Zero knowledge attribute storage and retrieval
First Claim
Patent Images
1. A method comprising:
- a client machine requesting a certified copy of a piece of data from an authoritative party trusted by a third party in response to a first data request from the third party, wherein the piece of data comprises an age of a user of the client machine;
encrypting content of the certified copy of the piece of data using a private key at the client machine;
modifying a file name of the piece of data to disassociate the content of the piece of data from the modified file name;
storing the encrypted content and the modified file name in a database maintained by a server, separate from the authoritative party, without disclosing the content of the piece of data to the server;
the client machine withholding the private key from the server to prevent the server from decrypting the encrypted content;
the client machine discarding the private key after storing the encrypted content in the database;
the client machine retrieving the encrypted content from the database using the modified file name in response to a second data request;
the client machine receiving a second copy of the private key from the user;
the client machine decrypting the encrypted content from the database using the second copy of the private key; and
sending the content decrypted from the client machine to the third party.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments of zero knowledge attribute storage and retrieval have been presented. In one embodiment, the content of a piece of data is encrypted at a client machine. Further, an identifier of the piece of data is hashed at the client machine. The encrypted content and the hashed identifier may be stored in a database maintained by a server without disclosing the content of the data to the server.
18 Citations
8 Claims
-
1. A method comprising:
-
a client machine requesting a certified copy of a piece of data from an authoritative party trusted by a third party in response to a first data request from the third party, wherein the piece of data comprises an age of a user of the client machine; encrypting content of the certified copy of the piece of data using a private key at the client machine; modifying a file name of the piece of data to disassociate the content of the piece of data from the modified file name; storing the encrypted content and the modified file name in a database maintained by a server, separate from the authoritative party, without disclosing the content of the piece of data to the server; the client machine withholding the private key from the server to prevent the server from decrypting the encrypted content; the client machine discarding the private key after storing the encrypted content in the database; the client machine retrieving the encrypted content from the database using the modified file name in response to a second data request; the client machine receiving a second copy of the private key from the user; the client machine decrypting the encrypted content from the database using the second copy of the private key; and sending the content decrypted from the client machine to the third party. - View Dependent Claims (2, 3)
-
-
4. An apparatus comprising:
-
a network interface in a client device to send a request for a certified copy of a piece of data from an authoritative server trusted by a third party in response to a first data request from the third party, wherein the piece of data comprises an age of a user of the client device; and a processing device coupled to the network interface in the client device, to execute an encryption module to encrypt content of the certified copy of the piece of data using a private key, a hashing module to modify a file name of the piece of data such that the modified file name of the piece of data is disassociated from the content of the piece of data, wherein the network adapter is operable to send the encrypted content of the piece of data and the modified file name via a network to a server, separate from the authoritative server, to store the encrypted content in a database using the modified file name, wherein the private key is withheld from the database to prevent the server from decrypting the encrypted content and is discarded after the encrypted content has been stored in the database, a database access module to retrieve the encrypted content of the piece of data using the modified file name from the database in response to a second data request, and a decryption module to decrypt the encrypted content from the database using a second copy of the private key received from the user, wherein the decrypted content is sent to the third party. - View Dependent Claims (5)
-
-
6. A machine-readable storage medium that provides instructions that, if executed by a processor, will cause the processor to perform operations comprising:
-
a client machine requesting a certified copy of a piece of data from an authoritative party trusted by a third party in response to a first data request from the third party, wherein the piece of data comprises an age of a user of the client machine; encrypting content of the certified copy of the piece of data at the client machine using a private key; modifying a file name of the piece of data to disassociate the content of the piece of data from the modified file name; storing the encrypted content and the modified file name in a database maintained by a server, separate from the authoritative party, without disclosing the content of the piece of data to the server; withholding the private key, by the client machine, from the server to prevent the server from decrypting the encrypted content; discarding, by the client machine, the private key after storing the encrypted content in the database; retrieving, by the client machine, the encrypted content from the database using the modified file name in response to a second data request; receiving, by the client machine, a second copy of the private key from the user; decrypting the encrypted content from the database at the client machine using the second copy of the private key; and sending the content of the certified copy of the piece of data from the client machine to the third party. - View Dependent Claims (7, 8)
-
Specification