System to prevent disclosing personally identifiable information (PII) and method thereof

Abstract

The present invention relates to a system (100) and method (200) to prevent disclosing personally identifiable information (PII) over a network (111). The system (100) includes a client device (101) configured to generate a communication request, a receiver device (102) configured to receive the communication, and a centralized server (103) connected to both the 5 client device (101) and receiver device (102). The centralized server (103) includes a processor (104) that is configured to fetch the generated communication request from the client device (101), create a session token (105) for the received request, and map the session token (105) to one or more session identifiers (106) pre-stored at the centralized server (103). The session token (105) is then transmitted from the centralized server (103) to the receiver device (102) to 0 facilitate communication with the client device (101) over the network (111), ensuring the PII remains protected and undisclosed.

Description

SYSTEM TO PREVENT DISCLOSING PERSONALLY IDENTIFIABLE INFORMATION (PII) AND METHOD THEREOFTECHNICAL FIELD

[0001] The present invention relates to the field of management, and preservation of personally identifiable information (hereinafter “PII”). Specifically, the present invention pertains to a system to prevent disclosing PII during communication and a method thereof.BACKGROUND

[0002] The following description of the related art is intended to provide background information pertaining to the field of the present invention. This section may include certain aspects of the art that may be related to various features of the present invention. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present invention, and not as an admission of the prior art.

[0003] It is identified that personally identifiable information (PII) like mobile number, and email address, etc., is shared and stored across umpteen devices and databases without the full knowledge and / or consent of its owner. The data is shared for various reasons, including but not limited to communication, identity authentication, and granting access permissions. However, the owner loses control over their data as soon as the PII is shared with anyone. As soon as the data is shared, the receiving parties can make unauthorized use and exchange of the provider's PII as they deem fit. Since the same PII is often shared between users' financial service providers, workplaces, various portals, and web or mobile apps over the internet, its unauthorized usage may result in spam calls, texts, attempts at identity fraud, and unauthorized access.

[0004] Moreover, communication identifiers like phone numbers and email addresses work as fixed destinations for communication regardless of who intends to connect or communicate. It often attracts callers or texters, commonly known as spammers. In order to change the set norms and empower users - the real owners of the PII data, a better communication routing should be developed along with its related technology applications. The parties, such as persons, organizations, and application portals, should not have access to or the ability to store other parties’ PII.

[0005] Patent document “US 20,100,043,064 Al”, titled “Method and system for protecting sensitive information and preventing unauthorized use of identity information” discloses a method and system for protecting sensitive information and preventing theunauthorized use of identity information, such as social security numbers or credit card details, by third parties. Virtual identifiers that identify an information holder whose sensitive information is involved in the process are dynamically created by an entity called a processing entity. The virtual identifiers are usually linked to a static identity of the information holder through a data management mechanism, such as a database system. A virtual identifier could serve multiple functions. Usually, validity attributes that indicate when and for how long a virtual identifier is valid for the different functions are associated with the virtual identifier. When the information holder interacts with a third party in a process that involves the information holder's sensitive information, the information holder uses virtual identifiers. Then, through a device connected to a network including wireless devices, telephone, or mail service, the party either passes along the virtual identifiers to other parties or submits requests along with the virtual identifiers to the processing entity, which could map the virtual identifiers to the static identity information and uses the static information to realize the requests.

[0006] Another patent document “IN 201,747,007,451”, titled “Secure mobile contact system (SMCS)”, discloses invention that provides a system for authenticating the identity of a user. The system comprises a processor and a non-volatile storage medium comprising computer-executable instructions to instruct the processor to receive an image file relating to the user, from a user device owned by the user; determine whether the image file matches stored image information in a database, wherein the stored image information is not an image file and contains identifying information about the image; and, if the image file matches the stored image information, allow the user to request an authentication message be sent to the user device, request that an authentication message be sent to a destination other than the user device, or request that a message be sent to a third party whose message addressing information is unknown to the user.

[0007] Hie above-mentioned references are not disclosed, and do not prevent disclosure of PII like phone number and email address, and thus, there is a dire need in the art to provide a system to prevent disclosing personally identifiable information (PII) during communication, and a method thereof.OBJECTS OF THE PRESENT INVENTION

[0008] Some of the objects of the present invention, which at least one embodiment herein satisfies, are as listed below.

[0009] It is an object of the present invention to provide a system and a method to prevent disclosing personally identifiable information (PII).

[0010] It is another object of the present invention to provide a system that manages the personally identifiable information (PII) over the network.

[0011] It is another object of the present invention to provide a system used for identity authentication for identity access management and related purposes by any person, organization, application, portal, etc.

[0012] It is another object of the present invention to provide a system and a method to connect with other people, organizations, and software systems to communicate and / or get authenticated to certain systems, applications, or premises without sharing their personally identifiable information with devices, over the network, or database systems.SUMMARY

[0013] Within the scope of this application, it is expressly envisaged that the various aspects, embodiments, examples, and alternatives set out in the preceding paragraphs, in the claims and / or in the following description and drawings, and in particular the individual features thereof, may be taken independently or in any combination. Features described in connection with one embodiment apply to all embodiments, unless such features are incompatible.

[0014] In an aspect, the present invention may provide a system that includes a centralized server that acts as an intermediary to enable communication without sharing personal information. An ordinary user continuously generates a digital footprint via various devices. The proposed system may create unique footprint hashes that uniquely identify users directly on their devices and challenge the user to be the operator to successfully identify the user. The existing system may work on two principles - something that a user has (mobile device, etc) and something a user knows (password, OTPs). The proposed system may work on the following principles - something a user has (mobile devices, etc.), something a user produces (digital footprint) - and thus may eliminate the need for passwords and OTPs in the process.

[0015] In another aspect, the system may include a feature wherein the user makes a call to the called receiver over the GSM network. With the proposed system, the caller may not need to have the phone number, but a unique connection ID that connects both the caller and the called party. It may be called a connect number, i.e., session identifier. A session identifier may include multiple digits, and is analogous to a ‘Domain Name System’ (hereinafter “DNS”) for phone numbers. For the session identifier to work, both the caller andcalled parties provide consent so that the centralised server can produce the session identifier and uniquely connect both the client and receiver devices. The centralised servers may act as a broker between end users (i.e., client and receiver) to resolve session identifiers with actual phone numbers and direct the call there. Cryptographic hashes may continuously generate and distribute session identifiers to keep the connection unique and secure. The proposed system may also work between a user of the system and other users who do not have the system.

[0016] In yet another aspect, where either the sender or receiver of the profile data may use the connecting tool, the connecting tool will ensure that either the PII data is not accessible or, to the minimum extent, the PII data is masked and will be of no further use if shared with any other user. Based on the profile connecting tool’s user may configure the call / text / email and other forms of communication, and can allow or restrict certain users to communicate with them.

[0017] In yet another aspect, the user may allow and revoke access to their personal and professional information to organizations, applications, and portals to identify and authenticate the users, and also may display and use their PII data as per the organization's usage policy. The user data may be stored in a database of the connecting tool never available at rest, and not stored in any other database apart from the connecting tool. Such user data, based on approval by users, may be accessed on the applications and portals. Once the intended purpose is completed, the data may then be deleted from the connecting tool and connecting portals and applications. In the proposed system, the user may have the logs available to verify the use of their PII data, and for important fields, they may also configure specific approvals so that any unauthorized access to their data may be prevented.

[0018] In yet another aspect, the system may include a digital footprint engine operating on the client device. The digital footprint engine may extract non-PII behavioural metrics including: navigation-speed signatures, app usage frequency preferred gesture patterns, call / text initiation rhythm session-level interaction timing. The behavioural signals form a dynamic identity hash, regenerated continuously and used to authenticate the operator of the device without revealing static identifiers such as device IDs or contact numbers. The method provides continuous user authentication.

[0019] Various objects, features, aspects, and advantages of the inventive subject matter will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which numerals represent components.BRIEF DESCRIPTION OF THE DRAWINGS

[0020] FIG. 1A illustrates an exemplary representation of a block diagram of a system to prevent disclosing personally identifiable information (PII), in accordance with an embodiment of the present invention.

[0021] FIG. IB illustrates an exemplary representation of a flow diagram illustrating a method for preventing the disclosure of personally identifiable information (PII), in accordance with an embodiment of the present invention.

[0022] FIG. 2 illustrates an exemplary representation of the message transfer operation performed by the system, in accordance with an embodiment of the present invention.

[0023] FIG. 3 illustrates a flow diagram representing operation of the centralised server for message transfer, in accordance with an embodiment of the present invention.

[0024] FIGs. 4 (A-B) illustrate exemplary representations of various operations performed by the system over the network, in accordance with an embodiment of the present invention.

[0025] FIG. 5 illustrates an exemplary representation of the operations performed between the client device and the receiver device over the network, in accordance with an embodiment of the present invention.

[0026] FIGs. 6 (A-C) illustrate exemplary representations of the system with bidirectional tokenized communication with distributed architecture (A), Cryptographic token generation through a set of instructions that creates unique identifiers (B), representation of technical advantage over existing server-based number masking solutions (C), in accordance with an embodiment of the present invention.

[0027] FIGs. 7 (A-C) illustrate exemplary representations of the system maintains identical user experience to standard telecommunications (A), the system utilizes existing GSM special character support to create tokens compatible with proposed telecommunications infrastructure (B), connection and network between the connecting tool’s users and the connecting tool’s user & GSM (regular) user by utilising proposed system (C), in accordance with an embodiment of the present invention.

[0028] FIGs. 8 (A-B) illustrate exemplary representations of communication calls (User 1 and User 3) by utilising the proposed system (A), and the communication callsbetween the connecting tool’s user (B), in accordance with an embodiment of the present invention.

[0029] FIG. 9 illustrates an exemplary representation of the email operation performed between the client device and the receiver device over the network, in accordance with an embodiment of the present invention.

[0030] FIG. 10 illustrates an exemplary representation of a flow diagram depicting digital footprint hash generation and continuous authentication, in accordance with an embodiment of the present invention.DETAILED DESCRIPTION

[0031] In the following description, for explanation, various specific details are outlined in order to provide a thorough understanding of the embodiments of the present invention. It will be apparent, however, that embodiments of the present invention may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address all of the problems discussed above or might address only some of them problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein.

[0032] The ensuing description provides exemplary embodiments only and is not intended to limit the scope, applicability, or configuration of the invention. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the invention as set forth.

[0033] The present disclosure introduces a universal identity-preserving communication framework that enables two or more parties to exchange calls, messages, emails, and profile information while maintaining mutually authenticated identity visibility without exposing PII.Unlike conventional masking systems that operate only in limited or proprietary channels, the proposed system enables cross-channel masked communication spanning GSM, VoIP, SMS, and email without requiring modification of telecom infrastructure. The present disclosure integrates behavioural digital footprint hashing with tokenized routing and Connect Number encoding, that allows the system to identify users continuously while maintaining zero disclosure of device identifiers or personal data.

[0034] Various embodiments of the present disclosure will be explained in detail with respect to FIGs. 1-10.

[0035] FIG. 1A illustrates an exemplary representation of a block diagram of a system (100) to prevent disclosing personally identifiable information (PII), in accordance with an embodiment of the present invention.

[0036] In an embodiment of the present invention, the system (100) to prevent disclosing personally identifiable information (PII) between users is illustrated. The system(100) includes a client device (101) configured to generate a request for communication, a receiver device (102) configured to connect with the client device (101), and a centralized server (103) is communicably coupled to the client device (101) and the receiver device(102). The centralized server (103) is equipped with a processor (104) configured to handle various operations required to facilitate secure communication without exposing the personal information of the users involved.

[0037] In an exemplary implementation of the embodiment, the client device (101) refers to any electronic device operated by a user to initiate communication. The client device(101) may include, but is not limited to, smartphone, tablet, computer, or any other connected device. For example, when a user initiates a communication session, such as a phone call or message, from their smartphone, the device functions as the client device (101). The client device (101) generates a request for communication and transmits it to the centralized server(103).

[0038] In the exemplary implementation of the embodiment, the receiver device (102) is any electronic device operated by intended recipient of the communication initiated by the client device (101). The receiver device (102) may include, but is not limited to, a smartphone, tablet, computer, or any other connected device. For instance, when the user receives a communication request on their smartphone, this device functions as the receiver device (102). The receiver device (102) can be configured to connect with the client device (101) to establish a communication session while ensuring that personally identifiable information is not disclosed.

[0039] In the exemplary implementation of the embodiment, the centralized server (103) can be connected to both the client device (101) and the receiver device (102) to facilitate secure communication in a network (111). The centralized server (103) can include the processor (104) that is configured to perform specific functions to manage communication requests while protecting the personal information of the users involved. Upon receiving the communication request generated by the client device (101), theprocessor (104) in the centralized server (103) can generate a session token (105). The session token acts as a temporary identifier that allows the client device (101) and the receiver device (102) to connect without revealing personally identifiable information.

[0040] In the exemplary implementation of the embodiment, the session token generated by the processor (104) can be mapped with one or more session identifiers, which are pre-stored at the centralized server (103). The session identifiers may include, but are not limited to, unique identifiers or codes associated with the client device (101) and the receiver device (102) to facilitate connection without using personal information. The session identifiers can be stored in a secure database within the centralized server (103) or generated dynamically over the network and used exclusively for mapping purposes. For example, when the processor (104) can generate the session token (105), it retrieves the corresponding session identifiers for the client device (101) and the receiver device (102) and associates them with the session token. The mapping ensures that the communication session can proceed without any exposure to personal details like phone numbers or email addresses.

[0041] Further, upon successful mapping of the session token with the session identifiers, the processor (104) transmits the session token to the receiver device (102). The session token enables the receiver device (102) to connect with the client device (101) without directly accessing any personally identifiable information. For instance, in the case of a phone call, the client device (101) can initiate a call through the session token, and the receiver device (102) will receive the call using the same token, which directs the communication through the centralized server (103). Similarly, in the case of a message, the session token allows the message to be delivered to the receiver device (102) without revealing the sender's phone number or email address.

[0042] For example, if a user with a smartphone (client device 101) wants to send a text message to another user’s tablet (receiver device 102), the smartphone (client device 101) generates a request for communication and transmits it to the centralized server (103). The processor (104) within the centralized server (103) receives this request, generates a unique session token, and maps it to the relevant session identifiers stored within the server. This session token is then transmitted to the tablet (receiver device 102), enabling secure communication between the devices.

[0043] In the exemplary implementation of the embodiment, the client device (101) and receiver device (102) encompass any connected devices capable of establishing communication sessions. The client device (101) and the receiver device (102) may include, but are not limited to, devices such as smartphones, tablets, computers, or any otherconnected device with communication capabilities. The flexibility allows the system (100) to be implemented across various platforms and devices, thus ensuring wide compatibility and usability.

[0044] In the exemplary implementation of the embodiment, the client device (101) and receiver device (102) interact with the centralized server (103) to prevent the disclosure of personally identifiable information while enabling secure communication. The centralized server (103), through its processor (104), manages the communication session by generating, mapping, and transmitting session tokens that act as substitutes for direct personal identifiers, which allows for a high level of privacy and security in user communications.

[0045] In the exemplary implementation of the embodiment, the system (100) includes the connecting tool (108) with a connect identification framework (Hereinafter “CIDF”) standard, along with a digital footprint to continuously identify users, allowing systems, portals, and apps to authenticate users without sharing personal information. The CIDF acts as an intermediary to enable user communication without sharing personal information. During a phone call, the caller makes a call to the called party over the GSM network. However, instead of the phone number the caller needs, a unique connection ID (Connect Number) connects both the caller and the called party. The connect number consists of multiple digits and is analogous to a domain name system (DNS) for phone numbers. For the Connect Number to work, the called party must consent to the caller by sharing a unique Connect Number. It will enable the caller (with or without the connecting tool (108) to call the recipient. The centralised server (103) act as broker between end users to resolve connect numbers with actual phone numbers and direct the call there. Cryptographic hashes will continuously generate and distribute Connect Numbers to keep the connection unique and secure.

[0046] Similarly, users can send emails to other stored contacts or other email addresses without revealing their email addresses. Only the name and profile picture set by the owner of the email ID will be displayed to the receiver. The receiver can reply to the original sender from the same email without requiring the sender’s email address. Connecting tool (108) have an embedded key in the emails to uniquely identify the email and route it to the original sender and other receivers in the To / CC list. Non-connecting tool’s users can seamlessly connect with the connecting tool’s users by getting masked email addresses which will filter and receive email from only the designated authorized receiver to whom the masked email is provided. The system (100) provides secure communication process for calls, SMS, emails,and profile sharing. It utilizes cryptographically generated "Connect Numbers" and masked identifiers to facilitate user connections without exposing real contact information.

