Encryption/decryption in a cloud storage solution
First Claim
1. A computer-implemented method for decrypting encrypted data received from a cloud, comprising:
- receiving a record from a cloud storage solution at a client system, wherein at least one data field in the received record is encrypted, wherein each encrypted data field is associated with an encrypted field identifier, and wherein the encrypted data fields were encrypted external to the cloud storage solution and prior to storage in the cloud storage solution;
providing a client certification key associated with a user accessing the record and at least one encrypted field identifier to a security server, wherein the security server is separate from the cloud storage solution and wherein decryption keys associated with the encrypted data fields are stored only on the security server, and wherein the client system is associated with a local program coordinating access with the security server and operable when executed to communicate with the security server;
receiving at least one decryption key associated with at least one of the at least one encrypted field identifier from the security server;
decrypting, by the local program using each of the received decryption keys, at least one encrypted data field; and
presenting the received record to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosure generally describes computer-implemented methods, software, and systems, including a method for decryption of data stored in the cloud. A record is received from a cloud storage solution, wherein at least one data field in the received record is encrypted, and wherein each encrypted data field is associated with an encrypted field identifier. A client certification key associated with a user accessing the record and at least one encrypted field identifier are provided to a security server. At least one decryption key associated with at least one of the at least one encrypted field identifier is received. Using each of received decryption key, at least one encrypted data field is decrypted. The received record is presented to the user accessing the record.
-
Citations
18 Claims
-
1. A computer-implemented method for decrypting encrypted data received from a cloud, comprising:
-
receiving a record from a cloud storage solution at a client system, wherein at least one data field in the received record is encrypted, wherein each encrypted data field is associated with an encrypted field identifier, and wherein the encrypted data fields were encrypted external to the cloud storage solution and prior to storage in the cloud storage solution; providing a client certification key associated with a user accessing the record and at least one encrypted field identifier to a security server, wherein the security server is separate from the cloud storage solution and wherein decryption keys associated with the encrypted data fields are stored only on the security server, and wherein the client system is associated with a local program coordinating access with the security server and operable when executed to communicate with the security server; receiving at least one decryption key associated with at least one of the at least one encrypted field identifier from the security server; decrypting, by the local program using each of the received decryption keys, at least one encrypted data field; and presenting the received record to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer system, comprising:
-
memory operable to store content, including static and dynamic content; and at least one hardware processor interoperably coupled to the memory and operable to perform instructions to; receive a record from a cloud storage solution at a client system, wherein at least one data field in the received record is encrypted, wherein each encrypted data field is associated with an encrypted field identifier, and wherein the encrypted data fields were encrypted external to the cloud storage solution and prior to storage in the cloud storage solution; provide a client certification key associated with a user accessing the record and at least one encrypted field identifier to a security server, wherein the security server is separate from the cloud storage solution and wherein decryption keys associated with the encrypted data fields are stored only on the security server, and wherein the client system is associated with a local program coordinating access with the security server and operable when executed to communicate with the security server; receive at least one decryption key associated with at least one of the at least one encrypted field identifier from the security server; decrypt, by the local program using each of the received decryption keys, at least one encrypted data field; and present the received record to the user. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification