| 发明名称 |
Distributing Keys for Decrypting Client Data |
| 摘要 |
In some embodiments, a server can establish a session with a remote client. The server can generate a session key portion for the session and a client key portion for the remote client. The server can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key can be generated from a static key portion accessible by the server, the session key portion, and the client key portion. The server can associate the session key portion with the session. The session key portion is accessible by the server during the session. The server can delete the client key portion after providing the client key portion to the remote client. The server can obtain the client key portion from the remote client in response to determining that subsequent transactions during the session involve decrypting the encrypted client data. |
| 申请公布号 |
US2016080145(A1) |
申请公布日期 |
2016.03.17 |
| 申请号 |
US201514939308 |
申请日期 |
2015.11.12 |
| 申请人 |
Adobe Systems Incorporated |
发明人 |
Day Jeffrey Michael;Fransen Peter Raymond |
| 分类号 |
H04L9/08 |
主分类号 |
H04L9/08 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
storing a static key portion at a server for creating combined encryption keys for multiple clients; generating a first session key portion for a first session with a first remote client and a first client key portion for the first remote client; encrypting first client data received from the first remote client during the first session using a first combined encryption key generated from the static key portion, the first session key portion, and the first client key portion; generating a second session key portion for a second session with a second remote client and a second client key portion for the second remote client; encrypting second client data received from the second remote client during the second session using a second combined encryption key generated from the static key portion, the second session key portion, and the second client key portion; providing the first client key portion to the first remote client and the second client key portion to the second remote client and deleting the first and second client key portions from the server; and subsequent to deleting the first and second client key portions, invalidating the static key portion responsive to determining that a security breach has occurred with respect to the server during the first and second sessions, wherein invalidating the static key portion invalidates the first and second combined encryption keys. |
| 地址 |
San Jose CA US |
