Transparent client-side cryptography for network applications
First Claim
1. A method of securely storing user data over a network, the method comprising:
- by one or more computer systems comprising computer hardware;
intercepting user data associated with a user from a local network application, the user data sent by the local network application to a remote network application implemented in a remote content site configured to provide access to the remote network application, the remote network application capable of storing and sharing data received from the user with other users of the remote network application;
responsive to intercepting the user data, accessing a remote network application to determine one or more data fields from a set of data fields accessible at the remote network application that are capable of accepting encrypted data, wherein at least some fields from the set of data fields are not eligible to store encrypted data, and wherein said accessing the remote network application to determine the one or more data fields further comprises overriding an indication that at least one data field is not eligible to store encrypted data and including the at least one data field in the one or more data fields that are capable of accepting encrypted data;
determining whether the user data is associated with the one or more data fields; and
in response to determining that the user data is associated with the one or more data fields;
encrypting the user data with a data encryption key to obtain encrypted user data;
encrypting the data encryption key with one or more keys of authorized recipients to produce one or more receiver keys, the authorized recipients comprising users with accounts at the remote network application who are associated with the user at the remote network application; and
providing a message comprising the encrypted user data and the one or more receiver keys to the local network application, such that the local network application is configured to direct the message to the remote network application for storage.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user'"'"'s private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user.
-
Citations
30 Claims
-
1. A method of securely storing user data over a network, the method comprising:
by one or more computer systems comprising computer hardware; intercepting user data associated with a user from a local network application, the user data sent by the local network application to a remote network application implemented in a remote content site configured to provide access to the remote network application, the remote network application capable of storing and sharing data received from the user with other users of the remote network application; responsive to intercepting the user data, accessing a remote network application to determine one or more data fields from a set of data fields accessible at the remote network application that are capable of accepting encrypted data, wherein at least some fields from the set of data fields are not eligible to store encrypted data, and wherein said accessing the remote network application to determine the one or more data fields further comprises overriding an indication that at least one data field is not eligible to store encrypted data and including the at least one data field in the one or more data fields that are capable of accepting encrypted data; determining whether the user data is associated with the one or more data fields; and in response to determining that the user data is associated with the one or more data fields; encrypting the user data with a data encryption key to obtain encrypted user data; encrypting the data encryption key with one or more keys of authorized recipients to produce one or more receiver keys, the authorized recipients comprising users with accounts at the remote network application who are associated with the user at the remote network application; and providing a message comprising the encrypted user data and the one or more receiver keys to the local network application, such that the local network application is configured to direct the message to the remote network application for storage. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A system for securely storing user data over a network, the system comprising:
one or more computer systems comprising computer hardware, the one or more computer systems programmed to implement; a security system configured to; intercept user data associated with a user from a local network application executing on a client device, the user data sent by the local network application to a remote network application implemented in a remote server configured to provide access to the remote network application, the remote network application capable of storing and sharing data received from the user with other users of the remote network application; access a remote network application to determine one or more data fields from a set of data fields accessible at the remote network application that are capable of storing encrypted data, wherein at least some fields from the set of data fields are not eligible to store encrypted data; override an indication that at least one data field is not eligible to store encrypted data and include the at least one data field in the one or more data fields that are capable of accepting encrypted data, determine whether the user data is associated with the one or more data fields; and in response to determining that the user data is associated with the one or more data fields, direct the user data to a cryptography manager stored in a memory of the one or more computer systems; and the cryptography manager configured to; encrypt the user data with a data encryption key to obtain encrypted user data; encrypt the data encryption key with one or more keys of authorized recipients to produce one or more receiver keys, the authorized recipients comprising users with accounts at the remote network application who are associated with the user at the remote network application; and provide a message comprising the encrypted user data and the one or more receiver keys to the security system, the security system thereby configured to enable the local network application to transmit the message to the remote network application thereby enabling the remote network application to store the encrypted user data instead of the user data. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
22. A non-transitory computer-readable storage medium comprising computer-executable instructions configured to implement a method of securely storing user data over a network, the method comprising:
-
intercepting user data associated with a user from a local network application executing on a client device, the user data sent by the local network application to a remote network application of a content site configured to provide access to the remote network application; responsive to intercepting the user data, accessing the remote network application to determine one or more data fields from a set of data fields accessible at the remote network application that are capable of accepting encrypted data, wherein at least some fields from the set of data fields cannot accept encrypted data, and wherein said accessing the remote network application to determine the one or more data fields further comprises overriding an indication that at least one data field is not eligible to store encrypted data and including the at least one data field in the one or more data fields that are capable of accepting encrypted data; determining whether the user data is associated with the one or more data fields; and in response to determining that the user data is associated with the one or more data fields; encrypting the user data to obtain encrypted user data; creating an encryption message configured to include the encrypted user data and recipient data reflecting two or more authorized recipients of the encryption message, the two or more authorized recipients comprising users with accounts at the remote network application who are associated with the user at the remote network application; and providing the encryption message to the local network application, such that the local network application is configured to transmit the message to the remote network application of the content site. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
Specification