How to turn a simple idea into techno babble, a story of a patent…

A friend of mine (who happens to be a security expert) asked me for a translation for a patent we submitted, so here is a Lawyerish to English translation:

Fig 1. showing how a person (or few people) can transparently access encrypted data distributed in multiple cloud locations.

I adore simple ideas and believe those make the best inventions throughout the times (the WII remote, using touch as an interface, the round cat toy with the ball in it that drives them crazy..)

So when I had one of those Eureka moments myself I was happy to convince everyone around me at work to try it out, two of my friends really liked it and had a few ideas of their own on how to enhance this idea with a few more use cases.

This is the problem I was trying to solve:

How does someone (me for example) who doesn’t work for a three letter agency, protect their personal data in the cloud without needing to pay an arm and a leg for a “military grade” business service and on the other hand keeping it simple enough to access the data without too much effort?

The solution I came up with (and am using) is this:

1. Encrypt important data that I want to access from a few devices / locations, and put the encrypted data into one cloud hosting service (Dropbox, Google…)

2. Save the private key used to encrypt the data into a different cloud service and add a simple pin I needed to remember as extra precaution.

So now, if I need to access the data on a new computer, I need to:

1. Install or access the two (or more) required cloud services (Google Drive, Dropbox…)

2. Use the private key hosted on one cloud service + key from the other + the pin I remember to unlock and the data.

The random attacker would need to know that two services are being used and which specific ones are being used, he will also need to know the usernames and passwords of the two services and also find out what is my pin which is not written down anywhere.

While this will not stop a dedicated hacker (eventually nothing would) I believe this method is a good trade-of between convenience and security for private online data storage.

After working with my friends (Omer and Alex) on turning the idea into a more general system which can be used as part of our software, we turned this into something that can be embedded transparently withing a generic file system and allow multiple people (multiple personas) to access their own cloud data without needing to know where it is located, how to encrypt, generate the key file etc.

We then met with our friendly corporate lawyers and after a very lengthy process they began converting our simple idea into a very complex lawyerish description you can read in the following link: WO2015084305 – METHODS, SYSTEMS, AND APPARATUS TO PROTECT CONTENT BASED ON PERSONA

Now, I understand why the patent system was put in place and truly believe in it’s original intentions, which I quote from Wikipedia: “

The English patent system evolved from its early medieval origins into the first modern patent system that recognised intellectual property in order to stimulate invention”

But didn’t we go too far with the current patent system? is it still driving us as a society forward? isn’t this very heavy process slowing us down? preventing us from focusing on improving our ideas, finding new solutions for all sorts of problems we are facing?

I hope going forward, we will find the correct balance for this very complex problem. (and maybe someone will patent that solution… :-) )