Opaque message archives
First Claim
Patent Images
1. A method comprising:
- receiving, by a server, at least a first unencrypted portion of a message from a sending client device;
generating, by the server, a split encryption key comprising at least a first key portion and a second key portion;
encrypting, by the server, at least the received first unencrypted portion of the message, using the split encryption key to produce an encrypted portion of the message;
providing, by the server, the first key portion to the sending client device, and thereafter, discarding the first key portion from the server;
storing, by the server, the encrypted portion of the message and the second key portion in storage accessible to the server;
receiving back, by the server, the first key portion; and
decrypting, by the server, the stored encrypted portion of the message for provision to a recipient client device using the received-back first key portion and the stored second key portion to recover the first unencrypted portion of the message.
3 Assignments
0 Petitions
Accused Products
Abstract
A system includes a server equipped to generate a split encryption key having at least a first key portion and a second key portion, that is used by the server to encrypt at least a portion of a message. Additionally, the first key portion of the split encryption key is retained by the server, while the second key portion of the split encryption key is delivered to a sending client and is discarded from the server. The sending client in turn provides the second key portion to one or more recipients of the message to facilitate recipient access to the message.
45 Citations
9 Claims
-
1. A method comprising:
-
receiving, by a server, at least a first unencrypted portion of a message from a sending client device; generating, by the server, a split encryption key comprising at least a first key portion and a second key portion; encrypting, by the server, at least the received first unencrypted portion of the message, using the split encryption key to produce an encrypted portion of the message; providing, by the server, the first key portion to the sending client device, and thereafter, discarding the first key portion from the server; storing, by the server, the encrypted portion of the message and the second key portion in storage accessible to the server; receiving back, by the server, the first key portion; and decrypting, by the server, the stored encrypted portion of the message for provision to a recipient client device using the received-back first key portion and the stored second key portion to recover the first unencrypted portion of the message.
-
-
2. A method comprising:
-
sending to a server, by a client device, at least a first unencrypted part of a message generated by the sending client device for secured storage and subsequent provision to a recipient client device; receiving from the server, by the client device, a first key portion of a split encryption key used in conjunction with a second key portion of the split encryption key by the server to encrypt the first unencrypted part of the message, wherein the second key portion is retained in storage accessible to the server while the first portion is discarded from the server; wherein; encryption of the first unencrypted part of the message on the server using the split encryption key generates an encrypted part of the message; the encrypted part of the message is stored in the storage accessible to the server; and the discarded first key portion is subsequently provided back to the server for use in conjunction with the retained second key portion to recover the first unencrypted part of the message for provision to the recipient client device; and sending the first key portion to the recipient client device to facilitate access by the recipient client device to the first unencrypted part of the message from the server. - View Dependent Claims (3, 4, 5, 6)
-
-
7. A system comprising:
-
a server equipped to; receive an unencrypted message from a sending client device; generate a split encryption key comprising at least a first key portion and a second key portion; encrypt the received unencrypted message, using the split encryption key to produce an encrypted message; store an encrypted version of the unencrypted message and the first key portion; provide the second key portion to the sending client device; discard the second key portion from the server; receive back the second key portion; and decrypt the stored encrypted version of the unencrypted message for provision to a recipient client device using the received-back second key portion and the stored first key portion to recover the unencrypted message; and the sending client device equipped to; receive the second key portion from the server; and provide the second key portion to a recipient client device to facilitate access to the unencrypted message by the recipient client device.
-
-
8. An article comprising:
a non-transitory computer-readable storage medium having stored therein programming instructions that, in response to being executed by a computing device, cause the computing device to; generate a split encryption key comprising at least a first key portion and a second key portion; receive, from the sending client device, at least a first unencrypted portion of a message; encrypt at least the received first unencrypted portion of the message, using the split encryption key to generate an encrypted portion of the message; provide the first key portion to the sending client device, and thereafter, discarding the first key portion from the device; store the encrypted portion of the message and the second key portion; receive back the first key portion; and decrypt the stored encrypted portion of the message for provision to a recipient client device using the received-back first key portion and the stored second key portion to recover the first unencrypted portion of the message.
-
9. An article comprising:
a non-transitory computer-readable storage medium having stored therein programming instructions that, in response to being executed by a computing device, cause the computing device to; send, to a server, at least a first unencrypted part of a message generated by the apparatus for secured storage and subsequent provision to a recipient client device; receive, from the server, a first key portion of a split encryption key used in conjunction with a second key portion of the split encryption key by the server to encrypt the first unencrypted part of the message, wherein the second key portion is retained in the server while the first portion is discarded from the server; wherein; encryption of the first unencrypted part of the message on the server using the split encryption key generates an encrypted part of the message; the encrypted part of the message is stored on the server; and the discarded first key portion is subsequently provided back to the server for use in conjunction with the retained second key portion to recover the first unencrypted part of the message for provision to the recipient client device; and send the first key portion to the recipient client device to facilitate access by the recipient client device to the first unencrypted part of the message from the server.
Specification