Methods and systems of data security in browser storage

US 10,257,169 B2
Filed: 01/30/2018
Issued: 04/09/2019
Est. Priority Date: 08/29/2011
Status: Active Grant

First Claim

Patent Images

1. A nontransient machine readable medium storing one or more machine instructions, which when invoked cause a processor to implement a method comprising:

at a server that includes at least a processor system having at least one processor and memory system, receiving a passcode and content;

in response to the passcode being authenticated, and in response to the receiving of the passcode and the content, performing the following,placing, by the server, the content and passcode into an object;

creating, by the server, a unique encryption key;

encrypting, by the server, the file having the content and the passcode as plain text with the unique encryption key, to create an encrypted object; and

sending from the server to the user system the encrypted object and a unique identifier for the private key and to cause the user system to store the encrypted object in a browser storage and, during future access attempts, send an encrypted token along with the passcode to access data and/or services.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms and methods are provided for managing OAuth access in a database network system, and extending the OAuth flow of authentication to securely store the OAuth encrypted refresh token in the storage available with current browsers or any other non-secure storage on user system.

127 Citations

14 Claims

1. A nontransient machine readable medium storing one or more machine instructions, which when invoked cause a processor to implement a method comprising:
- at a server that includes at least a processor system having at least one processor and memory system, receiving a passcode and content;
  
  in response to the passcode being authenticated, and in response to the receiving of the passcode and the content, performing the following,placing, by the server, the content and passcode into an object;
  
  creating, by the server, a unique encryption key;
  
  encrypting, by the server, the file having the content and the passcode as plain text with the unique encryption key, to create an encrypted object; and
  
  sending from the server to the user system the encrypted object and a unique identifier for the private key and to cause the user system to store the encrypted object in a browser storage and, during future access attempts, send an encrypted token along with the passcode to access data and/or services.
- View Dependent Claims (2, 3, 4)
- - 2. The nontransient machine readable medium of claim 1, wherein the object comprises at least a Binary Large Object (BLOB), the method further comprising converting the content and passcode into binary format and placing the passcode and content that were converted into the BLOB.
  - 3. The nontransient machine readable medium of claim 2, the content being a token for refreshing an access to another server.
  - 4. The nontransient machine readable medium of claim 2, the method further comprising:
    - sending the content from the server to another server; and
      
      in response to the sending, receiving a token from the other server.

5. A nontransient machine readable medium storing one or more machine instructions, which when invoked cause a processor to implement a method comprising:
- receiving, at a server that includes at least a processor system having at least one processor and memory system, a passcode and encrypted content and a unique key identifier;
  
  in response to the receiving, performing the following,querying a local database for the encryption key based on the key identifier;
  
  decrypting the encrypted content with the key;
  
  determining whether the passcode stored previously within the content and the passcode provided by the user match one another; and
  
  returning the decrypted content to the user if the passcode decrypted and the passcode provided by the user match one another.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The nontransient machine readable medium of claim 5, the method further comprising creating a log of the receiving, of the encrypted passcode if the passcode decrypted and the passcode provided by the user do not match one another.
  - 7. The nontransient machine readable medium of claim 5, the method further comprising:
    - prior to the receiving of the encrypted passcode and encrypted content and a unique key identifier, receiving at the server, from a user device, the content and the passcode for encryption;
      
      in response,creating, by the server, a file;
      
      placing, by the server, the passcode and content in the file,generating, by the server, a unique encryption key and unique identifier of the key,storing in a storage location of the memory system the unique encryption key in association with a unique identifier,encrypting, by the server, the file in which the passcode and content were placed with the unique encryption key, therein creating the encrypted passcode and the encrypted content;
      
      sending from the server to the user system the encrypted object and a unique identifier for the private key and to cause the user system to store the encrypted object in a browser storage and, during future access attempts, send an encrypted token along with the passcode to access data and/or services.
  - 8. The nontransient machine readable medium of claim 5, the storing of the token and passcode, including at least storing the token and passcode, which were encrypted, in a database of a browser.
  - 9. The nontransient machine readable medium of claim 5, the receiving of the token and the passcode including at least receiving an encrypted file containing the token and the passcode, the token and passcode being encrypted as a result of the file being encrypted.
  - 10. The nontransient machine readable medium of claim 5, the method further comprising after sending the content and passcode for encryption, receiving a unique identifier identifying the encryption key and storing the unique identifier in a store area at the user device.
  - 11. The nontransient machine readable medium of claim 5, the method further comprising after sending the content and passcode for encryption, receiving a unique identifier identifying the encryption key and storing the unique identifier in a store area associated with the browser at the user device.
  - 12. The nontransient machine readable medium of claim 5, further comprising:
    - receiving at the user system the content prior to sending the content.
  - 13. The nontransient machine readable medium of claim 5, the method further comprising:
    - after the user logs in and prior to sending the passcode and the content to the server, receiving at the user system a request to enter the passcode for the content.
  - 14. The nontransient machine readable medium of claim 5, the method further comprising:
    - sending from the user device, to the server, an encrypted passcode, encrypted content, and a unique key identifier; and
      
      in response, receiving at the user device, from the server, the decrypted content to the user if the passcode decrypted and the passcode provided by the user match one another.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Gupta, Akhilesh
Primary Examiner(s)
Okeke, Izunna

Application Number

US15/884,267
Publication Number

US 20180255030A1
Time in Patent Office

434 Days
Field of Search

713168, 713170, 713171, 713172, 713173, 713182, 713183, 726 2, 726 3, 726 4, 726 5, 726 6
US Class Current
CPC Class Codes

G06F 21/6227   where protection concerns t...

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 67/563   Data redirection of data ne...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/3213   using tickets or tokens, e....

Methods and systems of data security in browser storage

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

127 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems of data security in browser storage

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links