Differential client-side encryption of information originating from a client

US 8,631,229 B2
Filed: 10/01/2012
Issued: 01/14/2014
Est. Priority Date: 09/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

allocating, by a processor of a first computing device, a plurality of public keys, wherein each respective public key of the plurality of public keys is allocated to a respective entity of a plurality of entities;

storing, in a memory of the first computing device, a plurality of private keys, wherein each respective private key of the plurality of private keys corresponds to a respective public key of the plurality of public keys;

storing, in the memory of the first computing device, one or more decryption algorithms, whereineach respective decryption algorithm of the one or more decryption algorithms is configured to decrypt data previously encrypted using at least one encryption algorithm of one or more encryption algorithms, wherein each respective encryption algorithm of the one or more encryption algorithms is configured to encrypt data using at least one public key of the plurality of public keys, andeach respective decryption algorithm of the one or more decryption algorithms is configured to decrypt data using at least one private key of the plurality of private keys;

receiving encrypted data, whereinthe encrypted data is encrypted using a first public key of the plurality of public keys and a first encryption algorithm of the one or more encryption algorithms, andthe encrypted data is provided over a network;

determining, by the processor of the first computing device, a first private key of the plurality of private keys, whereinthe first private key corresponds to the first public key, andthe first public key is allocated to a first entity of the plurality of entities;

decrypting, by the processor of the first computing device, the encrypted data using the first private key and at least one decryption algorithm of the one or more decryption algorithms, whereindecrypted data is obtained by decrypting the encrypted data;

providing a portion of the decrypted data for processing by a processing engine, wherein a second computing device comprises the processing engine;

receiving a processing result generated by the processing engine, wherein the processing result relates to the portion of the decrypted data; and

providing, over the network, the processing result to the first entity.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network.

12 Citations

12 Claims

1. A method comprising:
- allocating, by a processor of a first computing device, a plurality of public keys, wherein each respective public key of the plurality of public keys is allocated to a respective entity of a plurality of entities;
  
  storing, in a memory of the first computing device, a plurality of private keys, wherein each respective private key of the plurality of private keys corresponds to a respective public key of the plurality of public keys;
  
  storing, in the memory of the first computing device, one or more decryption algorithms, whereineach respective decryption algorithm of the one or more decryption algorithms is configured to decrypt data previously encrypted using at least one encryption algorithm of one or more encryption algorithms, wherein each respective encryption algorithm of the one or more encryption algorithms is configured to encrypt data using at least one public key of the plurality of public keys, andeach respective decryption algorithm of the one or more decryption algorithms is configured to decrypt data using at least one private key of the plurality of private keys;
  
  receiving encrypted data, whereinthe encrypted data is encrypted using a first public key of the plurality of public keys and a first encryption algorithm of the one or more encryption algorithms, andthe encrypted data is provided over a network;
  
  determining, by the processor of the first computing device, a first private key of the plurality of private keys, whereinthe first private key corresponds to the first public key, andthe first public key is allocated to a first entity of the plurality of entities;
  
  decrypting, by the processor of the first computing device, the encrypted data using the first private key and at least one decryption algorithm of the one or more decryption algorithms, whereindecrypted data is obtained by decrypting the encrypted data;
  
  providing a portion of the decrypted data for processing by a processing engine, wherein a second computing device comprises the processing engine;
  
  receiving a processing result generated by the processing engine, wherein the processing result relates to the portion of the decrypted data; and
  
  providing, over the network, the processing result to the first entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising, prior to providing the portion of the decrypted data for processing by the processing engine, queuing, by the processor of the first computing device, the decrypted data for processing.
  - 3. The method of claim 1, further comprising, prior to receiving the encrypted data:
    - receiving a download request for the first encryption algorithm, wherein the download request is received across the network from a third computing device; and
      
      providing the first encryption algorithm, via the network to the third computing device.
  - 4. The method of claim 3, wherein the download request comprises a hypertext transfer protocol request.
  - 5. The method of claim 3, further comprising:
    - storing, in the memory of the first computing device, the one or more encryption algorithms as one or more encryption subprograms, whereinproviding the first encryption algorithm comprises providing a first encryption subprogram of the one or more encryption subprograms, wherein the first encryption subprogram comprises the first encryption algorithm.
  - 6. The method of claim 5, wherein the first encryption subprogram comprises runtime interpreted instructions.
  - 7. The method of claim 1, further comprising storing at least one of the decrypted data and the encrypted data in a storage archive accessible to the first computing device.
  - 8. The method of claim 1, further comprising:
    - receiving, over the network, unencrypted data, wherein the unencrypted data is related to the encrypted data; and
      
      providing a portion of the unencrypted data for processing by the processing engine, wherein the portion of the unencrypted data is provided with the portion of the decrypted data.
  - 9. The method of claim 1, further comprising receiving, over the network, an indication of a type of processing to be performed on the encrypted data, wherein the indication of the type of processing is provided by a third computing device controlled by the first entity.
  - 10. The method of claim 9, wherein the type of processing comprises at least one of a credit card authorization and a background check.
  - 11. The method of claim 9, wherein the encrypted data comprises one or more of credit card information, medical history information, Social Security number, bank account number, and driver'"'"'s license number.
  - 12. The method of claim 1, whereinthe encrypted data is provided over the network from a third computing device controlled by the first entity;
    - andthe first entity is incapable of decrypting the encrypted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
Braintree Payment Solutions (PayPal Holdings, Inc.)
Inventors
Manges, Daniel
Primary Examiner(s)
Dinh, Minh

Application Number

US13/633,106
Publication Number

US 20130091351A1
Time in Patent Office

470 Days
Field of Search

None
US Class Current

713/153
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/0471   applying encryption by an i...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/205   involving negotiation or de...

H04L 67/34   involving the movement of s...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/14   using a plurality of keys o...

Differential client-side encryption of information originating from a client

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Differential client-side encryption of information originating from a client

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others