Hybrid client-server cryptography for network applications
First Claim
1. A method of decrypting encrypted user data stored with a remote content site, the method comprising:
- obtaining, with a user device, encrypted user data from a remote content site, the remote content site storing the encrypted user data in place of corresponding user data to enable the remote content site to store the encrypted user data without an entity associated with the remote content site accessing the corresponding user data;
sending the encrypted user data to a remote security server to enable the remote security server to perform a first layer of decryption using a first private key;
in response to sending the encrypted user data to the remote security server, receiving partially-decrypted user data from the remote security server, the partially-decrypted user data reflecting partial decryption of the encrypted user data at the remote security server from a first encrypted form to a second encrypted form;
decrypting the partially-decrypted user data to obtain the corresponding user data, wherein decrypting the partially-decrypted data comprises decrypting the encrypted user data from the second encrypted form to an unencrypted form using a second private key; and
providing the corresponding user data in the unencrypted form to a network application configured to output the corresponding user data in conjunction with a content page obtained from the remote content site;
wherein at least said decrypting is performed by one or more computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user'"'"'s private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user.
80 Citations
18 Claims
-
1. A method of decrypting encrypted user data stored with a remote content site, the method comprising:
-
obtaining, with a user device, encrypted user data from a remote content site, the remote content site storing the encrypted user data in place of corresponding user data to enable the remote content site to store the encrypted user data without an entity associated with the remote content site accessing the corresponding user data; sending the encrypted user data to a remote security server to enable the remote security server to perform a first layer of decryption using a first private key; in response to sending the encrypted user data to the remote security server, receiving partially-decrypted user data from the remote security server, the partially-decrypted user data reflecting partial decryption of the encrypted user data at the remote security server from a first encrypted form to a second encrypted form; decrypting the partially-decrypted user data to obtain the corresponding user data, wherein decrypting the partially-decrypted data comprises decrypting the encrypted user data from the second encrypted form to an unencrypted form using a second private key; and providing the corresponding user data in the unencrypted form to a network application configured to output the corresponding user data in conjunction with a content page obtained from the remote content site; wherein at least said decrypting is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for decrypting encrypted user data stored with a remote content site, the system comprising:
a user system comprising one or more computing devices, the user system configured to; obtain encrypted user data from a remote content site, the remote content site storing the encrypted user data in place of corresponding user data to enable the remote content site to store the encrypted user data without an entity associated with the remote content site accessing the corresponding user data; send the encrypted user data to a remote security server so as to partially-decrypt the encrypted user data by enabling the remote security server to perform a first layer of decryption using a first private key; receive the partially-decrypted user data from the remote security server, the partially-decrypted user data reflecting the decryption of the encrypted user data from a first encrypted form to a second encrypted form; decrypt the partially-decrypted user data to obtain the corresponding user data by using a second private key, the corresponding user data comprising unencrypted user data; and provide the corresponding user data to a network application configured to output the corresponding user data. - View Dependent Claims (8, 9, 10, 11, 12)
-
13. A non-transitory computer-readable storage medium comprising computer-executable instructions configured to implement a method of decrypting encrypted user data stored with a remote content site, the method comprising:
-
receiving, at a security server, encrypted user data from a remote content site; determining whether a decryption constraint is satisfied; partially decrypting the encrypted user data using a first private key to produce partially-decrypted user data in response to determining that the decryption constraint is satisfied, wherein partially decrypting the encrypted user data comprises decrypting the encrypted user data from a first encrypted form to a second encrypted form; and transmitting the partially-decrypted user data in the second encrypted form to a user system for further decryption, so as to enable the user system to access the corresponding user data by decrypting the partially-decrypted user data from the second encrypted form to an unencrypted form using a second private key. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification