Private Data Processing in a Cloud-Based Environment
First Claim
1. A method for securing data on a semi-trusted server, the method implemented on a computing device and comprising:
- receiving at least a current session key from a user device for use during a current session, wherein said current session key is suitable for encrypting data and for decrypting data encrypted with said current session key;
decrypting communications received from said user device during said session with said session key;
encrypting with said session key at least one of communications to be sent to said user device and personal data generated during said session;
storing said encrypted personal data; and
discarding said current session key upon completion of said session, thereby limiting possible access to said stored encrypted personal data other than during said session.
4 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a method for securing data on a semi-trusted server is implemented on a computing device and includes: receiving at least a current session key from a user device for use during a current session, where the current session key is suitable for encrypting data and for decrypting data encrypted with the current session key, decrypting communications received from the user device during the session with said session key, encrypting with the session key at least one of communications to be sent to said user device and personal data generated during the session, storing the encrypted personal data, and discarding the current session key upon completion of the session, thereby limiting possible access to the stored encrypted personal data other than during the session. Related apparatus and methods are also described.
55 Citations
20 Claims
-
1. A method for securing data on a semi-trusted server, the method implemented on a computing device and comprising:
-
receiving at least a current session key from a user device for use during a current session, wherein said current session key is suitable for encrypting data and for decrypting data encrypted with said current session key; decrypting communications received from said user device during said session with said session key; encrypting with said session key at least one of communications to be sent to said user device and personal data generated during said session; storing said encrypted personal data; and discarding said current session key upon completion of said session, thereby limiting possible access to said stored encrypted personal data other than during said session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for controlling access to personal data stored on a semi-trusted server, the method implemented on a computing device and comprising:
-
sending a current session key from a client device to said semi-trusted server, wherein said semi-trusted server is configured to use said current session key to encrypt and decrypt personal data associated with said client device and to store said encrypted personal data with said current session key; encrypting communications to be sent to said semi-trusted server with said current session key; and decrypting communications received from said semi-trusted server with said current session key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for securing data on a semi-trusted server comprising:
-
means for receiving at least a current session key from a user device for use during a current session, wherein said current session key is suitable for encrypting data and for decrypting data encrypted with said current session key; means for decrypting communications received from said user device during said session with said session key; means for encrypting with said session key at least one of communications to be sent to said user device and said personal data generated during said session; means for storing said encrypted personal data; and means for discarding said current session key upon completion of said session, thereby limiting possible access to said stored encrypted personal data other than during said session. - View Dependent Claims (20)
-
Specification