Differential client-side encryption of information originating from a client

US 10,218,687 B2
Filed: 08/21/2017
Issued: 02/26/2019
Est. Priority Date: 09/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, from an entity server over a network by a computer system comprising one or more hardware processors, a processing request comprising an encrypted data package encrypted by a client device, wherein the encrypted data package comprises an encrypted symmetric key encrypted using a first public key allocated to the entity server and encrypted data encrypted using a symmetric key corresponding to the encrypted symmetric key;

determining, by the computer system, a first private key corresponding to the first public key allocated to the entity server by accessing a plurality of private keys stored in a memory;

decrypting, by the computer system, the encrypted symmetric key using the private key to obtain the symmetric key;

decrypting, by the computer system, the encrypted data using the symmetric key to obtain first data; and

providing, by the computer system, a processing result based on at least a portion of the first data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network.

18 Citations

20 Claims

1. A method comprising:
- receiving, from an entity server over a network by a computer system comprising one or more hardware processors, a processing request comprising an encrypted data package encrypted by a client device, wherein the encrypted data package comprises an encrypted symmetric key encrypted using a first public key allocated to the entity server and encrypted data encrypted using a symmetric key corresponding to the encrypted symmetric key;
  
  determining, by the computer system, a first private key corresponding to the first public key allocated to the entity server by accessing a plurality of private keys stored in a memory;
  
  decrypting, by the computer system, the encrypted symmetric key using the private key to obtain the symmetric key;
  
  decrypting, by the computer system, the encrypted data using the symmetric key to obtain first data; and
  
  providing, by the computer system, a processing result based on at least a portion of the first data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising receiving unencrypted data from the entity server over the network, wherein the unencrypted data is related to the first data, wherein the first data comprises a first type of information associated with the client device and the unencrypted data comprises a second type of information, and wherein the processing result is provided further based on at least a portion of the unencrypted data.
  - 3. The method of claim 1, further comprising:
    - providing the portion of the first data to a processing server for processing the first data; and
      
      receiving the processing result from the processing server.
  - 4. The method of claim 3, wherein the first data comprises payment information associated with a payment request, wherein the processing server is associated with a payment service provider, and wherein the processing result comprises an approval or a denial of the payment request.
  - 5. The method of claim 3, wherein the first data comprises patient information associated with a patient request for a medical service, wherein the processing server is associated with a medical service provider, and wherein the processing result comprises an approval or a denial of the patient request.
  - 6. The method of claim 3, wherein the first data comprises a third type of information, wherein the processing server is associated with a background investigation service provider, and wherein the processing result comprises a verified identity or an unverified identity.
  - 7. The method of claim 1, further comprising storing an association between each private key in the plurality of private keys to a corresponding public key in a plurality of public keys allocated to different entity servers.
  - 8. The method of claim 7, further comprising allocating the plurality of public keys to the different entity servers.
  - 9. The method of claim 1, wherein the first private key is determined based on at least one of an identifier contained in the processing request, a source of the processing request, the public key contained in the encrypted data package, a source of the encrypted data package, or a type of processing requested from the processing request.

10. A system, comprising:
- a non-transitory memory;
  
  one or more hardware processors coupled with the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising;
  
  receiving, from an entity server over a network, a processing request comprising an encrypted data package encrypted by a client device, wherein the encrypted data package comprises an encrypted symmetric key encrypted using a first public key allocated to the entity server and encrypted data encrypted using a symmetric key corresponding to the encrypted symmetric key;
  
  determining a first private key corresponding to the first public key allocated to the entity server by accessing a plurality of stored private keys;
  
  decrypting the encrypted symmetric key using the private key to obtain the symmetric key;
  
  decrypting the encrypted data using the symmetric key to obtain first data;
  
  determining a processing result based on at least a portion of the first data; and
  
  providing the processing result.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, further comprising receiving unencrypted data from the entity server over the network, wherein the unencrypted data is related to the first data, wherein the first data comprises a first type of information associated with the client device and the unencrypted data comprises a second type of information, and wherein the processing result is provided further based on at least a portion of the unencrypted data.
  - 12. The system of claim 10, wherein the operations further comprise:
    - providing the portion of the first data to a processing server for processing the first data; and
      
      receiving the processing result from the processing server.
  - 13. The system of claim 12, wherein the first data comprises payment information associated with a payment request, wherein the processing server is associated with a payment service provider, and wherein the processing result comprises an approval or a denial of the payment request.
  - 14. The system of claim 12, wherein providing the processing result comprises transmitting the processing result to the entity server.
  - 15. The system of claim 12, wherein providing the processing result comprises causing transmission of the processing result to a system other than the entity server or client device.
  - 16. The system of claim 10, wherein the operations further comprise storing an association between each private key in the plurality of private keys to a corresponding public key in a plurality of public keys allocated to different entity servers.
  - 17. The system of claim 12, wherein providing the processing result comprises causing a display of at least a portion of the processing result on a display device.
  - 18. The system of claim 10, wherein the first private key is determined based on at least one of an identifier contained in the processing request, a source of the processing request, the public key contained in the encrypted data package, a source of the encrypted data package, or a type of processing requested from the processing request.

19. A non-transitory machine readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising:
- receiving, from an entity server over a network, a processing request comprising an encrypted data package encrypted by a client device, wherein the encrypted data package comprises an encrypted symmetric key encrypted using a first public key allocated to the entity server and encrypted data encrypted using a symmetric key corresponding to the encrypted symmetric key;
  
  determining a first private key corresponding to the first public key allocated to the entity server by accessing a plurality of private keys stored in a memory;
  
  decrypting the encrypted symmetric key using the private key to obtain the symmetric key;
  
  decrypting the encrypted data using the symmetric key to obtain first data; and
  
  providing a processing result based on at least a portion of the first data.
- View Dependent Claims (20)
- - 20. The non-transitory machine readable medium of claim 19, wherein the operations further comprise:
    - providing the portion of the first data to a processing server for processing the first data;
      
      receiving the processing result from the processing server; and
      
      causing display of at least a portion of the processing server on a display device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Manges, Daniel
Primary Examiner(s)
Dinh, Minh

Application Number

US15/682,462
Publication Number

US 20180063104A1
Time in Patent Office

554 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/0471   applying encryption by an i...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/205   involving negotiation or de...

H04L 67/34   involving the movement of s...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/14   using a plurality of keys o...

Differential client-side encryption of information originating from a client

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Differential client-side encryption of information originating from a client

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links