| 发明名称 | Transparent client-side cryptography for network applications | ||
| 摘要 | In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user. | ||
| 申请公布号 | US9094379(B1) | 申请公布日期 | 2015.07.28 |
| 申请号 | US201012981247 | 申请日期 | 2010.12.29 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Miller Kevin |
| 分类号 | H04L9/00;H04L29/06;H04L9/08;H04L9/14 | 主分类号 | H04L9/00 |
| 代理机构 | Knobbe, Martens, Olson & Bear, LLP | 代理人 | Knobbe, Martens, Olson & Bear, LLP |
| 主权项 | 1. A method of securely storing user data over a network, the method comprising: by one or more computer systems comprising computer hardware: intercepting user data associated with a user from a local network application, the user data sent by the local network application to a remote network application implemented in a remote content site configured to provide access to the remote network application, the remote network application capable of storing and sharing data received from the user with other users of the remote network application;responsive to intercepting the user data, accessing a remote network application to determine one or more data fields from a set of data fields accessible at the remote network application that are capable of accepting encrypted data, wherein at least some fields from the set of data fields are not eligible to store encrypted data, and wherein said accessing the remote network application to determine the one or more data fields further comprises overriding an indication that at least one data field is not eligible to store encrypted data and including the at least one data field in the one or more data fields that are capable of accepting encrypted data;determining whether the user data is associated with the one or more data fields; andin response to determining that the user data is associated with the one or more data fields: encrypting the user data with a data encryption key to obtain encrypted user data;encrypting the data encryption key with one or more keys of authorized recipients to produce one or more receiver keys, the authorized recipients comprising users with accounts at the remote network application who are associated with the user at the remote network application; andproviding a message comprising the encrypted user data and the one or more receiver keys to the local network application, such that the local network application is configured to direct the message to the remote network application for storage. | ||
| 地址 | Seattle WA US | ||