[0047] In such embodiment, the system (100) can include a database (109) that stores personally identifiable information in an encrypted form using a zero-knowledge architecture. The database (109) can hold encrypted identity attributes, communication identifiers, session metadata, or device-related parameters without allowing the centralized server (103) or any external entity to directly interpret the stored values. In one embodiment, the encrypted storage can be based on a zero-knowledge protocol in which the processor (104) validates user authenticity without obtaining access to the raw personally identifiable information. In another embodiment, the encrypted records stored in the database (109) can be refreshed using periodic re-encryption techniques so that the encrypted representation remains secure against statistical analysis or pattern reconstruction.

[0048] In such embodiment, the system (100) can include an interface (110) configured to display the session token (105) and one or more reports associated with usage analytics. The interface (110) can be a RESTfiil Application Programming Interface that allows the client device (101) or the receiver device (102) to fetch analytical information, including the number of routed calls, the timing of token retrieval, the number of return attempts, or the distribution of user interactions across different communication types. The interface (110) can permit third-party services to access token metadata without exposing any underlying personally identifiable information stored in the database (109). In one embodiment, the interface (110) can provide numerical summaries, graphical trend lines, or real-time monitoring of session token generation activity over predefined time intervals.

[0049] In such embodiment, the processor (104) can instruct a client execution unit (101-1) of the client device (101) to establish a carrier-routed call. The carrier-routed call can be formatted to transmit a tokenized message using a special-character schema. The specialcharacter schema can include a combination of symbols, digits, and structured segments formatted for representation in a carrier signaling environment. The transmitted tokenized message can enable a user to initiate a return communication without exposure of the personally identifiable information of the client device (101) or the receiver device (102). In one embodiment, the transmitted tokenized message can embed the session token (105) within a dialable sequence, a Unstructured Supplementary Service Data (hereinafter “USSD”)-compatible format, a Dual -Tone Multi-Frequency (hereinafter “DTMF” -based segment, or an international-formatted encoded number. In another embodiment, the client execution unit (101-1) can embed supplemental parameters that represent a call direction, callcategory, or temporary routing index so that the receiver device (102) can initiate the return call using an anonymized structure generated by the processor (104).

[0050] In such embodiment, the processor (104) can include a token-rotating mechanism (104-2) for enforcing time-based and usage-based expiration parameters. The time-based expiration parameters can include durations such as 30 seconds, 1 minute, 5 minutes, 15 minutes, 1 hour, 24 hours, or any interval extending up to 30 days. The usagebased expiration parameters can include single-use, two-use, limited-use up to ten attempts, or a predefined number of session initiations. The predetermined duration for expiration can fall within a range between a minimum of 10 seconds and a maximum of 60 days. The predetermined usage limit can fall within a range between a single use and one hundred uses, depending on the communication requirement. The token rotating mechanism (104-2) can regenerate subsequent session tokens using cryptographically independent parameters. The cryptographically independent parameters can include unique cryptographic nonces, evolving random salts, time stamp-derived entropy, device-driven randomness, or a combination of caller identity hash and callee identity hash values. The processor (104) can validate timestamps against acceptance windows so that expired session tokens are rejected. The processor (104) can also record one-time-use states to prevent reuse of a previously validated session token.

[0051] Further, the system (100) can include a connecting tool (108) configured to enable one or more ways of communication between the client device (101) and the receiver device (102). The connecting tool (108) can allow a user to select a style of communication based on carrier routing, application-originated routing, VoIP routing, or token-driven numerical dialling. In one embodiment, the connecting tool (108) can enable communication through voice calls, text-based requests, data-encoded signaling messages, or multimedia- oriented communication. In another embodiment, the connecting tool (108) can restrict the user from performing a type of communication when the session token has expired, when the usage limit has been reached, or when the receiver device (102) has opted out of accepting return communication using the anonymized channel. The connecting tool (108) can further allow contextual selection of a return mode, including a call initiated through a tokenized sequence, a call initiated through an anonymized extension, or a communication initiated through a routed identifier generated by the processor (104).

[0052] In such embodiment, the system (100) can process communication requests based on a combination of the session token and a routing instruction transmitted through the connecting tool (108). The processor (104) can determine whether the communication can beinitiated using an anonymized dialable number, a virtual return identifier, or a structured token using hybrid number formatting. The routing instruction can be used by the receiver device (102) to generate a return session using the token delivered by the client device (101). The connecting tool (108) can also serve as the interface (110) to verify whether the session token (105) has met the predetermined validity conditions enforced by the token-rotating mechanism (104-2). The system (100) as described across the embodiments can therefore enable secure, privacy-preserving, and controlled communication between the client device(101) and the receiver device (102), while preventing disclosure of personally identifiable information stored at the database (109), and allows flexible token lifecycles established by the processor (104).

[0053] FIG. IB illustrates an exemplary representation of a flow diagram illustrating a method (200) for preventing the disclosure of personally identifiable information (PII), in accordance with an embodiment of the present invention.

[0054] In another embodiment of the present invention, the method (300) can be implemented to prevent disclosing PII using the system (100).

[0055] In an exemplary implementation of another embodiment, the disclosed method (200) can enable secure communication between a client device (101) and the receiver device (102) through the centralized server (103) over the network (111) while preventing the disclosure of personally identifiable information (PII) to the receiver device(102). The system (100) can utilize the centralized server (103), which is communicably coupled to the client device (101) and the receiver device (102). The centralized server (103) can be equipped with the processor (104) configured to execute the method’s steps to maintain PII security during communication.

[0056] At block 201, the client device (101) can initiate a request for communication, which may involve any request where the client device (101) seeks to establish contact or share information with the receiver device (102). Examples of client devices (101) can include, but are not limiting to, smartphones, tablets, computers, or any other connected device operated by a user who intends to establish communication without disclosing PII.

[0057] At block 202, the receiver (102) can configure to receive the requested communication. The receiver device (102) can include, but not limited to, smartphones, tablets, computers, or any other connected device used by the person who is the intended recipient of the communication.

[0058] At block 203, upon generating the request, the centralized server (103) can receive it. The server (103) can be configured with the processor (104), which can enable it to process the received communication request from the client device (101).

[0059] At block 204, after receiving the communication request, the processor (104) can generate the session token (105) corresponding to the request. The session token (105) can function as a secure, unique identifier for the particular communication session, which reduces the need to share PII directly between the client device (101) and the receiver device (102).

[0060] At block 205, the processor (104) on the centralized server (103) can map the generated session token (105) with one or more pre-stored session identifiers (106) within the server (103). The session identifiers (106) can represent unique identifiers or reference points associated with prior communication sessions or specific user configurations, ensuring that the session token (105) is linked to relevant identifiers while securing the underlying PII. The mapping process ensures that the session token (105) can be used to establish communication without exposing the PII to the receiver device (102), and it can allow the server (103) to handle communication requests in a manner that preserves the anonymity and privacy of the user associated with the client device (101).

[0061] At block 206, once the session token (105) can be mapped successfully to the session identifiers (106), the centralized server (103) can transmit the session token (105) to the receiver device (102) over the network (111). The transmission can enable the receiver device (102) to establish communication with the client device (101) without accessing or viewing the client device’s (101) PII. For example, the receiver device (102) can use the session token (105) to connect with the client device (101), which can allow data exchange or interaction without disclosing the PII and compromising the privacy of the user.

[0062] The network (111) supporting such communication can include any form of communication network, such as a cellular network, the Internet, or a private network, depending on the specific implementation and application of the system (100). The session token (105) can thus serve as a secure link for the communication session across the network (111) and ensures that the client device’s (101) identity and personal data remain concealed throughout the communication.

[0063] The method (200) can ensure secure communication in the system (100) by receiving a communication request from the client device (101), generating a unique session token (105), mapping the session token (105) to pre-stored session identifiers (106), and transmitting the token to the receiver device (102) to enable secure and Pll-protectedcommunication over the network (111). The arrangement can allow users to communicate securely while ensuring the protection of personally identifiable information practically and efficiently.

[0064] FIG. 2 illustrates an exemplary representation (250) of the message transfer operation performed by the system (100), in accordance with an embodiment of the present invention.

[0065] In another embodiment of the present invention, the system to manage PII is disclosed.

[0066] In an exemplary implementation of another embodiment, with the proposed system, the user can make calls to any other mobile device user with SIM-only calls. The user of the receiver device (102) not be able to view the phone Number of the user using the client device (101), however, if the receiver device has the connecting tool (108), then the user can view the user of the client device as a caller.

[0067] In the exemplary implementation of another embodiment, Table 1 below illustrates the different scenarios when the client device (101) and the receiver device (102) having the connecting tool (108) and not having the connecting tool (108) installed on their respective device.Table 1:

[0068] In yet another embodiment, how the data messaging service (hereinafter “DMS”), short message service (hereinafter “SMS”), or text messaging performed by the system (100) is illustrated in Table 2. In this context, the text refers to SMS sent through the connecting tool (108) that can be otherwise shown as regular SMS on the receiver device (102) + the DMS.

[0069] In the above-mentioned illustration, DMS is a service provided by the connecting tool (108), and SMS is the Subscriber Identity Module (SIM)-based service.Table 2:

[0070] In yet another embodiment, the personal profile sharing over the network (111) using the system (100) is illustrated in Table 3.Table 3:

[0071] FIG. 3 illustrates a flow diagram (300) representing operation of the centralised server for message transfer, in accordance with an embodiment of the present invention.

[0072] Referring to FIG. 3, the processor (104) fetches the generated request of communication from the client device (101) in the first step (301). This involves validating the connection to ensure that the server is functioning correctly, as depicted in the attached flowchart under the step labelled "Server OK?" Following the validation, the server acknowledges the sender’s request by sending an acknowledgment back to the client device (101) at step (302).

[0073] Once the communication request is received and acknowledged, the centralized server (103) confirms the sender’s validity, which is shown as "Confirm Sender's Validity" in FIG. 3. It may include checking the credentials or verifying the identity of the client device (101) to ensure that the communication request originates from a legitimate source. After confirming the sender’s validity, the processor (104) conducts a region check. This verifies if the communication request needs to be directed through a specific regional server. If required, the communication request is routed to a regional server for further processing at step (303).

[0074] Following the regional check, the processor (104) generates the session token (105) associated with the communication request. The session token (105) is a unique identifier that is mapped to one or more session identifiers (106), which are pre-stored at the centralized server (103).

[0075] Further, the processor (104) then evaluates the status of the receiver device (102) to confirm if the device is online. If the receiver device (102) is available, the centralized server (103) determines the appropriate communication channel to connect the client device (101) with the receiver device (102). In scenarios where the receiver device (102) is online, the session token (105) is transmitted directly over the internet to the receiver device (102) at step (304).

[0076] In cases where the receiver device (102) is offline, the centralised server (103) may choose alternative delivery mechanisms, such as voice over data transport (hereinafter “VODT”), to ensure that the communication request is delivered to the receiver device (102). The process is illustrated in the FIG. 3 as "Send to Receiver via VODT at step (305).

[0077] FIGs. 4 (A-B) illustrate an exemplary representation (400A, 400B) of various operations performed by the system (100) over the network (111), in accordance with an embodiment of the present invention.

