Client side encryption with recovery method
First Claim
1. A computer implemented method for recovering data encrypted server-side within a client-server distributed data storage system, the method comprising:
- maintaining an encryption at the computing device for encrypting data of the computing device into encrypted data;
further maintaining a password at the computing device for recovering the encryption key from an encrypted encryption key when the encryption key is unavailable at the computing device; and
transmitting the encrypted data and the encrypted encryption key to a server such that the server cannot access contents of the encrypted data stored in the server;
wherein if the password is unavailable, the computing device is configured to recover the password from an encrypted password stored in the server,wherein the computing device encrypts the password into the encrypted password using at least one user-provided string, and the user-provided string represents an answer to a password recovery question,wherein if the password is unavailable at the computing device, the computing device is configured to receive at least one user-provided string from a user input component of the computing device as an answer to a password recovery question, and the computing device is further configured to attempt decrypting the encrypted password into the password using the user-provided string.
4 Assignments
0 Petitions
Accused Products
Abstract
Technology is disclosed herein for client side data encryption with a recovery mechanism. According to at least one embodiment, a computing device encrypts at least one data set into an encrypted data set using a private encryption key. The computing device encrypts the private encryption key using a password provided by a user of the device. The password is also encrypted using the user'"'"'s answers to password recovery questions. The encrypted data set, the encrypted key and the encrypted password are transmitted to and stored by a server. The computing device can retrieve and decrypt the encrypted data set form the server. The encryption key can be recovered by decrypting the encrypted key using the password. The password can be recovered by decrypting the encrypted password using answers to the password recovery questions provided by the user.
5 Citations
20 Claims
-
1. A computer implemented method for recovering data encrypted server-side within a client-server distributed data storage system, the method comprising:
-
maintaining an encryption at the computing device for encrypting data of the computing device into encrypted data; further maintaining a password at the computing device for recovering the encryption key from an encrypted encryption key when the encryption key is unavailable at the computing device; and transmitting the encrypted data and the encrypted encryption key to a server such that the server cannot access contents of the encrypted data stored in the server; wherein if the password is unavailable, the computing device is configured to recover the password from an encrypted password stored in the server, wherein the computing device encrypts the password into the encrypted password using at least one user-provided string, and the user-provided string represents an answer to a password recovery question, wherein if the password is unavailable at the computing device, the computing device is configured to receive at least one user-provided string from a user input component of the computing device as an answer to a password recovery question, and the computing device is further configured to attempt decrypting the encrypted password into the password using the user-provided string. - View Dependent Claims (2, 3)
-
-
4. A method for client side data encryption with a recovery mechanism, the method comprising:
-
encrypting, at a computing device, a data set into an encrypted data set using a private encryption key, wherein the encrypted data set can be decrypted back into the data set by using the private encryption key; receiving, from a user input of the computing device, a password; encrypting, at the computing device, the private encryption key into an encrypted key using a password key calculated from the password; presenting, via an output of the computing device, one or more password recovery questions; receiving one or more recovery strings, wherein the one or more recovery strings are received from the user input as answers to the one or more password recovery questions; encrypting, at the computing device, the password into an encrypted password using the recovery strings; and transmitting the encrypted data set, the encrypted key and the encrypted password to a server, wherein the encrypted data set, the encrypted key and the encrypted password are suitable for use in the recovery mechanism and intended for storage on the server. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for recovering data of a computing device from a server, comprising:
-
retrieving, at a computing device, an encrypted data set and a keystore from a server, wherein the keystore includes an encrypted private encryption key; receiving, from an input component of the computing device, a user message indicating that the user does not possess a password; recovering the password via a password recovery process, wherein the password recovery process includes; presenting, via an output component of the computing device, one or more password recovery questions, receiving, from the input component, one or more answers to the password recovery questions, extracting an encrypted password from the keystore, and decrypting the encrypted password into the password using the answers as encryption keys; decrypting, at the computing device, the encrypted private encryption key into a private encryption key using a password key calculated from the password; and decrypting, at the computing device, the encrypted data set into a decrypted data set using the private decryption key. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A computing device, comprising:
-
a processor; a data encryption module which, when executed by the processor, encrypts data sets of the computing device into encrypted data sets using an encryption key; a keystore module which, when executed by the processor, encrypts the encryption key into an encrypted encryption key using a user recovery password provided by a user of the computing device; a networking interface configured to transfer the encrypted data sets and the encrypted encryption key to a server; wherein the server does not have access to the user recovery password and does not have access to contents of the encrypted data sets, wherein the computing device is configured to recover the user recovery password by a password recovery process, wherein the user recovery password is encrypted into an encrypted user recovery password by at least one password recovery answer provided by the user, and the encrypted user recovery password is transferred to the server; and wherein the password recovery process includes; presenting, via an output component of the computing device, at least one password recovery question; receiving, from an input component of the computing device, the at least one answer to the at least one password recovery question; retrieving, from the server, the encrypted user recovery password; and decrypting the encrypted user recovery password into the user recovery password using the at least one password recovery answer. - View Dependent Claims (20)
-
Specification