Methods and systems of data security in browser storage

US 8,959,347 B2
Filed: 03/28/2012
Issued: 02/17/2015
Est. Priority Date: 08/29/2011
Status: Active Grant

First Claim

Patent Images

1. A nontransient machine readable medium storing one or more machine instructions, which when invoked cause a processor to implement a method comprising:

at a server that includes at least a processor system having at least one processor and a memory system, receiving a passcode and content, to be used by a service provider server on behalf of the user;

if the passcode is authenticated, wherein authenticating the pass code comprises determining whether the passcode stored with the content and a passcode provided by a user previously match one another, performing the following,placing, by the server, the content and passcode into an object;

creating, by the server, an encryption key;

encrypting, by the server, the object having the content and the passcode with the encryption key, therein forming an encrypted object; and

sending from the server to the user system the encrypted object and a unique identifier for the private key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms and methods are provided for managing OAuth access in a database network system, and extending the OAuth flow of authentication to securely store the OAuth encrypted refresh token in the storage available with current browsers or any other non-secure storage on user system.

282 Citations

12 Claims

1. A nontransient machine readable medium storing one or more machine instructions, which when invoked cause a processor to implement a method comprising:
- at a server that includes at least a processor system having at least one processor and a memory system, receiving a passcode and content, to be used by a service provider server on behalf of the user;
  
  if the passcode is authenticated, wherein authenticating the pass code comprises determining whether the passcode stored with the content and a passcode provided by a user previously match one another, performing the following,placing, by the server, the content and passcode into an object;
  
  creating, by the server, an encryption key;
  
  encrypting, by the server, the object having the content and the passcode with the encryption key, therein forming an encrypted object; and
  
  sending from the server to the user system the encrypted object and a unique identifier for the private key.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 11)
- - 2. The nontransient machine readable medium of claim 1, the object including at least a Binary Large Object (BLOB), the method further comprising converting the content and passcode into binary format and placing the passcode and content that were converted into the BLOB.
  - 3. The nontransient machine readable medium of claim 1, the object including at least a file.
  - 4. The non-transitory machine readable medium of claim 3, the encrypting of the content and passcode yielding a result that is saved as plain text in the object.
  - 6. The nontransient machine readable medium of claim 1, the method further comprising:
    - storing the content and passcode that were encrypted in a local database at the server.
  - 7. The nontransient machine readable medium of claim 6, the content being a token for refreshing an access to another server.
  - 8. The nontransient machine readable medium of claim 6, the method further comprising:
    - sending the content from the server to another server; and
      
      in response to the sending, receiving a token from the other server.
  - 11. The non-transitory machine readable medium of claim 1, the method further comprising:
    - the encrypting of the passcode including at least applying a one-way hash function to the passcode.

5. A non-transitory machine readable medium storing one or more machine instructions, which when invoked cause a processor to implement a method comprising:
- at a server that includes at least a processor system having at least one processor and a memory system, receiving a passcode and content, to be used by a service provider server on behalf of the user;
  
  if the passcode is authenticated, wherein authenticating the pass code comprises determining whether the passcode stored with the content and a passcode provided by a user previously match one another, performing the following,placing, by the server, the content and passcode into an object;
  
  creating, by the server, an encryption key;
  
  encrypting, by the server, the object having the content and the passcode with the encryption key, therein forming an encrypted object; and
  
  sending from the server to the user system the encrypted object and a unique identifier for the private key;
  
  the encrypting of the passcode including at least applying a one-way hash function to the passcode.

9. A nontransient machine readable medium storing one or more machine instructions, which when invoked cause a processor to implement a method comprising:
- receiving, at a server that includes at least a processor system having at least one processor and a memory system, a passcode and encrypted content to be used by a service provider server on behalf of the user and a unique key identifier;
  
  in response to the receiving, performing the following,querying a local database for the encryption key based on the key identifier;
  
  decrypting the encrypted content with the key;
  
  determining whether the passcode stored previously with the content and the passcode provided by the user match one another; and
  
  returning the decrypted content to the user if the passcode that was stored with the content and the passcode provided by the user match one another;
  
  wherein prior to the receiving of the encrypted passcode and encrypted content and a unique key identifier, receiving at the server, from a user device, the content and the passcode for encryption;
  
  in response,creating, by the server, a file;
  
  placing, by the server, the passcode and content in the file,generating, by the server, a unique encryption key and unique identifier of the key,storing in a storage location of the memory system the unique encryption key in association with a unique identifier,encrypting, by the server, the file in which the pass code and content were placed with the unique encryption key, therein creating the encrypted passcode and the encrypted content;
  
  sending from the server to the user device the encrypted file and the unique key identifier for storage at the user device.
- View Dependent Claims (10)
- - 10. The nontransient machine readable medium of claim 9, the method further comprising creating a log of the receiving, of the encrypted passcode if the passcode decrypted and the passcode provided by the user do not match one another.

12. A non-transitory machine readable medium storing one or more machine instructions, which when invoked cause a processor to implement a method comprising:
- at a server that includes at least a processor system having at least one processor and a memory system, receiving a passcode and content, to be used by a service provider server on behalf of the user;
  
  if the passcode is authenticated, wherein authenticating the pass code comprises determining whether the passcode stored with the content and a passcode provided by a user previously match one another, performing the following,placing, by the server, the content and passcode into an object;
  
  creating, by the server, an encryption key;
  
  encrypting, by the server, the object having the content and the passcode with the encryption key, therein forming an encrypted object; and
  
  sending from the server to the user system the encrypted object and a unique identifier that identifies the private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Gupta, Akhilesh
Primary Examiner(s)
Okeke, Izunna

Application Number

US13/433,067
Publication Number

US 20130054968A1
Time in Patent Office

1,056 Days
Field of Search
US Class Current

713/170
CPC Class Codes

G06F 21/6227   where protection concerns t...

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 67/563   Data redirection of data ne...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/3213   using tickets or tokens, e....

Methods and systems of data security in browser storage

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

282 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems of data security in browser storage

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

282 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others