] As aforementioned, since offline storage is on the computer of the one or more users, security needs of the network interface (110) may be eliminated. Further, the one or more user’s riddles, at least a vault key and a connect key residing in the database (108) may not be required in the “offline access” feature. As such, the system (100) may store only the one or more user’s login key. The one or more user’s login key may be stored encrypted. The system (100) thus, allows the one or more user’s access to one or more user’s data stored offline by just entering the login key in combination with the generated Web Cryptography keys. It should be noted that when the login key is modified by the user, the modified login key is automatically updated in the IndexedDB.
[0067] In another embodiment, new data of the one or more user, changes to existing data of the one or more user and deletion of any data of the one or more user may be done while the system (100) is online. When this happens, the IndexedDB data may be updated automatically. It should be noted that the database (108) on the network interface (110) is configured to be a primary storage of the one or more user’s data while IndexedDB is configured to be a secondary storage of the one or more user’s data. This ensures that the one or more user’s data stored in the database (108) on the network interface (110) and on the computer may always be synchronized.
[0068] When the one or more user’s login in a new computer, the login may re-initialize the IndexedDB in the new computer and may reconcile the one or more user’s data in the new computer. In another embodiment, there is no risk of data breach of the one or more user’s data for the one or more users who may have lost the computer as all the one or more user’s data remains encrypted inside the IndexedDB in the lost computer. And, the one or more user’s data may be accessed only through the system (100) and by entering the login key.
[0069] It should be noted that storing data on the computer of the one or more user’s may enable the system (100) may be configured to offer the “offline access” feature to the one or more user data on the computer of the one or more user even when the one or more user may not have the internet connectivity to access the network interface (110).
[0070] In another embodiment, when one or more users un-install the system (100) from the computer, the IndexedDB may be automatically removed by the one or more browsers along with the system (100).
[0071] FIG. 2A illustrates a flow chart of a method (200) for encryption, according to an embodiment. The flow chart of a method (200) for encryption further helps to understand the working of the system (100) for data privacy. The method (200) for encryption as depicted in the flow chart may be described in a stepwise manner as follows. In this regard, each block may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the blocks may occur out of the order noted in the drawings.
[0072] For example, two blocks are shown in succession in FIG. 2 may be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. Any process descriptions or blocks in flowcharts should be understood as representing modules, segments, or portions of code that include one or more executable instructions for implementing specific logical functions or steps in the process, and alternate implementations are included within the scope of the example embodiments in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved. In addition, the process descriptions or blocks in flow charts should be understood as representing decisions made by a hardware structure such as a state machine. The flowchart starts at the step (202) and proceeds till step (212). FIG. 2A is described in conjunction with FIG. 1 and FIG. 2B.
[0073] At first, receiving, via a user interface (102), one or more user login credentials for signup including at least a login key, a riddle question, a riddle answer, at step 202. In an embodiment, a login key, a riddle question and a riddle answer may be used to sign up for creating one or more user accounts. For example, a user may provide a login key as “abc-xyz”, a riddle question as “What has 88 keys” and a riddle answer as “A piano” to create a user account.
[0074] Successively, encrypting, via a security module (116), the one or more user login credentials, at step 204. The login key is self-encrypted. The riddle question is encrypted with login key. The riddle answer is self-encrypted. The login key, the riddle question and the riddle answer are stored encrypted in a database (108).
[0075] For example, the login key “abc-xyz”, the riddle question “What has 88 keys” and the riddle answer “A piano” are encrypted and stored in the database (108).
[0076] Successively, creating, via an account management module (114), one or more user accounts with the one or more user login credentials, having one or more datasheets of one or more user’s data of the one or more user accounts, at step 206. The one or more user accounts may be created. And, the one or more user accounts may connect with each other at a datasheet level. Further, the one or more user accounts may choose to connect one or more datasheets with other user accounts.
[0077] For example, a user account is created with the login credentials provided by the user. Further, the user account has a datasheet titled “Citibank” having all Citibank-related data and files.
[0078] Successively, generating, via the account management module (114), at least a vault key, a public key, a private key of the one or more datasheets, at step 208. In an embodiment, at least the vault key is a combination of one or more user accounts signup timestamp, at least the login key and a random 32-character string. The private key may be a system-generated 1024 RSA key.
[0079] For example, a vault key, a public key, a private key of the “Citibank” is generated after creating the user account having the datasheet “Citibank”.
[0080] Successively, encrypting, via the security module (116), at least the vault key with the encrypted at least one login key and at least the private key with at least the encrypted vault key, at step 210. In an embodiment, the generated one or more keys may be encrypted for data security of the one or more user accounts.
[0081] For example, the generated vault key of the “Citibank” is encrypted with the login key. Further, the generated private key is encrypted with the encrypted vault key to ensure security of the data in the “Citibank”.
[0082] Successively, storing, in the database (108), at least the encrypted vault key and at least the encrypted private key, at step 212. In an embodiment, at least the login key, the riddle answer, the vault key, the public key, the private key and the connect key remain encrypted in the database (108) at all times. The encrypted vault key is decrypted with the login key, the riddle question and the riddle answer.
[0083] For example, the encrypted vault key and the encrypted private key of “Citibank” is stored in the database (108) and remain encrypted at all the times.
[0084] Referring to FIG. 2B, the one or more datasheets is further encrypted.
[0085] Further, generating, via the account management module (114), at least a connect key, wherein the connect key is a combination of at least the login key and one or more user accounts current timestamp, at step 214. For example, a connect key is generated for “Citibank” which is a combination of the user’s current timestamp and the login key “abc-xyz”.
[0086] Successively, encrypting, via the security module (116), at least the connect key with a combination of at least the encrypted login key and the riddle answer, at step 216. For example, the generated connected key of “Citibank” is further encrypted with the encrypted login key and the riddle answer.
[0087] Successively, encrypting, via the security module (116), at least the encrypted connect key with at least the public key of the one or more user accounts, at step 218. For example, the encrypted connect key is even further encrypted with the user’s generated public key.
[0088] Successively, storing, in the database (108), at least the encrypted connect key of the one or more datasheets, wherein the one or more datasheets is decrypted with at least the private key, at step 220. For example, the encrypted connect key of the “Citibank” is further stored in the database (108).
[0089] In an embodiment, the method (200) further provides backend integration with one or more entity to receive the encrypted one or more keys of the one or more datasheet. Further, the encrypted one or more keys of the one or more datasheet is only decrypted and viewed by the one or more user accounts via re-login.
[0090] The integration with one or more entity may be driven with one or more system-generated parameters. Further, the backend integration with the one or more entity may be achieved through backend application programing interfaces (APIs) by mapping the aforementioned parameters in their respective systems for every user account.
[0091] In an exemplary embodiment, FIG. 3 illustrates a signup page (300) of the system (100). In one embodiment, the signup page may comprise of private key (302), riddle question and answer (304). The private key (302) may also be referred to as “login key”. Further, the private key (302), riddle question and answer (304) may be stored encrypted in the database (108).
[0092] In an exemplary embodiment, FIG. 4 illustrates a screenshot (400) of the system (100). The screenshot (400) illustrates share handle input section on a privacy settings page. The one or more users may create the share handle without divulging their name or identity. The share handle may be created by pressing save (402). Further, backend checks may be conducted to ensure that the share handle do not contain the one or more user’s login key.
[0093] In an exemplary embodiment, FIG. 5 illustrates another screenshot (500) of the system (100). The another screenshot (500) illustrates a “connect add” feature for a user. The “connect add” feature is illustrated as add (502) button. The one or more users may connect the one or more data with other users with the add (502). The add (502) may be used to add a new connect, change the one or more user’s access rights and to revoke one or more user’s access to a data item of the one or more datasheets completely. Further, only the data owner can add, change or revoke access of other users. In an embodiment, the another screenshot (500) illustrates four share handles only below add (502) button, which are of users already connected. Further, share handle of no other user is displayed by default.
[0094] Further, the another screenshot (500) also illustrates a field titled “Add new share handle to connect” in which the user may enter new share handles. However, one may do this only if the share handles are known. In case the user enters some valid share handles randomly to connect one or more users, the connected users may have the option to “disconnect” if they do not recognize this user or do not want their data to be connected with them. Also, any user can disconnect a data item of the one or more datasheets of any user at any time.
[0095] In an exemplary embodiment, FIG. 6 illustrates key principles (600) of the system (100). The system (100) may comprise at least six key principles to protect one or more users and the one or more user’s data.
[0096] In the system (100), the one or more user accounts are either hidden from other one or more users, or the one or more user controls who they connect with, when and for which data item of the one or more datasheets.
[0097] In an embodiment, the system (100) and the method (200A-B) may not use any cookies or third party analytics to track user preferences, device id or geographical location.
[0098] In an embodiment, the system (100) and the method (200A-B) may provide zero identity theft due to user anonymity.
[0099] In an embodiment, the system (100) and the method (200A-B) may provide zero data theft due to self-encryption approach of login key and riddles for zero user profiling, tracking or marketing.
[00100] In an embodiment, the system (100) and the method (200A-B) may provide total user control of what they store, over social connects and sharing of data and files.
[00101] It should be noted that the system (100) and the method (200A-B) in any case could undergo numerous modifications and variants, all of which are covered by the same innovative concept; moreover, all of the details can be replaced by technically equivalent elements. In practice, the components used, as well as the numbers, shapes, and sizes of the components can be whatever according to the technical requirements. The scope of protection of the invention is therefore defined by the attached claims.
, Claims:1. A system (100) for data privacy, comprising:
a memory (106) communicatively coupled to a processor (104) via a network interface (110), wherein the memory (106) is configured to store one or more instructions executed by the processor (104);
a database (108), configured to store at least one or more user’s data;
a base module (112) communicatively coupled to the processor (104) via the network interface (110), wherein the base module (112) further comprises:
a security module (116), configured to encrypt and decrypt one or more keys of the one or more user’s data, wherein the one or more keys are uniquely generated for the one or more user’s data;
an integration module (118), configured to provide backend integration of the base module (112) with one or more entity to receive the encrypted one or more user’s data that is only decrypted and viewed by one or more users via re-login;
wherein the one or more user’s data is encrypted uniquely for each of the one or more user to keep the one or more user anonymous from each other and the system (100) itself.
2. The system (100) as claimed in claim 1, wherein the base (112) module further comprises an account management module (114), configured to:
create one or more user accounts of the one or more users having the one or more user’s data;
create one or more datasheets of the one or more user’s data; and
generate one or more keys for each of the one or more datasheets.
3. The system (100) as claimed in claim 1, wherein the one or more keys include at least a login key, a vault key, a public key, a private key and a connect key, and remain encrypted in the database (108) at all times.
4. The system (100) as claimed in claim 1, wherein the security module (116) authenticates the one or more user while accessing the one or more datasheet by comparing the login key of the one or more user with the login key encrypted within the connect key of the one or more datasheets.
5. The system (100) as claimed in claim 1, wherein at least the login key, the riddle answer, the vault key, the public key, the private key and the connect key remain encrypted in the database (108) at all times.
6. A method (200) of encryption, comprising:
receiving, via a user interface (102), one or more user login credentials for signup including at least a login key, a riddle question, a riddle answer, at step 202;
encrypting, via a security module (116), the one or more user login credentials, at step 204;
creating, via an account management module (114), one or more user accounts with the one or more user login credentials, having one or more datasheets of one or more user’s data of the one or more user accounts, at step 206;
generating, via the account management module (114), at least a vault key, a public key, a private key for each of the one or more datasheets, at step 208;
encrypting, via the security module (116), at least the vault key with the encrypted at least one login key and at least the private key with at least the encrypted vault key, at step 210; and
storing, in a database (108), at least the encrypted vault key and at least the encrypted private key, at step 212.
7. The method (200) as claimed in claim 6, wherein the one or more datasheets is further encrypted, comprising:
generating, via the account management module (114), at least a connect key, wherein the connect key is a combination of at least the login key and one or more user accounts current timestamp, at step 302;
encrypting, via the security module (116), at least the connect key with a combination of at least the encrypted login key and the riddle answer, at step 304;
encrypting, via the security module (116), at least the encrypted connect key with at least the public key of the one or more user accounts, at step 306; and
storing, in the database (108), at least the encrypted connect key of the one or more datasheets, wherein the one or more datasheets is decrypted with at least the private key, at step 308.
8. The method (200) as claimed in claim 8, wherein the method further provides backend integration with one or more entity to receive the encrypted one or more keys of the one or more datasheets that is only decrypted and viewed by the one or more user accounts via re-login.
9. The method (200) as claimed in claim 8, wherein at least the vault key is a combination of one or more user accounts signup timestamp, at least the login key and a random 32-character string.
10. The method (200) as claimed in claim 8, wherein at least the login key, the riddle answer, the vault key, the public key, the private key and the connect key remain encrypted in the database (108) at all times.