Systems and methods for secure third-party data storage
First Claim
1. A computer-implemented method for secure third-party data storage, at least a portion of the method being performed by a server-side computing device comprising at least one processor, the method comprising:
- identifying, at the server-side computing device, a request from a client system to access an encrypted file stored under a user account, wherein the requested access requires decryption of the encrypted file;
identifying, in response to the request, an asymmetric key pair designated for the user account that comprises an encryption key and a decryption key, wherein the decryption key has been encrypted with a client-side key that is not stored on the server-side computing device;
receiving, at the server-side computing device from the client system, the client-side key;
storing the client-side key in volatile memory of the server-side computing device without storing the client-side key in non-volatile memory of the server-side computing device;
decrypting, at the server-side computing device, the decryption key with the client-side key;
using the decryption key to access an unencrypted version of the encrypted file.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for secure third-party data storage may include 1) identifying, at a server-side computing device, a request from a client system to access an encrypted file stored under a user account, 2) identifying, in response to the request, an asymmetric key pair designated for the user account that includes an encryption key and a decryption key that has been encrypted with a client-side key, 3) receiving, from the client system, the client-side key, 4) decrypting the decryption key with the client-side key, and 5) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for secure third-party data storage, at least a portion of the method being performed by a server-side computing device comprising at least one processor, the method comprising:
-
identifying, at the server-side computing device, a request from a client system to access an encrypted file stored under a user account, wherein the requested access requires decryption of the encrypted file; identifying, in response to the request, an asymmetric key pair designated for the user account that comprises an encryption key and a decryption key, wherein the decryption key has been encrypted with a client-side key that is not stored on the server-side computing device; receiving, at the server-side computing device from the client system, the client-side key; storing the client-side key in volatile memory of the server-side computing device without storing the client-side key in non-volatile memory of the server-side computing device; decrypting, at the server-side computing device, the decryption key with the client-side key; using the decryption key to access an unencrypted version of the encrypted file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for secure third-party data storage, the system comprising:
-
an identification module programmed to identify, at a server-side computing device, a request from a client system to access an encrypted file stored under a user account, wherein the requested access requires decryption of the encrypted file; a key module programmed to identify, in response to the request, an asymmetric key pair designated for the user account that comprises an encryption key and a decryption key, wherein the decryption key has been encrypted with a client-side key that is not stored on the server-side computing device; a receiving module programmed to; receive, at the server-side computing device from the client system, the client-side key; store the client-side key in volatile memory of the server-side computing device without storing the client-side key in non-volatile memory of the server-side computing device; a decryption module programmed to decrypt, at the server-side computing device, the decryption key with the client-side key; an access module programmed to use the decryption key to access an unencrypted version of the encrypted file; at least one processor configured to execute the identification module, the key module, the receiving module, the decryption module, and the access module. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a server-side computing device, cause the computing device to:
-
identify, at the server-side computing device, a request from a client system to access an encrypted file stored under a user account, wherein the requested access requires decryption of the encrypted file; identify, in response to the request, an asymmetric key pair designated for the user account that comprises an encryption key and a decryption key, wherein the decryption key has been encrypted with a client-side key that is not stored on the server-side computing device; receive, at the server-side computing device from the client system, the client-side key; store the client-side key in volatile memory of the server-side computing device without storing the client-side key in non-volatile memory of the server-side computing device; decrypt, at the server-side computing device, the decryption key with the client-side key; use the decryption key to access an unencrypted version of the encrypted file.
-
Specification