CLOUD-BASED DATA BACKUP AND SYNC WITH SECURE LOCAL STORAGE OF ACCESS KEYS

US 20130145447A1
Filed: 12/03/2012
Published: 06/06/2013
Est. Priority Date: 12/01/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for storing data online, the method comprising:

receiving, from a first channel of communication, a request from a client device to access a storage server on behalf of a user;

determining that the client device lacks credentials for the user;

sending an authorization code for the client device via a second channel of communication;

authenticating, for the user, the client device using the authorization code;

generating a unique user device key identifier specific to the user and the device;

storing the unique user device key identifier in a user database of the storage server;

providing the unique user device key identifier to the client device; and

providing user access to elements controlled by the user, when the client device provides the unique user device key identifier to the storage server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for secure online data access. In one embodiment, three levels of security are provided where user master passwords are not required at a server. A user device may register with a storage service and receive a user device key that is stored on the device and at the service. The user device key may be used to authenticate the user device with the storage service. As data in the storage service is encrypted with a master password, the data may be protected from disclosure. As a user master key or derivative thereof is not used in authentication, the data may be protected from a disclosure or breach of the authentication credentials. Encryption and decryption may thus be performed on the user device with a user master key that may not be disclosed externally from the user device.

502 Citations

19 Claims

1. A computer-implemented method for storing data online, the method comprising:
- receiving, from a first channel of communication, a request from a client device to access a storage server on behalf of a user;
  
  determining that the client device lacks credentials for the user;
  
  sending an authorization code for the client device via a second channel of communication;
  
  authenticating, for the user, the client device using the authorization code;
  
  generating a unique user device key identifier specific to the user and the device;
  
  storing the unique user device key identifier in a user database of the storage server;
  
  providing the unique user device key identifier to the client device; and
  
  providing user access to elements controlled by the user, when the client device provides the unique user device key identifier to the storage server.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer implemented method of claim 1, wherein generating the unique user device key identifier further comprises generating the unique user device key identifier based at least in part on information about device hardware of the client device.
  - 3. The computer implemented method of claim 1, wherein sending the authorization code for the client device via the second channel of communication further comprises:
    - sending a one-time key to the user through a second channel; and
      
      receiving the one-time key from the user over the first channel.
  - 4. The computer implemented method of claim 1, wherein providing user access to elements controlled by the user, when the client device provides the unique user device key identifier to the storage server further comprises:
    - receiving a request to access the storage server;
      
      receiving an indication that the client device has access to the unique user device key identifier in the user database;
      
      granting the client device access to the storage server.
  - 5. The computer implemented method of claim 1, further comprising causing the user device to encrypt the unique user device key identifier with the user master password at the client device.

6. A computer-implemented method for storing data online, the method comprising:
- sending a request to access a storage server from a client device on behalf of a user;
  
  decrypting a unique user device key identifier with a user master password at the client device;
  
  sending the unique user device key identifier to the storage server;
  
  providing user access to elements of the storage server controlled by the user.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The computer-implemented method of claim 6, further comprising:
    - determining the client device lacks registration to the client; and
      
      requiring authorization via a second channel of communication.
  - 8. The computer-implemented method of claim 7, wherein the second channel is text messaging or electronic mail.
  - 9. The computer-implemented method of claim 6, wherein providing user access to elements of the storage server further comprises:
    - downloading, to the user device, encrypted data stored by the storage server; and
      
      decrypting the encrypted data by the user device based at least in part on the user master password.
  - 10. The computer-implemented method of claim 6, wherein providing user access to elements of the storage server further comprises:
    - encrypting data on the user device based at least in part on the user master password; and
      
      uploading, by the user device, encrypted data to the storage server.
  - 11. The computer-implemented method of claim 6, further comprising providing an access restriction that prevents the user master password from being sent to the storage server.
  - 12. The computer-implemented method of claim 6, further comprising:
    - sending, over a first channel of communication, a first request to access a storage server on behalf of a user;
      
      receiving an authorization code for the client device via a second channel of communication;
      
      authenticating, for the user, the client device using the authorization code;
      
      generating the unique user device key identifier specific to the user and the device;
      
      sending the unique user device key identifier to the storage server;
      
      encrypting the unique user device key identifier on the client device; and
      
      providing user access to elements controlled by the user, when the client device provides the unique user device key identifier to the storage server.

13. One or more computer-readable storage media having collectively stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
- send, over a first channel of communication, a request to access a storage server on behalf of a user;
  
  receive an authorization code via a second channel of communication;
  
  authenticate, for the user, the client device using the authorization code;
  
  generate a unique user device key identifier specific to the user and the device;
  
  send the unique user device key identifier to the storage server;
  
  encrypt the unique user device key identifier on the client device; and
  
  provide user access to elements controlled by the user, when the client device provides the unique user device key identifier to the storage server.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The computer-readable storage media of claim 13, wherein the instructions further comprise instructions that, when executed, cause the computer system to at least:
    - send a second request to access a storage server from a client device on behalf of a user;
      
      decrypt the unique user device key identifier with a user master password at the client device;
      
      send the unique user device key identifier to the storage server;
      
      provide the user access to elements of the storage server controlled by the user.
  - 15. The computer-readable storage media of claim 13, wherein encrypt the unique user device key identifier on the client device further comprises:
    - encrypting the unique user device key identifier using a user master password; and
      
      providing a restriction of externally transmitting the user master password.
  - 16. The computer-readable storage media of claim 13, wherein provide user access to elements controlled by the user, when the client device provides the unique user device key identifier to the storage server. further comprises:
    - receiving encrypted data from the storage server; and
      
      decrypting the encrypted data using a user master password.
  - 17. The computer-readable storage media of claim 16, wherein the instructions further comprise instructions that, when executed, cause the computer system to at least provide an access restriction that prevents the user master password from being transmitted externally.
  - 18. The computer-readable storage media of claim 13, wherein provide user access to elements controlled by the user, when the client device provides the unique user device key identifier to the storage server. further comprises:
    - encrypting local data using a user master password; and
      
      sending the encrypted local data to the storage server.
  - 19. The computer-readable storage media of claim 18, wherein the instructions further comprise instructions that, when executed, cause the computer system to at least provide an access restriction that prevents the user master password from being transmitted externally.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dashlane SAS
Original Assignee
Dashlane SAS
Inventors
Maron, Guillaume

Granted Patent

US 9,330,245 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/31   User authentication

H04L 2463/082   applying multi-factor authe...

H04L 63/0838   using one-time-passwords

CLOUD-BASED DATA BACKUP AND SYNC WITH SECURE LOCAL STORAGE OF ACCESS KEYS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

502 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

CLOUD-BASED DATA BACKUP AND SYNC WITH SECURE LOCAL STORAGE OF ACCESS KEYS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

502 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links