Network application encryption with server-side key management
First Claim
1. A method of storing user data over a network securely using a remote service, the method comprising:
- by a server system comprising one or more computing devices;
receiving user data from a client device over a network, the user data associated with a user of a remote content site that presents the user data as part of a content page;
encrypting the user data to produce encrypted user data, the encrypted user data not decryptable by the remote content site;
creating recipient data, the recipient data reflecting one or more recipients authorized to decrypt the encrypted user data, the one or more recipients being users of the remote content site authorized to access data provided by the user to the remote content site based at least in part on being associated with the user at the remote content site;
creating an encryption message comprising the encrypted user data and the recipient data; and
providing the encryption message to the remote content site for storage, enabling the one or more recipients to access the encrypted user data from the remote content site.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user'"'"'s private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user.
48 Citations
25 Claims
-
1. A method of storing user data over a network securely using a remote service, the method comprising:
by a server system comprising one or more computing devices; receiving user data from a client device over a network, the user data associated with a user of a remote content site that presents the user data as part of a content page; encrypting the user data to produce encrypted user data, the encrypted user data not decryptable by the remote content site; creating recipient data, the recipient data reflecting one or more recipients authorized to decrypt the encrypted user data, the one or more recipients being users of the remote content site authorized to access data provided by the user to the remote content site based at least in part on being associated with the user at the remote content site; creating an encryption message comprising the encrypted user data and the recipient data; and providing the encryption message to the remote content site for storage, enabling the one or more recipients to access the encrypted user data from the remote content site. - View Dependent Claims (2, 3, 4, 5, 6, 25)
-
7. A system for storing user data over a network securely using a remote service, the system comprising:
a content site comprising one or more computing devices, the content site programmed to implement a network application configured to; receive data associated with a user from a client device; encrypt the user data to produce encrypted user data, the encrypted user data not decryptable by the content site; create recipient data reflecting one or more recipients authorized to decrypt the encrypted user data; store, in physical computer storage, the encrypted user data and recipient data for subsequent access by the one or more recipients, thereby enabling the one or more recipients to access the encrypted user data from the content site, the one or more recipients being users of the content site authorized to access data provided by the user to the content site based at least in part on being associated with the user at the content site; present the user data as part of a content page; and delete the user data, thereby at least partially protecting the user data from being compromised at the content site. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
-
17. A non-transitory computer-readable storage medium comprising computer-executable instructions configured to implement a method of storing user data over a network securely using a remote service, the method comprising:
-
receiving user data from a client device at a server system, the user data associated with a user of a content site and comprising data to be provided to the content site; receiving an indication of the content site to which the user data is to be transmitted subsequent to being encrypted; encrypting the user data to produce encrypted user data, the encrypted user data not decryptable by the content site; creating an encryption message comprising the encrypted user data and recipient data, the recipient data reflecting one or more recipients authorized to decrypt the encrypted user data, the one or more recipients being users of the content site authorized to access data provided by the user to the content site based at least in part on being associated with the user at the content site; and transmitting the encryption message to the content site, enabling the one or more recipients to access the encrypted user data from the content site. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification