Client side encryption with recovery method

US 9,509,737 B2
Filed: 10/02/2013
Issued: 11/29/2016
Est. Priority Date: 10/02/2012
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for recovering data encrypted server-side within a client-server distributed data storage system, the method comprising:

maintaining an encryption at the computing device for encrypting data of the computing device into encrypted data;

further maintaining a password at the computing device for recovering the encryption key from an encrypted encryption key when the encryption key is unavailable at the computing device; and

transmitting the encrypted data and the encrypted encryption key to a server such that the server cannot access contents of the encrypted data stored in the server;

wherein if the password is unavailable, the computing device is configured to recover the password from an encrypted password stored in the server,wherein the computing device encrypts the password into the encrypted password using at least one user-provided string, and the user-provided string represents an answer to a password recovery question,wherein if the password is unavailable at the computing device, the computing device is configured to receive at least one user-provided string from a user input component of the computing device as an answer to a password recovery question, and the computing device is further configured to attempt decrypting the encrypted password into the password using the user-provided string.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technology is disclosed herein for client side data encryption with a recovery mechanism. According to at least one embodiment, a computing device encrypts at least one data set into an encrypted data set using a private encryption key. The computing device encrypts the private encryption key using a password provided by a user of the device. The password is also encrypted using the user'"'"'s answers to password recovery questions. The encrypted data set, the encrypted key and the encrypted password are transmitted to and stored by a server. The computing device can retrieve and decrypt the encrypted data set form the server. The encryption key can be recovered by decrypting the encrypted key using the password. The password can be recovered by decrypting the encrypted password using answers to the password recovery questions provided by the user.

5 Citations

View as Search Results

20 Claims

1. A computer implemented method for recovering data encrypted server-side within a client-server distributed data storage system, the method comprising:
- maintaining an encryption at the computing device for encrypting data of the computing device into encrypted data;
  
  further maintaining a password at the computing device for recovering the encryption key from an encrypted encryption key when the encryption key is unavailable at the computing device; and
  
  transmitting the encrypted data and the encrypted encryption key to a server such that the server cannot access contents of the encrypted data stored in the server;
  
  wherein if the password is unavailable, the computing device is configured to recover the password from an encrypted password stored in the server,wherein the computing device encrypts the password into the encrypted password using at least one user-provided string, and the user-provided string represents an answer to a password recovery question,wherein if the password is unavailable at the computing device, the computing device is configured to receive at least one user-provided string from a user input component of the computing device as an answer to a password recovery question, and the computing device is further configured to attempt decrypting the encrypted password into the password using the user-provided string.
- View Dependent Claims (2, 3)
- - 2. The computer implemented method of claim 1, wherein the server is suitable for storing the encrypted data, the encrypted encryption key, the encrypted password and the password recovery question such that the server is not able to successfully decrypt the encrypted data using any data stored in the server.
  - 3. The computing implemented method of claim 1, wherein the server is suitable for sending the encrypted data, the encrypted encryption key, the encrypted password and the password recovery question to a replacement computing device replacing the computing device so that the replacement computing device can recover the data of the computing device.

4. A method for client side data encryption with a recovery mechanism, the method comprising:
- encrypting, at a computing device, a data set into an encrypted data set using a private encryption key, wherein the encrypted data set can be decrypted back into the data set by using the private encryption key;
  
  receiving, from a user input of the computing device, a password;
  
  encrypting, at the computing device, the private encryption key into an encrypted key using a password key calculated from the password;
  
  presenting, via an output of the computing device, one or more password recovery questions;
  
  receiving one or more recovery strings, wherein the one or more recovery strings are received from the user input as answers to the one or more password recovery questions;
  
  encrypting, at the computing device, the password into an encrypted password using the recovery strings; and
  
  transmitting the encrypted data set, the encrypted key and the encrypted password to a server, wherein the encrypted data set, the encrypted key and the encrypted password are suitable for use in the recovery mechanism and intended for storage on the server.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 5. The method of claim 4, wherein the server is unable to access contents of the encrypted data set by using the encrypted key or the encrypted password.
  - 6. The method of claim 4, wherein the steps of encrypting the data set, encrypting the private encryption key and encrypting the password use different encryption methods.
  - 7. The method of claim 4, wherein the steps of encrypting the data set, encrypting the private encryption key and encrypting the password use a common encryption method.
  - 8. The method of claim 4, further comprising:
    - generating, by the computing device, the private encryption key.
  - 9. The method of claim 4, wherein the data set includes one or more files of the computing device.
  - 10. The method of claim 4, further comprising:
    - storing the encrypted key and the encrypted password in a keystore; and
      
      wherein the encrypted key and the encrypted password are transmitted to the server as the keystore.
  - 11. The method of claim 4, further comprising:
    - receiving, from the server, a message indicating that server receives the encrypted data set; and
      
      removing, at the computing device, the data set and the encrypted data set in response to the message.
  - 12. The method of claim 4, wherein the password key comprises the password.
  - 13. The method of claim 4, further comprising:
    - generating, at the computing device, an updated data set that is an updated version of the data set;
      
      encrypting, at the computing device, an encrypted updated data set using the private encryption key; and
      
      transmitting the encrypted updated data set to the server and instructing the server to replace the encrypted data set with the encrypted updated data set.

14. A method for recovering data of a computing device from a server, comprising:
- retrieving, at a computing device, an encrypted data set and a keystore from a server, wherein the keystore includes an encrypted private encryption key;
  
  receiving, from an input component of the computing device, a user message indicating that the user does not possess a password;
  
  recovering the password via a password recovery process, wherein the password recovery process includes;
  
  presenting, via an output component of the computing device, one or more password recovery questions,receiving, from the input component, one or more answers to the password recovery questions,extracting an encrypted password from the keystore, anddecrypting the encrypted password into the password using the answers as encryption keys;
  
  decrypting, at the computing device, the encrypted private encryption key into a private encryption key using a password key calculated from the password; and
  
  decrypting, at the computing device, the encrypted data set into a decrypted data set using the private decryption key.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, wherein the password recovery process further includes:
    - retrieving, at the computing device, one or more password recovery questions from the server.
  - 16. The method of claim 14, wherein the password recovery process further includes:
    - instructing, by the computing device, the server to send a confirmation email to an email address associated with a user account of the user; and
      
      receiving, at the computing device, a confirmation from the server indicating that the user has confirmed a user identify by a method specified by the confirmation email.
  - 17. The method of claim 14, wherein the steps of decrypting the encrypted private encryption key and decrypting the encrypted data set use different decryption methods.
  - 18. The method of claim 14, wherein the server does not have access to the content of the encrypted data set.

19. A computing device, comprising:
- a processor;
  
  a data encryption module which, when executed by the processor, encrypts data sets of the computing device into encrypted data sets using an encryption key;
  
  a keystore module which, when executed by the processor, encrypts the encryption key into an encrypted encryption key using a user recovery password provided by a user of the computing device;
  
  a networking interface configured to transfer the encrypted data sets and the encrypted encryption key to a server;
  
  wherein the server does not have access to the user recovery password and does not have access to contents of the encrypted data sets,wherein the computing device is configured to recover the user recovery password by a password recovery process,wherein the user recovery password is encrypted into an encrypted user recovery password by at least one password recovery answer provided by the user, and the encrypted user recovery password is transferred to the server; and
  
  wherein the password recovery process includes;
  
  presenting, via an output component of the computing device, at least one password recovery question;
  
  receiving, from an input component of the computing device, the at least one answer to the at least one password recovery question;
  
  retrieving, from the server, the encrypted user recovery password; and
  
  decrypting the encrypted user recovery password into the user recovery password using the at least one password recovery answer.
- View Dependent Claims (20)
- - 20. The computing device of claim 19, wherein the networking interface is further configured to retrieve the encrypted data sets and the encrypted encryption key from a server;
    - wherein the keystore module is further configured to decrypt the encrypted encryption key into the encryption key using the user recovery password when the encryption key is not available at the computing device; and
      
      wherein the data encryption module is further configured to decrypt the encrypted data sets into the data sets using the encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Razer (Asia-Pacific) Pte. Ltd. (Razer Incorporated)
Original Assignee
Nextbit Systems, Inc. (Razer Incorporated)
Inventors
Chan, Michael A., Quan, Justin, Fleming, Michael K.
Primary Examiner(s)
Korsak, Oleg

Application Number

US14/044,049
Publication Number

US 20140101451A1
Time in Patent Office

1,154 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/125   characterised by the use of...

G06F 16/174   Redundancy elimination perf...

G06F 16/20   of structured data, e.g. re...

G06F 16/27   Replication, distribution o...

G06F 16/273   Asynchronous replication or...

G06F 16/275   Synchronous replication

G06F 16/278   Data partitioning, e.g. hor...

G06F 16/93   Document management systems

G06F 9/5038   considering the execution o...

H04B 7/26   at least one of which is mo...

H04L 67/06   specially adapted for file ...

H04L 67/1095   Replication or mirroring of...

H04L 67/1097   for distributed storage of ...

H04L 67/55   Push-based network services

H04L 67/568   Storing data temporarily at...

H04M 1/72412   using two-way short-range w...

H04M 2250/10   including a GPS signal rece...

H04M 2250/12   including a sensor for meas...

Y02D 10/00   Energy efficient computing,...

Client side encryption with recovery method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

5 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Client side encryption with recovery method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links