Privacy enhancements for server-side cookies

US 8,302,169 B1
Filed: 03/06/2009
Issued: 10/30/2012
Est. Priority Date: 03/06/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of accessing cryptographically protected information comprising, on a server system:

receiving a request from a client system, the request including a cryptographic object;

processing the request by;

identifying, at the server system, cryptographically protected information associated with the cryptographic object;

accessing the cryptographically protected information using the cryptographic object;

sending, to the client system, data based at least in part on the cryptographically protected information; and

in conjunction with completing processing of the request, irreversibly modifying the cryptographic object on the server system;

wherein irreversibly modifying the cryptographic object on the server system comprises truncating the cryptographic object on the server system to generate a truncated cryptographic object.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server system receives requests from client systems and sends responses back to the client systems. For a subset of the requests, in addition to responding to a request from a client system, the method includes creating a cryptographic object at the server system. The cryptographic object is used to cryptographically protect information related to the request, and the cryptographically protected information associated with the cryptographic object is stored at the server system. The server system then sends the cryptographic object to the client system, and in conjunction with sending the cryptographic object to the client system, irreversibly modifies the cryptographic object on the server system. For example, in some embodiments the cryptographic object includes an cryptographic key, and the server system deletes or truncates the only instances of the cryptographic object on the server system when the server system finishes responding to the request from the client system.

75 Citations

View as Search Results

25 Claims

1. A computer-implemented method of accessing cryptographically protected information comprising, on a server system:
- receiving a request from a client system, the request including a cryptographic object;
  
  processing the request by;
  
  identifying, at the server system, cryptographically protected information associated with the cryptographic object;
  
  accessing the cryptographically protected information using the cryptographic object;
  
  sending, to the client system, data based at least in part on the cryptographically protected information; and
  
  in conjunction with completing processing of the request, irreversibly modifying the cryptographic object on the server system;
  
  wherein irreversibly modifying the cryptographic object on the server system comprises truncating the cryptographic object on the server system to generate a truncated cryptographic object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein irreversibly modifying the cryptographic object is performed in accordance with a predefined privacy policy.
  - 3. The method of claim 1, further comprising:
    - in conjunction with completing processing of the request, deleting other user-specific information from the server system in accordance with a predefined privacy policy.
  - 4. The method of claim 1, including, prior to receiving the request:
    - storing, at the server system, the cryptographically protected information associated with the cryptographic object;
      
      sending to the client system the cryptographic object; and
      
      in conjunction with sending the cryptographic object to the client system, irreversibly modifying the cryptographic object on the server system.
  - 5. The method of claim 1, wherein the cryptographic object includes a unique identifier and a key value;
    - and the method includes;
      
      identifying the cryptographically protected information using the unique identifier; and
      
      accessing the cryptographically protected information using the key value.
  - 6. The method of claim 5, wherein the cryptographic object further includes a version identifier;
    - and the method includes;
      
      performing a remedial action when the version identifier in the cryptographic object does not match a corresponding version value stored in the server system.
  - 7. The method of claim 5, wherein the cryptographic object is encrypted, and processing the request includes decrypting the cryptographic object to recover the unique identifier and key value of the cryptographic object.
  - 8. The method of claim 1, wherein the cryptographic object is encrypted.
  - 9. The method of claim 1, wherein processing the request includes logging information associated with the request, the logged information including the truncated cryptographic object.
  - 10. The method of claim 1, wherein processing the request includes updating the cryptographically protected information based at least in part on actions taken by a user and storing the updated information.
  - 11. The method of claim 1, further comprising:
    - receiving from a first client system a first request having a first cryptographic object;
      
      receiving from a second client system, distinct from the first client system, a second request having a second cryptographic object;
      
      determining whether the first cryptographic object and the second cryptographic object both correspond to first cryptographically protected information;
      
      when the first cryptographic object and the second cryptographic object both correspond to the first cryptographically protected information, performing a remedial operation on the first cryptographically protected information.
  - 12. The method of claim 11, wherein the remedial operation is to replicate the first cryptographically protected information to produce second cryptographically protected information and to associate with the second cryptographically protected information an updated cryptographic object that is distinct in value from the first and second cryptographic objects.
  - 13. The method of claim 11, wherein the remedial operation is to delete the first cryptographically protected information.

