Encrypted augmentation storage

US 9,847,981 B1
Filed: 02/13/2017
Issued: 12/19/2017
Est. Priority Date: 12/31/2013
Status: Active Grant

First Claim

Patent Images

1. A method performed by a user device, the method comprising:

sending, by a user device to a server that is separate from the user device, a request for a current version of a first encrypted resource, the current version of the first encrypted resource being an encrypted set of respective index entries, wherein;

each respective index entry includes a combination of a respective first encryption key encrypted as a respective first encrypted key by use of a second encryption key, and a respective storage location of a respective first encrypted data file encrypted by use of the respective first encryption key, the respective storage location generated by the server;

each respective index entry has been previously appended to a respective prior version of the first encrypted resource that did not include the respective index entry to form a respective encrypted data tuple;

the respective encrypted data tuple so formed has been encrypted by the server by to form another prior version of the first encrypted resource; and

a most recent prior version of the first encrypted resource is the current version of the first encrypted resource;

receiving, by the user device and from the server, the first encrypted resource;

decrypting the first encrypted resource to decrypt the encrypted index entries;

selecting one of the respective storage locations that has been decrypted;

sending to the server a request the respective first encrypted data file stored at the respective storage location; and

receiving, from the server, the respective first encrypted data file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for storing and retrieving encrypted data. In one aspect, a method includes receiving, at a server computer separate from a user device, a first encrypted resource encrypted by use of a public encryption key, wherein the public encryption key is paired with a private encryption key according to an asymmetric encryption key scheme; retrieving, by the server computer, a second encrypted resource encrypted by use of the public key; augmenting, by the server computer, the first encrypted resource with the second encrypted resource to form an encrypted data tuple; encrypting, by the server computer, the encrypted data tuple; and storing, by the server computer, the encrypted data tuple as the second encrypted resource.

80 Citations

15 Claims

1. A method performed by a user device, the method comprising:
- sending, by a user device to a server that is separate from the user device, a request for a current version of a first encrypted resource, the current version of the first encrypted resource being an encrypted set of respective index entries, wherein;
  
  each respective index entry includes a combination of a respective first encryption key encrypted as a respective first encrypted key by use of a second encryption key, and a respective storage location of a respective first encrypted data file encrypted by use of the respective first encryption key, the respective storage location generated by the server;
  
  each respective index entry has been previously appended to a respective prior version of the first encrypted resource that did not include the respective index entry to form a respective encrypted data tuple;
  
  the respective encrypted data tuple so formed has been encrypted by the server by to form another prior version of the first encrypted resource; and
  
  a most recent prior version of the first encrypted resource is the current version of the first encrypted resource;
  
  receiving, by the user device and from the server, the first encrypted resource;
  
  decrypting the first encrypted resource to decrypt the encrypted index entries;
  
  selecting one of the respective storage locations that has been decrypted;
  
  sending to the server a request the respective first encrypted data file stored at the respective storage location; and
  
  receiving, from the server, the respective first encrypted data file.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein:
    - the second encryption key is a public key;
      
      each respective data tuple has been encrypted by use of the public key by the server; and
      
      the first encrypted resource is decrypted by use of a private key that is paired to the public key.
  - 3. The method of claim 2, wherein each first encryption key is a respective first symmetric encryption key generated according to a symmetric encryption scheme.
  - 4. The method of claim 3, further comprising:
    - decrypting the first encryption key used to encrypt the respective first encrypted data file received from the server by use of the public key; and
      
      decrypting the respective first encrypted data file using the first encryption key.
  - 5. The method of claim 4, wherein each respective encrypted first encryption key is different from each other respective encrypted first encryption key.

