CLOUD-BASED DATA BACKUP AND SYNC WITH SECURE LOCAL STORAGE OF ACCESS KEYS
First Claim
1. A computer-implemented method for storing data online, the method comprising:
- receiving, from a first channel of communication, a request from a client device to access a storage server on behalf of a user;
determining that the client device lacks credentials for the user;
sending an authorization code for the client device via a second channel of communication;
authenticating, for the user, the client device using the authorization code;
generating a unique user device key identifier specific to the user and the device;
storing the unique user device key identifier in a user database of the storage server;
providing the unique user device key identifier to the client device; and
providing user access to elements controlled by the user, when the client device provides the unique user device key identifier to the storage server.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for secure online data access. In one embodiment, three levels of security are provided where user master passwords are not required at a server. A user device may register with a storage service and receive a user device key that is stored on the device and at the service. The user device key may be used to authenticate the user device with the storage service. As data in the storage service is encrypted with a master password, the data may be protected from disclosure. As a user master key or derivative thereof is not used in authentication, the data may be protected from a disclosure or breach of the authentication credentials. Encryption and decryption may thus be performed on the user device with a user master key that may not be disclosed externally from the user device.
502 Citations
19 Claims
-
1. A computer-implemented method for storing data online, the method comprising:
-
receiving, from a first channel of communication, a request from a client device to access a storage server on behalf of a user; determining that the client device lacks credentials for the user; sending an authorization code for the client device via a second channel of communication; authenticating, for the user, the client device using the authorization code; generating a unique user device key identifier specific to the user and the device; storing the unique user device key identifier in a user database of the storage server; providing the unique user device key identifier to the client device; and providing user access to elements controlled by the user, when the client device provides the unique user device key identifier to the storage server. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for storing data online, the method comprising:
-
sending a request to access a storage server from a client device on behalf of a user; decrypting a unique user device key identifier with a user master password at the client device; sending the unique user device key identifier to the storage server; providing user access to elements of the storage server controlled by the user. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. One or more computer-readable storage media having collectively stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
-
send, over a first channel of communication, a request to access a storage server on behalf of a user; receive an authorization code via a second channel of communication; authenticate, for the user, the client device using the authorization code; generate a unique user device key identifier specific to the user and the device; send the unique user device key identifier to the storage server; encrypt the unique user device key identifier on the client device; and provide user access to elements controlled by the user, when the client device provides the unique user device key identifier to the storage server. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification