| 发明名称 | Distributing keys for decrypting client data | ||
| 摘要 | In some embodiments, a server can establish a session with a remote client. The server can generate a session key portion for the session and a client key portion for the remote client. The server can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key can be generated from a static key portion accessible by the server, the session key portion, and the client key portion. The server can associate the session key portion with the session. The session key portion is accessible by the server during the session. The server can delete the client key portion after providing the client key portion to the remote client. The server can obtain the client key portion from the remote client in response to determining that subsequent transactions during the session involve decrypting the encrypted client data. | ||
| 申请公布号 | US9215064(B2) | 申请公布日期 | 2015.12.15 |
| 申请号 | US201314058460 | 申请日期 | 2013.10.21 |
| 申请人 | Adobe Systems Incorporated | 发明人 | Day Jeffrey Michael;Fransen Peter Raymond |
| 分类号 | H04L29/06;H04L9/08 | 主分类号 | H04L29/06 |
| 代理机构 | Kilpatrick Townsend & Stockton LLP | 代理人 | Kilpatrick Townsend & Stockton LLP |
| 主权项 | 1. A method comprising: establishing a session between a server and a remote client; generating a session key portion for the session and a client key portion for the remote client; encrypting client data received from the remote client during the session using a combined encryption key generated from a static key portion accessible by the server, the session key portion, and the client key portion; associating the session key portion with the session; storing the session key portion and the encrypted client data in a location inaccessible to the remote client, wherein the session key portion and the encrypted client data are accessible to the server and used for subsequent transactions between the server and an additional server during the session; providing the client key portion to the remote client; deleting the client key portion from the server; determining, subsequent to deleting the client key portion from the server, that a subsequent transaction between the server and the additional server involves providing decrypted client data from the server to the additional server; and responsive to determining that the subsequent transaction involves providing the decrypted client data from the server to the additional server: obtaining the client key portion from the remote client,decrypting the client data with a combined decryption key that is generated by the server from the session key portion, the static key portion, the obtained client key portion, andproviding the decrypted client data from the server to the additional server. | ||
| 地址 | San Jose CA US | ||