6. A user device, comprising:
- a processing system; and
  
  a non-transitory computer readable medium storing instructions executable by the processing system and that upon such execution cause the user device to perform operations comprising;
  
  sending, by the user device to a server that is separate from the user device, a request for a current version of a first encrypted resource, the current version of the first encrypted resource being an encrypted set of respective index entries, wherein;
  
  each respective index entry includes a combination of a respective first encryption key encrypted as a respective first encrypted key by use of a second encryption key, and a respective storage location of a respective first encrypted data file encrypted by use of the respective first encryption key, the respective storage location generated by the server;
  
  each respective index entry has been previously appended to a respective prior version of the first encrypted resource that did not include the respective index entry to form a respective encrypted data tuple;
  
  the respective encrypted data tuple so formed has been encrypted by the server by to form another prior version of the first encrypted resource; and
  
  a most recent prior version of the first encrypted resource is the current version of the first encrypted resource;
  
  receiving, by the user device and from the server, the first encrypted resource;
  
  decrypting the first encrypted resource to decrypt the encrypted index entries;
  
  selecting one of the respective storage locations that has been decrypted;
  
  sending to the server a request the respective first encrypted data file stored at the respective storage location; and
  
  receiving, from the server, the respective first encrypted data file.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein:
    - the second encryption key is a public key;
      
      each respective data tuple has been encrypted by use of the public key by the server; and
      
      the first encrypted resource is decrypted by use of a private key that is paired to the public key.
  - 8. The system of claim 7, wherein each first encryption key is a respective first symmetric encryption key generated according to a symmetric encryption scheme.
  - 9. The system of claim 8, further comprising:
    - decrypting the first encryption key used to encrypt the respective first encrypted data file received from the server by use of the public key; and
      
      decrypting the respective first encrypted data file using the first encryption key.
  - 10. The system of claim 9, wherein each respective encrypted first encryption key is different from each other respective encrypted first encryption key.

11. A non-transitory computer readable medium storing instructions executable by a user device and that upon such execution cause the user device to perform operations comprising:
- sending, by the user device to a server that is separate from the user device, a request for a current version of a first encrypted resource, the current version of the first encrypted resource being an encrypted set of respective index entries, wherein;
  
  each respective index entry includes a combination of a respective first encryption key encrypted as a respective first encrypted key by use of a second encryption key, and a respective storage location of a respective first encrypted data file encrypted by use of the respective first encryption key, the respective storage location generated by the server;
  
  each respective index entry has been previously appended to a respective prior version of the first encrypted resource that did not include the respective index entry to form a respective encrypted data tuple;
  
  the respective encrypted data tuple so formed has been encrypted by the server by to form another prior version of the first encrypted resource; and
  
  a most recent prior version of the first encrypted resource is the current version of the first encrypted resource;
  
  receiving, by the user device and from the server, the first encrypted resource;
  
  decrypting the first encrypted resource to decrypt the encrypted index entries;
  
  selecting one of the respective storage locations that has been decrypted;
  
  sending to the server a request the respective first encrypted data file stored at the respective storage location; and
  
  receiving, from the server, the respective first encrypted data file.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer readable medium of claim 11, wherein:
    - the second encryption key is a public key;
      
      each respective data tuple has been encrypted by use of the public key by the server; and
      
      the first encrypted resource is decrypted by use of a private key that is paired to the public key.
  - 13. The non-transitory computer readable medium of claim 12, wherein each first encryption key is a respective first symmetric encryption key generated according to a symmetric encryption scheme.
  - 14. The non-transitory computer readable medium of claim 13, further comprising:
    - decrypting the first encryption key used to encrypt the respective first encrypted data file received from the server by use of the public key; and
      
      decrypting the respective first encrypted data file using the first encryption key.
  - 15. The non-transitory computer readable medium of claim 14, wherein each respective encrypted first encryption key is different from each other respective encrypted first encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Millikin, John
Primary Examiner(s)
Dada, Beemnet
Assistant Examiner(s)
Gundry, Stephen

Application Number

US15/431,414
Time in Patent Office

309 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/6218   to a system of files or obj...

G06F 2212/1052   Security improvement

G06F 2221/2107   File encryption

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/045   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

Encrypted augmentation storage

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Encrypted augmentation storage

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links