Facilitating encrypted persistent storage in browsers

US 10,447,672 B2
Filed: 04/07/2017
Issued: 10/15/2019
Est. Priority Date: 11/01/2016
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising:

a memory; and

a processor configured to;

during a first browser session of a web browser situated at the computing device, obtain a first cryptographic key, the first browser session being associated with a session identifier (ID);

during the first browser session of the web browser, obtain session data;

apply the first cryptographic key to the session data to generate encrypted session data;

store the encrypted session data in the memory;

during a second browser session of the web browser, transmit a cryptographic key request to a server, the second browser session being associated with the session ID;

responsive to the cryptographic key request, receive a second cryptographic key from the server;

retrieve the encrypted session data from the memory; and

decrypt the encrypted session data using the second cryptographic key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are some implementations of systems, apparatus, methods and computer program products for encrypting and securely storing session data during a browser session using a session-based cryptographic key. The session data may be decrypted during the browser session or other browser sessions using the session-based cryptographic key or other backwards compatible session-based cryptographic keys. In addition, session-based cryptographic keys may be shared among browser sessions to enable encrypted session data to be decrypted across page refreshes and browser tabs.

200 Citations

20 Claims

1. A computing device comprising:
- a memory; and
  
  a processor configured to;
  
  during a first browser session of a web browser situated at the computing device, obtain a first cryptographic key, the first browser session being associated with a session identifier (ID);
  
  during the first browser session of the web browser, obtain session data;
  
  apply the first cryptographic key to the session data to generate encrypted session data;
  
  store the encrypted session data in the memory;
  
  during a second browser session of the web browser, transmit a cryptographic key request to a server, the second browser session being associated with the session ID;
  
  responsive to the cryptographic key request, receive a second cryptographic key from the server;
  
  retrieve the encrypted session data from the memory; and
  
  decrypt the encrypted session data using the second cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computing device as recited in claim 1, the processor being further configured to:
    - determine whether the second cryptographic key is configured to decrypt the encrypted session data;
      
      wherein decrypting the encrypted session data using the second cryptographic key is performed in response to determining that the second cryptographic key is configured to decrypt the encrypted session data.
  - 3. The computing device as recited in claim 2, the processor being further configured to determine whether the second cryptographic key is configured to decrypt the encrypted session data bydecrypting an encrypted sentinel value with the second cryptographic key.
  - 4. The computing device as recited in claim 1, wherein the first cryptographic key and the second cryptographic key are stored in ephemeral memory.
  - 5. The computing device as recited in claim 1, wherein the memory comprises an indexed database, and wherein the encrypted session data is stored in the indexed database.
  - 6. The computing device as recited in claim 1, wherein the memory comprises a browser cache, and wherein the encrypted session data is stored in the browser cache.
  - 7. The computing device as recited in claim 1, the processor being further configured to:
    - transmit, by a second browser instance associated with the second browser session, the second cryptographic key to a first browser instance associated with the first browser session.

8. A computer program product comprising one or more non-transitory computer-readable media having computer program instructions stored therein, the computer program instructions capable of being executed by one or more processors, computer program instructions configurable to cause:
- during a first browser session of a web browser situated at a computing device, obtaining a first cryptographic key, the first browser session being associated with a session identifier (ID);
  
  during the first browser session of the web browser, obtaining session data;
  
  applying the first cryptographic key to the session data to generate encrypted session data;
  
  storing the encrypted session data in a memory of the computing device;
  
  during a second browser session of the web browser, transmitting a cryptographic key request to a server, the second browser session being associated with the session ID;
  
  responsive to the cryptographic key request, receiving a second cryptographic key from the server;
  
  retrieving the encrypted session data from the memory; and
  
  decrypting the encrypted session data using the second cryptographic key.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product as recited in claim 8, the computer program instructions further configurable to cause:
    - determining whether the second cryptographic key is configured to decrypt the encrypted session data;
      
      wherein decrypting the encrypted session data using the second cryptographic key is performed in response to determining that the second cryptographic key is configured to decrypt the encrypted session data.
  - 10. The computer program product as recited in claim 9, wherein determining whether the second cryptographic key is configured to decrypt the encrypted session data comprises:
    - decrypting an encrypted sentinel value with the second cryptographic key.
  - 11. The computer program product as recited in claim 8, wherein the first cryptographic key and the second cryptographic key are stored in ephemeral memory.
  - 12. The computer program product as recited in claim 8, wherein the memory comprises an indexed database, and wherein the encrypted session data is stored in the indexed database.
  - 13. The computer program product as recited in claim 8, wherein the memory comprises a browser cache, and wherein the encrypted session data is stored in the browser cache.
  - 14. The computer program product as recited in claim 8, the computer program instructions further configurable to cause:
    - transmitting, by a second browser instance associated with the second browser session, the second cryptographic key to a first browser instance associated with the first browser session.

15. A method, comprising:
- during a first browser session of a web browser situated at a computing device, obtaining a first cryptographic key, the first browser session being associated with a session identifier (ID);
  
  during the first browser session of the web browser, obtaining session data;
  
  applying the first cryptographic key to the session data to generate encrypted session data;
  
  storing the encrypted session data in a memory of the computing device;
  
  during a second browser session of the web browser, transmitting a cryptographic key request to a server, the second browser session being associated with the session ID;
  
  responsive to the cryptographic key request, receiving a second cryptographic key from the server;
  
  retrieving the encrypted session data from the memory; and
  
  decrypting the encrypted session data using the second cryptographic key.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method as recited in claim 15, further comprising:
    - determining whether the second cryptographic key is configured to decrypt the encrypted session data;
      
      wherein decrypting the encrypted session data using the second cryptographic key is performed in response to determining that the second cryptographic key is configured to decrypt the encrypted session data.
  - 17. The method as recited in claim 16, wherein determining whether the second cryptographic key is configured to decrypt the encrypted session data comprises:
    - decrypting an encrypted sentinel value with the second cryptographic key.
  - 18. The method as recited in claim 15, wherein the memory comprises an indexed database, and wherein the encrypted session data is stored in the indexed database.
  - 19. The method as recited in claim 15, wherein the memory comprises a browser cache, and wherein the encrypted session data is stored in the browser cache.
  - 20. The method as recited in claim 15, the method further comprising:
    - transmitting, by a second browser instance associated with the second browser session, the second cryptographic key to a first browser instance associated with the first browser session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Venkiteswaran, Kevin, Gorbaty, Sergey, Yao, Bob, Bliss, Trevor James
Primary Examiner(s)
Plecha, Thaddeus J

Application Number

US15/482,638
Publication Number

US 20180124027A1
Time in Patent Office

921 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/957   Browsing optimisation, e.g....

G06F 21/60   Protecting data

G06F 21/6209   to a single file or object,...

G06F 21/6263   during internet communicati...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 67/1027   Persistence of sessions dur...

H04L 67/142   Managing session states for...

H04L 67/146   Markers for unambiguous ide...

Facilitating encrypted persistent storage in browsers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

200 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Facilitating encrypted persistent storage in browsers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

200 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links