[0078] FIG. 4A illustrates an exemplary representation of the connection established between the client device (101) and the receiver device (102) over the network (111).

[0079] FIG. 4B illustrates an exemplary representation of the various operations performed by the system (100).

[0080] FIG. 5 illustrates an exemplary representation (500) of the operations performed between the client device (101) and the receiver device (102) over the network (111), in accordance with an embodiment of the present invention.

[0081] In another embodiment of the present invention, the disclosed system (100) works on two principles: "something you have" (mobile device, etc.) and "something you produce" (digital footprint), which eliminates the need for traditional passwords and OTPs.

[0082] The system (100) can enable users to connect with other people, organizations, or software systems to communicate or get authenticated to systems, applications, or premises without revealing their PII to devices, networks, or databases, which could make their data vulnerable to misuse by spammers. As users continuously generate digital footprints through various devices, the system creates unique footprint hashes that directly identify users on their devices. It then challenges the user to prove they are the rightful operator of the device to successfully authenticate them.

[0083] FIGs. 6 (A-C) illustrate exemplary representations of the system (100) with bidirectional tokenized communication with distributed architecture (A) (600A), Cryptographic token generation through a set of instructions that creates unique identifiers (B) (600B),representation of technical advantage over existing server-based number masking solutions (C) (600C), in accordance with an embodiment of the present invention.

[0084] Referring to FIG. 6A (600A), the bi-directional tokenized communication with a distributed architecture is disclosed. FIG. 6A illustrates an arrangement (600A) in which the client device (101) and the receiver device (102) operate with a mobile application i.e., connecting tool (108). The client device (101) initiates a communication request through the connecting tool (108), which is transmitted over the network (111) towards the centralized server (103). The centralized server (103) cooperates with the database (109) to store and retrieve data required for establishing a secure communication session.

[0085] Referring to FIG. 6B (600B), the arrangement (600B) used for the generation of a unique token (607) based on multiple session parameters. A caller identity hash (601) and a callee identity hash (602) are supplied as inputs along with a session timestamp (603) that defines the time at which the communication request is generated. A secure random nonce(604) is introduced to ensure unpredictability of the final output, and a communication type ID (605) represents a category or mode associated with the communication session.

[0086] All the inputs from the caller identity hash (601), the callee identity hash (602), the session timestamp (603), the secure random nonce (604), and the communication type ID(605) are forwarded to a cryptographic combiner implemented using HMAC-SHA256 (606). The HMAC-SHA256 (606) processes the received parameters and produces a unique token (607) as the HMAC output for secure identification and validation of the corresponding communication session.

[0087] Referring to FIG. 6C (600C), an arrangement (600C) showing call routing between a caller and a callee through multiple intermediary paths to prevent disclosure of caller identity information. A first mobile application, i.e, client device (101), initiates an outbound call that is processed by a VOIP server handling a call with caller ID (701). The call is subsequently routed as a VOIP call using the caller ID (702) toward the second mobile application, i.e., receiver device (102) associated with the callee.

[0088] In another communication path, an intermediary call with a caller extension (703) is established through an intermediary caller server (704). The intermediary caller server (704) forwards the call to an intermediary server connecting the caller (705), which then can deliver the connection request to the callee operating the second mobile application, i.e., receiver device (102). The first and second mobile applications i.e., client and receiver device (101, 102 respectively), exchange the communication request through either the VOIProuting path or the intermediary call path, ensuring controlled routing and concealment of actual caller identity while maintaining session connectivity.

[0089] FIGs. 7 (A-C) illustrate exemplary representations of the system maintains identical user experience to standard telecommunications (700A) (A), the system utilizes existing GSM special character support to create tokens compatible with proposed telecommunications infrastructure (700B) (B), connection and network between the connecting tool’s users and the connecting tool’s user & GSM (regular) user by utilising proposed system (700C) (C), in accordance with an embodiment of the present invention.

[0090] In an embodiment, FIG. 7A (700A) illustrates an interface arrangement (700A) rendered by the connecting tool (108) operating on a mobile device, where the connecting tool (108) presents a contact-oriented view and a message-oriented view. In the contact-oriented view, the connecting tool (108) provides a search contacts field, followed by selectable categories such as Favorites, Recent, and Network, and displays a list of contact entries represented with user icons and corresponding identifiers. In the message-oriented view, the connecting tool (108) provides a search text field, followed by selectable filters such as Unread, Known, and Starred, and displays a list of text-based communication entries represented with user icons and associated message indicators. The connecting tool (108) enables structured navigation across contacts and messages within the arrangement (700A), allowing a user to filter, search, and select communication entries in an organized manner.

[0091] Referring to FIG. 7B (700B), an arrangement (700B) showing multiple tokens embedding formats used for encoding communication parameters into dialable number structures. A USSD-style format (801) presents a structure using symbol-based delimiters for embedding alphanumeric elements. A DTMF-style format (802) provides a series of digit blocks arranged as discrete sequences suitable for tone-based transmission. An internationalstyle format (803) incorporates a leading international indicator followed by segmented numeric fields that represent callable identifiers. A hybrid number format (804) combines a prefix, a token element, and a numeric field to embed session-specific values within a dialable sequence. The formats (801-804) collectively illustrate alternative ways of representing tokenized information within different numbering conventions for enabling communication routing without exposing personally identifiable information.

[0092] FIG. 7C (700C) illustrates the system (100) to prevent disclosing personally identifiable information by enabling controlled communication between the client device (101) and the receiver device (102) through the centralized server (103). A legend (901) identifies symbols associated with public key infrastructure. Multiple application users,including App User 1 (902) with profiles 1.1, 1.2, and 1.3 (906-1, 906-2, 906-3), App User 2 (903) with profile 2.1 (906-4), and GSM User 3 (904) without any online profile (905), interact with the system (100).

[0093] The process initiates at a start point (907), where App User 1 (902) shares aQR code, link, or NFC tap with App User 2 (903) as indicated at step (908). The receiver device (102), operated by App User 2 (903), accesses the online profile of App User 1 through the centralized server (103) and stores a secure contact token (909). The server (103), through the processor (104) and memory (107), fetches the request generated by the client device (101), generates the session token (105), and maps the session token with the one or more session identifiers (106). At step (910), App User 2 is prompted for permission to share a secured contact with App User 1. If permission is denied, the process terminates at step (913). If permission is granted as indicated at step (911), App User 1 accesses the profile of App User 2 online and stores a corresponding contact token (912). The centralized server(103) transmits the session token (105) to the receiver device (102) over the network (111), enabling the communication session while preventing exposure of any personally identifiable information to the receiver device (102).

[0094] FIGs. 8 (A-B) illustrate exemplary representations (800A, 800B) of communication calls (User 1 and User 3) by utilising the proposed system (A), and the communication calls between the connecting tool’s user (B), in accordance with an embodiment of the present invention.

[0095] FIG. 8A illustrates communication flows (800A) between the client device(101) operated by User 1 (Ul) and the receiver device (102) operated by User 3 (U3), under control of the centralized server (103). The centralized server (103), through the processor(104) and memory (107), processes each communication request to prevent disclosing personally identifiable information.

[0096] A first sequence begins at step (1001), where Ul dials an unmarked number of U3 (1002) over a GSM network. The client device (101) generates a communication request, which is fetched by the centralized server (103). The processor (104) generates the session token (105) and maps the session token with the one or more session identifiers (106). App Ul masks the caller number at step (1003), thereby preventing direct exposure of Ul ’s contact information to U3. The receiver device (102), operated by U2 or U3, receives the session token transmitted by the centralized server (103) over the network (111) and decides to accept or reject the call at step (1004). The flow concludes at step (1005).

[0097] A second sequence begins at step (1006), where U3 dials a combination of a random number and Dual-Tone Multi -Frequency sequence (1007) toward Ul. The centralized server (103) again fetches the request, generates the session token, performs mapping with the session identifiers (106), and passes the mapped session token (105) to App Ul for identification of the caller at step (1008). App Ul identifies the calling party without revealing the unmasked number. Ul accepts or rejects the call at step (1009), and the process ends at step (1010).

[0098] FIG. 8A therefore represents a controlled communication mechanism where the centralized server (103) mediates all call requests using session tokens and mapped session identifiers to ensure that PII of either party remains undisclosed during GSM-based interactions.

[0099] FIG. 8B illustrates communication calls (800B) between application users Ul and U2 using a mechanism designed to prevent disclosing personally identifiable information. The client device (101), operated by Ul, generates a communication request toward the receiver device (102), operated by U2. The centralized server (103) mediates the request by executing a set of instructions stored in memory (107) through the processor (104).

[0100] The flow begins at step (1201). At step (1202), Ul dials the numbers of U2 through an application interface. The application masks the number of Ul and inserts a DualTone Multi-Frequency sequence to encode a session-related identifier. The client device (101) transmits a communication request that is fetched by the centralized server (103). The processor (104) generates the session token (105) and maps the session token with the one or more session identifiers (106). The centralized server (103) transmits the mapped session token to the receiver device (102) over the network (111).

[0101] At step (1203), App U2 screens the incoming call and deciphers the DTMF sequence to identify that the call originates from Ul, without receiving the actual unmasked number. U2 accepts or rejects the call at step (1204), and the process terminates at step (1205). FIG. 8B therefore depicts an application-assisted GSM calling process where masking, DTMF encoding, and session-token mapping by the centralized server (103) ensure that PII of Ul is not disclosed to U2 during call setup or screening.

[0102] FIG. 9 illustrates an exemplary representation (900) of the email operation performed between the client device (101) and the receiver device (102) over the network (111), in accordance with an embodiment of the present invention.

[0103] Referring to FIG. 9, the user can be able to send emails to other stored contacts or other email addresses without revealing their email addresses. Only the name and profilepicture set by the owner of the email ID can be displayed. The receiver can reply to the original sender from the same email without requiring the sender's email address. The connecting tool (108) can have an embedded key in the emails to identify the email and route it to the original sender, and others can receive it in the primary recipient (TO) / carbon copy (CC). The users who do not have the connecting tool (108) can seamlessly connect with users having the connecting tool (108) by getting masked email addresses, which can fdter and receive email from only the designated authorized receiver to whom the masked email can be provided.

[0104] FIG. 10 illustrates an exemplary representation of a flow diagram (1000) depicting digital footprint hash generation and continuous authentication, in accordance with an embodiment of the present invention.

[0105] Referring to FIG. 10, a user interaction module (1011) that captures multiple behavioral parameters associated with the client device (101) is illustrated. The user interaction module (1011) can include gesture speed data (1012), page transition timing data (1013), call initiation patterns (1014), and text rhythm patterns (1015). Each of the aforementioned parameters represents a measurable behavioral characteristic exhibited by a user during interaction with the client device (101). For example, gesture speed (1012) can define the rate at which touch gestures are performed on a touchscreen interface. Page transition timing (1013) can define the duration of navigation actions between application pages. Call initiation patterns (1014) can define speed and sequence associated with initiating outgoing communication actions. Text rhythm patterns (1015) can define cadence characteristics associated with text input sequences.

