Differential client-side encryption of information originating from a client

US 9,742,747 B2
Filed: 07/08/2016
Issued: 08/22/2017
Est. Priority Date: 09/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

transmitting, by an entity computing device to a client computing device, an encryption subprogram comprising computer-executable instructions operable to cause the client to perform specified encryption operations on particular data;

receiving, by the entity computing device from the client computing device, encrypted data that was encrypted by the client computing device, via the encryption subprogram, using a public key that was provided to the client device by an intermediary computing device, and wherein the encrypted data is associated with the entity computing device;

forwarding, by the entity computing device to the intermediary device, the encrypted data for decryption using a private key that is paired with the public key and that is controlled by the intermediary device such that the private key is inaccessible to the entity computing device at the time of forwarding, wherein the decryption provides decrypted data that is used to obtain a processing result; and

receiving, by the entity computing device from the intermediary device, the processing result.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network.

Citations

20 Claims

1. A method, comprising:
- transmitting, by an entity computing device to a client computing device, an encryption subprogram comprising computer-executable instructions operable to cause the client to perform specified encryption operations on particular data;
  
  receiving, by the entity computing device from the client computing device, encrypted data that was encrypted by the client computing device, via the encryption subprogram, using a public key that was provided to the client device by an intermediary computing device, and wherein the encrypted data is associated with the entity computing device;
  
  forwarding, by the entity computing device to the intermediary device, the encrypted data for decryption using a private key that is paired with the public key and that is controlled by the intermediary device such that the private key is inaccessible to the entity computing device at the time of forwarding, wherein the decryption provides decrypted data that is used to obtain a processing result; and
  
  receiving, by the entity computing device from the intermediary device, the processing result.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the encryption subprogram is configured to encrypt data inputted by a user of the client computing device via one or more data submission elements of a web page.
  - 3. The method of claim 1, wherein the encryption program is configured to execute on the client computing device by being triggered by a web browsing program of the client computing device.
  - 4. The method of claim 1, wherein the encryption program is configured to execute on the client computing device in association with a web page submission process.
  - 5. The method of claim 1, wherein the encrypted data includes credit card payment data.
  - 6. The method of claim 1, wherein the encrypted data includes personally identifying information of a user corresponding to the client computing device.
  - 7. The method of claim 1, further comprising receiving, by the entity computing device from an intermediary party server, a group of one or more encryption subprograms including the encryption subprogram, wherein individual ones of the group of encryption subprograms are executable on different configurations of a plurality of client computing devices.
  - 8. The method of claim 1, further comprising storing the encrypted data on a permanent storage device accessible to the entity computing device prior to the forwarding.
  - 9. The method of claim 1, wherein the encrypted data includes confidential health information relating to a user corresponding to the client computing device.

10. A non-transitory computer-readable medium having stored thereon instructions that are executable by an entity computing device to cause the entity computing device to perform operations comprising:
- transmitting, to a client computing device, an encryption subprogram, the encryption subprogram including stored logic executable to cause encryption of particular data in association with entry of the particular data into a data submission element displayed on an internet-enabled application;
  
  receiving, from the client computing device, encrypted data that was encrypted by the client computing device, via the encryption subprogram, using a public key that was provided to the client device; and
  
  forwarding, to an intermediary device, the encrypted data for decryption using a private key that is paired with the public key and that is not accessible to the entity computing device at the time of forwarding, wherein the decryption provides decrypted data that is used to obtain a processing result.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The non-transitory computer-readable medium of claim 10, wherein the operations further comprise:
    - receiving, by the entity computing device from the intermediary device, the processing result.
  - 12. The non-transitory computer-readable medium of claim 10, wherein the operations further comprise:
    - receiving a group of one or more encryption subprograms including the encryption subprogram, wherein individual ones of the group of encryption subprograms are executable on different configurations of a plurality of client computing devices.
  - 13. The non-transitory computer-readable medium of claim 12, wherein a first of the group of one or more encryption subprograms is executable on a first type of web browser, and wherein a second of the group of one or more encryption subprograms is executable on a second type of web browser.
  - 14. The non-transitory computer-readable medium of claim 10, wherein the public and private keys correspond to an asymmetrical encryption algorithm from a group of asymmetrical encryption algorithms consisting of RSA, Diffie-Hellman key exchange protocol, Digital Signature Standard (DSS), ElGamal, or Paillier.
  - 15. The non-transitory computer-readable medium of claim 10, wherein the public key was provided to the client device by an intermediary computing device rather than the entity computing device.
  - 16. The non-transitory computer-readable medium of claim 10, wherein the operations further comprise forwarding non-encrypted transaction data associated with the encrypted data to the intermediary device.
  - 17. The non-transitory computer-readable medium of claim 10, wherein the operations further comprise:
    - receiving the processing result; and
      
      based on the processing result, transmitting information to the client computing device indicating whether or not a transaction associated with the encrypted data was successful.

18. A system, comprising:
- a processor; and
  
  a storage device having instructions stored thereon that are executable by the system to cause the system to perform operations comprising;
  
  transmitting, to a client computing device, an encryption subprogram comprising computer-executable instructions operable to cause the client to perforin specified encryption operations on particular data;
  
  receiving, from the client computing device, encrypted data that was encrypted by the client computing device, via the encryption subprogram, using a public key that was provided to the client device by an intermediary computing device, and wherein the encrypted data is associated with an entity computing device;
  
  forwarding, to the intermediary device, the encrypted data for decryption using a private key that is paired with the public key and that is controlled by the intermediary device such that the private key is inaccessible to the entity computing device at the time of forwarding, wherein the decryption provides decrypted data that is used to obtain a processing result; and
  
  receiving, from the intermediary device, the processing result.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the encryption subprogram is configured to encrypt data inputted by a user of the client computing device via one or more data submission elements of a web page.
  - 20. The system of claim 18, wherein the encryption program is configured to execute on the client computing device by being triggered by a web browsing program of the client computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Manges, Daniel
Primary Examiner(s)
Dinh, Minh

Application Number

US15/205,384
Publication Number

US 20160323254A1
Time in Patent Office

410 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/0471   applying encryption by an i...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/205   involving negotiation or de...

H04L 67/34   involving the movement of s...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/14   using a plurality of keys o...

Differential client-side encryption of information originating from a client

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Differential client-side encryption of information originating from a client

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links