Selective encryption of profile fields for multiple consumers

US 10,230,701 B2
Filed: 10/30/2015
Issued: 03/12/2019
Est. Priority Date: 10/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method for encrypting fields in a profile, comprising:

adding a profile associated with a user to a profile snapshot queue, wherein the profile includes encrypted fields that have been encrypted using symmetric keys, and a header including access information, wherein the access information comprises multiple versions of single symmetric keys encrypted by public keys associated with a plurality of consumers and wherein each of the plurality of consumers has different permissions to access the encrypted fields;

receiving a request by a consumer of the plurality of consumers to access the profile;

transmitting the profile from the profile snapshot queue to the consumer;

receiving an update to the profile from the user, wherein the update comprises updated fields corresponding to the encrypted fields and an update header;

adding the update to a live update queue, wherein the live update queue is accessible by the plurality of consumers;

encrypting the updated fields with symmetric keys;

encrypting the symmetric keys with a public key of the consumer;

storing the encrypted symmetric keys in the update header; and

enabling the consumer to access the update from the live update queue.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments relate to a system that provides a selective encryption technique that encrypts all of the fields in a profile, and selectively enables consumers of the profile information to decrypt specific fields in the profiles. This is accomplished by encrypting each field in the profile using a randomly generated symmetric key, and then encrypting the symmetric key for each field with public keys belonging to individuals who are authorized to access each field. These encrypted public keys are stored in a header of the profile to enable individuals to use their corresponding private keys to decrypt symmetric keys for the specific fields that they are authorized to access.

22 Citations

View as Search Results

27 Claims

1. A method for encrypting fields in a profile, comprising:
- adding a profile associated with a user to a profile snapshot queue, wherein the profile includes encrypted fields that have been encrypted using symmetric keys, and a header including access information, wherein the access information comprises multiple versions of single symmetric keys encrypted by public keys associated with a plurality of consumers and wherein each of the plurality of consumers has different permissions to access the encrypted fields;
  
  receiving a request by a consumer of the plurality of consumers to access the profile;
  
  transmitting the profile from the profile snapshot queue to the consumer;
  
  receiving an update to the profile from the user, wherein the update comprises updated fields corresponding to the encrypted fields and an update header;
  
  adding the update to a live update queue, wherein the live update queue is accessible by the plurality of consumers;
  
  encrypting the updated fields with symmetric keys;
  
  encrypting the symmetric keys with a public key of the consumer;
  
  storing the encrypted symmetric keys in the update header; and
  
  enabling the consumer to access the update from the live update queue.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein adding the update to the live update queue comprises:
    - retrieving the update, wherein the update includes the encrypted fields that have been encrypted using symmetric keys, and a header including encrypted versions of the symmetric keys, wherein the symmetric keys have been encrypted using public keys associated with consumers;
      
      using a private key associated with a consumer to decrypt a subset of the symmetric keys, wherein the subset of the symmetric keys was used to encrypt a subset of the encrypted fields in the update that the consumer is allowed to access; and
      
      using the subset of the symmetric keys to decrypt values in the subset of the encrypted fields that the consumer is allowed to access.
  - 3. The method of claim 1, wherein each encrypted field in the profile is encrypted with a different symmetric key.
  - 4. The method of claim 1, wherein the header is organized to facilitate looking up encrypted versions of symmetric keys belonging to a given consumer.
  - 5. The method of claim 1,wherein encrypting the updated fields with symmetric keys comprises:
    - generating a symmetric key for the consumer,using the symmetric key for the consumer to encrypt symmetric keys for fields the consumer is allowed to access,using a public key for the consumer to encrypt the symmetric key for the consumer, andstoring the encrypted symmetric keys for the fields the consumer is allowed to access and the encrypted symmetric key for the consumer in the header; and
      
      decrypting the subset of symmetric keys for the fields the consumer is allowed to access, including;
      
      using the private key for the consumer to decrypt the encrypted symmetric key for the consumer; and
      
      using the decrypted symmetric key for the consumer to decrypt the subset of symmetric keys for the fields the consumer is allowed to access.
  - 6. The method of claim 1, wherein the profiles in the profile snapshot queue include:
    - personal profiles containing personal attributes associated with corresponding people; and
      
      organizational profiles containing organizational attributes associated with corresponding organizations.
  - 7. The method of claim 1, wherein the method further comprises revoking access by the consumer to one or more fields in the profile by updating the header of the profile to remove encrypted versions of symmetric keys that can be decrypted using a private key associated with the consumer.
  - 8. The method of claim 1, wherein the profile snapshot queue is periodically populated by accessing each profile in the profile store while the profile store is being updated, and recording a snapshot of each accessed profile in the profile snapshot queue.
  - 9. The method of claim 8, wherein the profile snapshot queue is accessible by multiple consumers, and each of the multiple consumers can read through the profile snapshot queue at a different speed.

10. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for encrypting fields in a profile, comprising:
- adding a profile associated with a user to a profile snapshot queue, wherein the profile includes encrypted fields that have been encrypted using symmetric keys, and a header including access information, wherein the access information comprises multiple versions of single symmetric keys encrypted by public keys associated with a plurality of consumers and wherein each of the plurality of consumers has different permissions to access the encrypted fields;
  
  receiving a request by a consumer of the plurality of consumers to access the profile;
  
  transmitting the profile from the profile snapshot queue to the consumer;
  
  receiving an update to the profile from the user, wherein the update comprises updated fields corresponding to the encrypted fields and an update header;
  
  adding the update to a live update queue, wherein the live update queue is accessible by the plurality of consumers;
  
  encrypting the updated fields with symmetric keys;
  
  encrypting the symmetric keys with a public key of the consumer;
  
  storing the encrypted symmetric keys in the update header; and
  
  enabling the consumer to access the update from the live update queue.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The non-transitory computer-readable storage medium of claim 10, wherein adding the update to the live update queue comprises:
    - retrieving the update, wherein the update includes the encrypted fields that have been encrypted using symmetric keys, and a header including encrypted versions of the symmetric keys, wherein the symmetric keys have been encrypted using public keys associated with consumers;
      
      using a private key associated with a consumer to decrypt a subset of the symmetric keys, wherein the subset of the symmetric keys was used to encrypt a subset of the encrypted fields in the update that the consumer is allowed to access; and
      
      using the subset of the symmetric keys to decrypt values in the subset of the encrypted fields that the consumer is allowed to access.
  - 12. The non-transitory computer-readable storage medium of claim 10, wherein each encrypted field in the profile is encrypted with a different symmetric key.
  - 13. The non-transitory computer-readable storage medium of claim 10, wherein the header is organized to facilitate looking up encrypted versions of symmetric keys belonging to a given consumer.
  - 14. The non-transitory computer-readable storage medium of claim 10, wherein encrypting the updated fields with symmetric keys comprises:
    - generating a symmetric key for the consumer,using the symmetric key for the consumer to encrypt symmetric keys for fields the consumer is allowed to access,using a public key for the consumer to encrypt the symmetric key for the consumer, andstoring the encrypted symmetric keys for the fields the consumer is allowed to access and the encrypted symmetric key for the consumer in the header; and
      
      decrypting the subset of symmetric keys for the fields the consumer is allowed to access, including;
      
      using the private key for the consumer to decrypt the encrypted symmetric key for the consumer; and
      
      using the decrypted symmetric key for the consumer to decrypt the subset of symmetric keys for the fields the consumer is allowed to access.
  - 15. The non-transitory computer-readable storage medium of claim 10, wherein the profiles in the profile snapshot queue include:
    - personal profiles containing personal attributes associated with corresponding people; and
      
      organizational profiles containing organizational attributes associated with corresponding organizations.
  - 16. The non-transitory computer-readable storage medium of claim 10, wherein the method further comprises revoking access by the consumer to one or more fields in the profile by updating the header of the profile to remove encrypted versions of symmetric keys that can be decrypted using a private key associated with the consumer.
  - 17. The non-transitory computer-readable storage medium of claim 10, wherein the profile snapshot queue is periodically populated by accessing each profile in the profile store while the profile store is being updated, and recording a snapshot of each accessed profile in the profile snapshot queue.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein the profile snapshot queue is accessible by multiple consumers, and each of the multiple consumers can read through the profile snapshot queue at a different speed.

19. A system that facilitates accessing encrypted fields in a profile, comprising:
- at least one processor and at least one associated memory; and
  
  a decryption mechanism that executes on the at least one processor, wherein the decryption mechanism is configured to perform a method for encrypting fields in a profile, comprising;
  
  adding a profile associated with a user to a profile snapshot queue, wherein the profile includes encrypted fields that have been encrypted using symmetric keys, and a header including access information, wherein the access information comprises multiple versions of single symmetric keys encrypted by public keys associated with a plurality of consumers and wherein each of the plurality of consumers has different permissions to access the encrypted fields;
  
  receiving a request by a consumer of the plurality of consumers to access the profile;
  
  transmitting the profile from the profile snapshot queue to the consumer;
  
  receiving an update to the profile from the user, wherein the update comprises updated fields corresponding to the encrypted fields and an update header;
  
  adding the update to a live update queue, wherein the live update queue is accessible by the plurality of consumers;
  
  encrypting the updated fields with symmetric keys;
  
  encrypting the symmetric keys with a public key of the consumer;
  
  storing the encrypted symmetric keys in the update header; and
  
  enabling the consumer to access the update from the live update queue.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The system of claim 19, wherein adding the update to the live update queue comprises:
    - retrieving the update, wherein the update includes the encrypted fields that have been encrypted using symmetric keys, and a header including encrypted versions of the symmetric keys, wherein the symmetric keys have been encrypted using public keys associated with consumers;
      
      using a private key associated with a consumer to decrypt a subset of the symmetric keys, wherein the subset of the symmetric keys was used to encrypt a subset of the encrypted fields in the update that the consumer is allowed to access; and
      
      using the subset of the symmetric keys to decrypt values in the subset of the encrypted fields that the consumer is allowed to access.
  - 21. The system of claim 19, wherein each encrypted field in the profile is encrypted with a different symmetric key.
  - 22. The system of claim 19, wherein the header is organized to facilitate looking up encrypted versions of symmetric keys belonging to a given consumer.
  - 23. The system of claim 19,wherein encrypting the updated fields with symmetric keys comprises:
    - generating a symmetric key for the consumer,using the symmetric key for the consumer to encrypt symmetric keys for fields the consumer is allowed to access,using a public key for the consumer to encrypt the symmetric key for the consumer, andstoring the encrypted symmetric keys for the fields the consumer is allowed to access and the encrypted symmetric key for the consumer in the header; and
      
      decrypting the subset of symmetric keys for the fields the consumer is allowed to access including,using the private key for the consumer to decrypt the encrypted symmetric key for the consumer, andusing the decrypted symmetric key for the consumer to decrypt the subset of symmetric keys for the fields the consumer is allowed to access.
  - 24. The system of claim 19, wherein the profiles in the profile snapshot queue include:
    - personal profiles containing personal attributes associated with corresponding people; and
      
      organizational profiles containing organizational attributes associated with corresponding organizations.
  - 25. The system of claim 19, further comprising a revocation mechanism that revokes access by the consumer to one or more fields in the profile by updating the header of the profile to remove encrypted versions of symmetric keys that can be decrypted using a private key associated with the consumer.
  - 26. The system of claim 19, wherein the profile snapshot queue is periodically populated by accessing each profile in the profile store while the profile store is being updated, and recording a snapshot of each accessed profile in the profile snapshot queue.
  - 27. The system of claim 26, wherein the profile snapshot queue is accessible by multiple consumers, and each of the multiple consumers can read through the profile snapshot queue at a different speed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Ullrich, Tobias, Pfannenschmidt, Lars, Wisniewski, Frank
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Gyorfi, Thomas A

Application Number

US14/928,777
Publication Number

US 20170126644A1
Time in Patent Office

1,229 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/045   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3268   using certificate validatio...

Selective encryption of profile fields for multiple consumers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Selective encryption of profile fields for multiple consumers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others