[0106] The behavioral parameters are transmitted to a feature extraction unit (1016). The feature extraction unit (1016) is configured to generate one or more feature vectors representing a behavioral signature of the client device (101). The feature extraction unit (1016) forwards the extracted features to a footprint hash generator (1018). The footprint hash generator (1018) processes the extracted features to generate a digital footprint hash value, illustrated as FHi. The digital footprint hash serves as an encoded representation of the behavioral attributes associated with the user interaction module (1011). The footprint hash generator (1018) also evaluates any mismatch conditions relating to inconsistent behavioral features.

[0107] During the communication request process, the centralized server (103) fetches the generated request of communication from the client device (101). The processor (104) generates a session token (105) for the received request. The processor (104) maps thegenerated session token (105) with one or more stored session identifiers (106). The processor (104) performs a token authorization process (1017) based on the mapping result. Upon successful token authorization, the digital footprint hash FHi is used to validate continuous authentication through an authenticated token authorization module (1019). The authenticated token authorization module (1019) ensures that the session token (105) corresponds to a valid digital footprint hash value generated by the footprint hash generator (1018). If a mismatch is detected by the footprint hash generator (1008), the authenticated token authorization module (1019) triggers a reauthorization sequence routed back to the token authorization unit (1017). This ensures that only requests with valid behavioral signatures are authenticated.

[0108] FIG. 10 illustrates the overall flow of digital footprint hash generation and continuous authentication as applied within the system (100). The arrangement of the user interaction module (1001), gesture speed input (1002), page transition timing input (1013), call initiation patterns input (1014), text rhythm patterns input (1015), feature extraction unit (1016), token authorization unit (1017), footprint hash generator (1018), and authenticated token authorization module (1019) collectively ensures secure and non-identifiable session management for communication requests processed by the centralized server (103).

[0109] While considerable emphasis has been placed herein on the preferred embodiments, it will be appreciated that many embodiments can be made and that many changes can be made in the preferred embodiments without departing from the principles of the invention. These and other changes in the preferred embodiments of the invention will be apparent to those skilled in the art from the invention herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be implemented merely as illustrative of the invention and not as a limitation.ADVANTAGES OF THE PRESENT INVENTION

[0110] The present invention provides a system to prevent disclosing personally identifiable information (PII), and a method thereof.[oni] The present invention provides a system that assists in establishing communication over the network and associated changes applied to methods of communication and access management implemented by the system.

[0112] The present invention provides a system and a method through which users to connect with other people, organizations, and software systems to communicate or getauthenticated to certain systems, applications, or premises through the tokenized identity with devices, over the network or database systems.

[0113] The present invention provides a system and a method that collects, manages, and uses digital personally identifiable information without sharing it with other devices over the network, thereby maintaining privacy.

Claims

We Claim:

1. A system (100) to prevent disclosing personally identifiable information (PII), the system (100) comprising: a client device (101) to generate a request for communication; a receiver device (102) to receive the request for communication; and a centralized server (103) communicably coupled to the client device (101) and the receiver device (102), the centralized server (103) comprising a processor (104) having a memory (107) storing as a set of instructions, which when executed, causes the processor (104) to: fetch the generated request of communication from the client device (101); generate a session token for the received the request of communication; map the generated session token with one or more session identifiers (106); and transmit the session token (105), upon successful mapping, to the receiver device (102) to connect the client device (101) over the network (111) so as to prevent disclosing the PII to the receiver device (102).

2. The system (100) as claimed in claim 1, wherein one or more session identifiers (106) are pre-stored at the centralized server (103).

3. The system (100) as claimed in claim 1, comprises a connecting tool (108) to enable a user to make one or more ways of communication and allow or restrict the user to communicate with the receiver device (102).

4. The system ( 100) as claimed in claim 1 , wherein the client device ( 101) is selected from any of a smartphone, tablet, computer, or any digital device operated by the user.

5. The system (100) as claimed in claim 1, wherein the receiver device (102) is selected from any of a smartphone, tablet, computer, or any digital device used by the user who is intended recipient of the request for communication.

6. The system ( 100) as claimed in claim 1 , wherein the personally identifiable information (PII) is stored at a database (109) in an encrypted form using a zero-knowledge architecture.

7. The system (100) as claimed in claim 1 comprises an interface (110) to display the generated session token and one or more reports associated with usage analytics, and wherein the interface (110) is a RESTful Application Programming Interface (RESTful API).

8. The system (100) as claimed in claim 1, wherein the processor (104) instructs, by a client execution unit (101-1) of the client device (101), to establish a carrier routed call that format and transmit a tokenized message using a special character schema so that the user initiates a return communication without exposure of the PII of the client device(101) or the receiver device (102).

9. The system (100) as claimed in claim 1, wherein the processor (104) further comprises a token rotating mechanism ( 104-2) to enforce one or more time-based and usage-based expiration parameters within a predetermined duration and a predetermined usage limit; and wherein the token rotating mechanism (104-2) regenerate subsequent session token using one or more cryptographically independent parameters, validates timestamps against predefined acceptance windows, and records one-time-use states to prevent reuse of the session token.

10. A method (200) for preventing disclosure of personally identifiable information (PII), the method (200) comprising: generating (201), by a client device (101), a request for communication; receiving (202), by a receiver device (102), the request for communication; fetching (203), by a processor (104) of a centralized server (103), the generated request of communication from the client device (101), wherein the centralized server (103) is communicably coupled to the client device (101) and the receiver device(102), comprises the processor (104) having a memory (107) storing as a set of instructions for execution generating (204), by the processor (104), a session token for the received the request of communication; mapping (205), by the processor (104), the generated session token with one or more session identifiers (106); and transmitting (206), by the processor (104), the session token (105), upon successful mapping, to the receiver device (102) to connect the client device (101) over the network (111) so as to prevent disclosing the PII to the receiver device (102).

Images