14. A system for accessing cryptographically protected information comprising:
- memoryone or more processors; and
  
  one or more modules stored in the memory, the one or more modules including instructions which when executed by the one or more processors cause the system;
  
  to process a request received from a client system, wherein the request includes a cryptographic object, by;
  
  identifying, at the server system, cryptographically protected information associated with the cryptographic object;
  
  accessing the cryptographically protected information using the cryptographic object;
  
  sending, to the client system, data based at least in part on the cryptographically protected information; and
  
  in conjunction with completing processing of the request, irreversibly modifying the cryptographic object on the server system;
  
  wherein irreversibly modifying the cryptographic object on the server system comprises truncating the cryptographic object on the server system to generate a truncated cryptographic object.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system of claim 14, wherein the irreversibly modifying is performed in accordance with a predefined privacy policy.
  - 16. The system of claim 14, wherein the one or more modules include instructions:
    - to store at the server system, prior to receiving the request, the cryptographically protected information associated with the cryptographic object;
      
      to send to the client system the cryptographic object; and
      
      to irreversibly modify the cryptographic object on the server in conjunction with sending the cryptographic object to the client system.
  - 17. The system of claim 14, wherein the cryptographic object includes a unique identifier and a key value;
    - and the one or more modules include instructions;
      
      to identify the cryptographically protected information using the unique identifier; and
      
      to access the cryptographically protected information using the key value.
  - 18. The system of claim 17, wherein the cryptographic object further includes a version identifier;
    - and the one or more modules include instructions;
      
      to perform a remedial action when the version identifier in the cryptographic object does not match a corresponding version value stored in the server system.
  - 19. The system of claim 17, wherein the cryptographic object is encrypted, and the instructions to process the request include instructions to decrypt the cryptographic object to recover the unique identifier and key value of the cryptographic object.

20. A non-transitory computer readable storage medium storing one or more programs for execution by one or more processors of a computer system, the one or more programs comprising instructions:
- to process a request received from a client system, wherein the request includes a cryptographic object, by;
  
  identifying, at the server system, cryptographically protected information associated with the cryptographic object;
  
  accessing the cryptographically protected information using the cryptographic object;
  
  sending, to the client system, data based at least in part on the cryptographically protected information; and
  
  in conjunction with completing processing of the request, irreversibly modifying the cryptographic object on the server system;
  
  wherein irreversibly modifying the cryptographic object on the server system comprises truncating the cryptographic object on the server system to generate a truncated cryptographic object.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The non-transitory computer readable storage medium of claim 20, wherein the irreversibly modifying is performed in accordance with a predefined privacy policy.
  - 22. The non-transitory computer readable storage medium of claim 20, further comprising instructions:
    - to store at the server system, prior to receiving the request, the cryptographically protected information associated with the cryptographic object;
      
      to send to the client system the cryptographic object; and
      
      to irreversibly modify the cryptographic object on the server in conjunction with sending the cryptographic object to the client system.
  - 23. The non-transitory computer readable storage medium of claim 20, wherein the cryptographic object includes a unique identifier and a key value;
    - and the computer readable storage medium further comprises instructions;
      
      to identify the cryptographically protected information using the unique identifier; and
      
      to access the cryptographically protected information using the key value.
  - 24. The non-transitory computer readable storage medium of claim 23, wherein the cryptographic object further includes a version identifier;
    - and the computer readable storage medium further comprises instructions;
      
      to perform a remedial action when the version identifier in the cryptographic object does not match a corresponding version value stored in the server system.
  - 25. The non-transitory computer readable storage medium of claim 23, wherein the cryptographic object is encrypted, and the instructions to process the request include instructions to decrypt the cryptographic object to recover the unique identifier and key value of the cryptographic object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Presotto, David Leo, Szymaniak, Michal P., Keller, James F., Klenk, Mark
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US12/399,754
Time in Patent Office

1,334 Days
Field of Search

713/155
US Class Current

726/5
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

H04L 63/0428   wherein the data content is...

H04L 63/102   Entity profiles

Privacy enhancements for server-side cookies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy enhancements for server-side cookies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links