“Differential Client-Side Encryption Of Information Originating From A Client” in Patent Application Approval Process (USPTO 20230139090): Patent Application
2023 MAY 24 (NewsRx) -- By a
This patent application has not been assigned to a company or institution.
The following quote was obtained by the news editors from the background information supplied by the inventors: “Information such as personal data and other sensitive information may be passed across a network such as the Internet, for example to provide credential information, payment information, or personal account management information. To protect sensitive information, the information can be transmitted over a secure transmission connection, such as Transport Layer Security (TLS) or Secure Socket Layer (SSL).
“To secure information from unauthorized review, the information can be digitally encrypted. One example of digital encryption is public key cryptography. In the public key cryptography scheme, two separate but mathematically-connected keys (e.g., numeric values) are used to secure the information. The first, a public key, is used to encrypt the data using an encryption algorithm. The second, a private key, can be used by the receiver of the data to decrypt the encrypted information. The receiver supplies the sender with the public key such that the sender is capable of securely transmitting information to the receiver.
“The receiver of sensitive information may be obligated to secure the privacy of the user from unauthorized access to the sensitive information. Information may be sensitive if the information is confidential (e.g., industry and/or professional standards indicate that only designated parties should have access to the information). Information may be sensitive if a party incurs regulatory obligations for handling the information due to exposure to the information. Information may be sensitive if a party incurs potential liability due to handling of and/or exposure to the information.
“The receiver of the sensitive information, in some circumstances, may request the sensitive information from the user, not for use by the requestor, but for processing by a third party, such as a credit card system or a health insurance authorization system. There is a desire for a method and apparatus capable of enabling the conveyance of sensitive information through the system of the requestor without the requestor having access to the contents of the conveyance. If the requestor is incapable of rendering and/or interpreting the sensitive information, the requestor may avoid obligation to protect the sensitive information.”
In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventor’s summary information for this patent application: “In one aspect, the present disclosure is directed to a method including allocating, by a processor of a first computing device, a number of public keys, where each respective public key of the number of public keys is allocated to a respective entity of a number of entities. The method may include storing, in a memory of the first computing device, a number of private keys, where each respective private key of the number of private keys corresponds to a respective public key of the number of public keys. The method may include storing, in the memory of the first computing device, one or more decryption algorithms, where each respective decryption algorithm of the one or more decryption algorithms is configured to decrypt data previously encrypted using at least one encryption algorithm of one or more encryption algorithms. Each respective encryption algorithm of the one or more encryption algorithms may be configured to encrypt data using at least one public key of the number of public keys. Each respective decryption algorithm of the one or more decryption algorithms may be configured to decrypt data using at least one private key of the number of private keys. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key of the number of public keys and a first encryption algorithm of the one or more encryption algorithms, and the encrypted data is provided over a network. The method may include determining, by the processor of the first computing device, a first private key of the number of private keys, where the first private key corresponds to the first public key, and the first public key is allocated to a first entity of the number of entities. The method may include decrypting, by the processor of the first computing device, the encrypted data using the first private key and at least one decryption algorithm of the one or more decryption algorithms, where decrypted data is obtained by decrypting the encrypted data. The method may include providing a portion of the decrypted data for processing by a processing engine, where a second computing device includes the processing engine. The method may include receiving a processing result generated by the processing engine, where the processing result relates to the portion of the decrypted data. The method may include providing, over the network, the processing result to the first entity.
“In some embodiments, the method may further include, prior to providing the portion of the decrypted data for processing by the processing engine, queuing, by the processor of the first computing device, the decrypted data for processing.
“The method may further include, prior to receiving the encrypted data, receiving a download request for the first encryption algorithm, where the download request is received across the network from a third computing device, and providing the first encryption algorithm, via the network, to the third computing device. The download request may include a hypertext transfer protocol request. The method may include storing, in the memory of the first computing device, the one or more encryption algorithms as one or more encryption subprograms, where providing the first encryption algorithm includes providing a first encryption subprogram of the one or more encryption subprograms, where the first encryption subprogram includes the first encryption algorithm. The first encryption subprogram may include runtime interpreted instructions.
“In some embodiments, the method may include storing at least one of the decrypted data and the encrypted data in a storage archive accessible to the first computing device. The method may include receiving, over the network, unencrypted data, where the unencrypted data is related to the encrypted data, and providing a portion of the unencrypted data for processing by the processing engine, where the portion of the unencrypted data is provided with the portion of the decrypted data.
“In some embodiments, the method may further include receiving, over the network, an indication of a type of processing to be performed on the encrypted data, where the indication of the type of processing is provided by a third computing device controlled by the first entity. The type of processing may include at least one of a credit card authorization and a background check. The encrypted data may include one or more of credit card information, medical history information,
“In one aspect, the present disclosure describes a method including storing, in a memory of a first computing device, one or more encryption algorithms; providing, to a requestor across a network, a first encryption algorithm of the one or more encryption algorithms; and storing, in the memory of the first computing device, one or more decryption algorithms, where each respective decryption algorithm of the one or more decryption algorithms is configured to decrypt data previously encrypted using at least one encryption algorithm of the one or more encryption algorithms. The method may include receiving a processing request, where the processing request includes encrypted data, non-encrypted data, and an indication of a type of processing to be performed, where the processing request is provided over a network from a second computing device controlled by an entity, and the encrypted data is encrypted using the first encryption algorithm. The method may include determining, by a processor of the first computing device, that the encrypted data is associated with the entity; determining, by the processor of the first computing device, a first decryption algorithm of the one or more decryption algorithms; decrypting, by the processor of the first computing device, the encrypted data using the first decryption algorithm, where decrypted data is obtained by decrypting the encrypted data; determining, by the processor of the first computing device, a processing engine configured to process the decrypted data using the type of processing; and providing, via a second network, a portion of the decrypted data and a portion of the unencrypted data to a third computing device, where the third computing device includes the processing engine. The method may include receiving a processing result from the third computing device, and providing the processing result to the second computing device.
“In some embodiments, the first encryption algorithm may be an asymmetrical encryption algorithm. The method may further include allocating, by the processor of the first computing device, a public key to the entity; providing the public key to the second computing device, where the encrypted data is encrypted using the public key; and storing, in the memory of the first computing device, a private key. The private key may be paired with the public key, and decrypting the encrypted data may include decrypting using the private key.
“In one aspect of the present disclosure, a method may include storing, in a memory of a first computing device, one or more encryption algorithms as one or more encryption subprograms; receiving, via a network, a download request for a first encryption subprogram of the one or more encryption subprograms; providing, via the network, the first encryption subprogram; and receiving, via the network, a processing request, where the processing request includes encrypted data, where the encrypted data is encrypted using the first encryption subprogram. The method may include determining, by a processor of the first computing device, that the encrypted data is associated with an entity; determining, by the processor of the first computing device, a first decryption algorithm, wherein the first decryption algorithm is configured to decrypt the encrypted data; and decrypting, by the processor of the first computing device, the encrypted data using the first decryption algorithm, where decrypted data is obtained by decrypting the encrypted data. The method may include determining, by the processor of the first computing device, a processing engine for processing the decrypted data; providing, via a second network, a portion of the decrypted data to a second computing device, where the second computing device includes the processing engine; receiving a processing result from the second computing device; and providing, across the network, to a third computing device, the processing result, where the third computing device is controlled by the entity.
“The processing request may be received from the third computing device. The processing result may include an indication of at least one of approval and denial. The download request may be received from a fourth computing device controlled by an end user, where the fourth computing device is different from the second computing device and the third computing device.”
There is additional summary information. Please visit full patent to read further.”
The claims supplied by the inventors are:
“1. (canceled)
“2. A computer system, comprising: one or more processors; a non-transitory computer-readable medium having stored thereon instructions that are executable by the one or more processors to cause the computer system to perform operations comprising: receiving, from a user device, a request for a first application associated with a first entity server of a first entity, wherein the first application comprises an encryption module configured to perform data encryption for a transaction with the first entity using a first public encryption key corresponding to a first private encryption key and obtained from an intermediary server, wherein the first entity is not a controlling entity of the intermediary server; and transmitting the first application to the user device, wherein the first application, upon an execution by the user device, is configured to receive data from a user of the user device for the transaction with the first entity, to encrypt the data using the first public encryption key, and to transmit the encrypted data to the first entity server, and wherein the first entity server is configured to transmit the encrypted data to the intermediary server without decrypting the encrypted data.
“3. The computer system of claim 2, wherein the first application, upon an execution by the user device, is further configured to retrieve the first public encryption key from the intermediary server.
“4. The computer system of claim 2, wherein the operations further receiving, from a second user device, a second request for a second application associated with a second entity server, wherein the second application comprises a second encryption module configured to perform data encryption using a second public encryption key corresponding to a second private encryption key and obtained from the intermediary server; and transmitting the second application to the second user device, wherein the second application, upon an execution by the second user device, is configured to receive second data associated with a second transaction with the second entity, to encrypt the second data using the second public encryption key, and to transmit the encrypted second data to the second entity server, and wherein the second entity server is configured to transmit the encrypted second data to the intermediary server without decrypting the encrypted second data.
“5. The computer system of claim 4, wherein the first public encryption key and the first private encryption key are allocated to the first entity, and wherein the second public encryption key and the second private encryption key are allocated to a second entity associated with the second entity server.
“6. The computer system of claim 2, wherein the first entity is a healthcare service provider, and wherein the first application is configured to authenticate patient information in a health information network.
“7. The computer system of claim 2, wherein the first entity is associated with law enforcement, and wherein the first application is configured to verify background information of individuals.
“8. The computer system of claim 2, wherein the first entity is a merchant, and wherein the first application is an electronic commerce application associated with the merchant.
“9. A method comprising: receiving, by a computer system from a user device, a request for downloading a first application associated with a first entity server of a first entity, wherein the first application comprises a first encryption module configured to perform data encryption using a first public encryption key corresponding to a first private encryption key and obtained from an intermediary server; and enabling, by the computer system, the first application to be downloaded onto the user device, wherein the first application, upon an execution by the user device, is configured to retrieve the first private encryption key from the intermediary server, to receive first data from a user of the user device, to encrypt the first data using the first public encryption key, and to transmit the encrypted first data to the first entity server, and wherein the first entity server is configured to transmit the encrypted first data to the intermediary server without decrypting the encrypted data.
“10. The method of claim 9, wherein the computer system is associated with an online application store.
“11. The method of claim 9, wherein the first entity is not a controlling entity of the intermediary server.
“12. The method of claim 9, further comprising: receiving, from a second user device, a second request for downloading a second application associated with a second entity server, wherein the second application comprises a second encryption module configured to perform data encryption using a second public encryption key corresponding to a second private encryption key and obtained from the intermediary server; and enabling the second application to be downloaded onto the second user device, wherein the second application, upon an execution by the second user device, is configured to receive second data, to encrypt the second data using the second public encryption key, and to transmit the encrypted second data to the second entity server, and wherein the second entity server is configured to transmit the encrypted second data to the intermediary server without decrypting the encrypted second data.
“13. The method of claim 12, wherein the first public encryption key and the first private encryption key are allocated to the first entity, and wherein the second public encryption key and the second private encryption key are allocated to a second entity associated with the second entity server.
“14. The method of claim 9, wherein the first entity is a healthcare service provider, and wherein the first application is configured to authenticate patient information in a health information network.
“15. The method of claim 9, wherein the first entity is a merchant, and wherein the first application is an electronic commerce application.
“16. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising: receiving, from a user device, a request to download a first application associated with a first entity server of a first entity, wherein the first application is configured to perform data encryption for a transaction with the first entity using a first public encryption key corresponding to a first private encryption key and obtained from an intermediary server, wherein the first entity is not a controlling entity of the intermediary server; and transmitting the first application to the user device, wherein the first application, upon an execution by the user device, is configured to receive data from a user of the user device for the transaction with the first entity, to encrypt the data using the first public encryption key, and to transmit the encrypted data to the first entity server, and wherein the first entity server is configured to transmit the encrypted data to the intermediary server without decrypting the encrypted data.
“17. The non-transitory machine-readable medium of claim 16, wherein the first application, upon an execution by the user device, is further configured to retrieve the first public encryption key from the intermediary server.
“18. The non-transitory machine-readable medium of claim 16, wherein the operations further comprise: receiving, from a second user device, a second request to download a second application associated with a second entity server, wherein the second application is configured to perform data encryption using a second public encryption key corresponding to a second private encryption key and obtained from the intermediary server; and transmitting the second application to the second user device, wherein the second application, upon an execution by the second user device, is configured to receive second data associated with a second transaction with the second entity, to encrypt the second data using the second public encryption key, and to transmit the encrypted second data to the second entity server, and wherein the second entity server is configured to transmit the encrypted second data to the intermediary server without decrypting the encrypted second data.
“19. The non-transitory machine-readable medium of claim 18, wherein the first public encryption key and the first private encryption key are allocated to the first entity, and wherein the second public encryption key and the second private encryption key are allocated to a second entity associated with the second entity server.
“20. The non-transitory machine-readable medium of claim 16, wherein the first entity is associated with law enforcement, and wherein the first application is configured to verify background information of people.
“21. The non-transitory machine-readable medium of claim 16, wherein the first entity is a merchant, and wherein the first application is an electronic commerce application associated with the merchant.”
URL and more information on this patent application, see: Manges, Daniel. Differential Client-Side Encryption Of Information Originating From A Client.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for Image analysis technologies for identifying abnormal vehicle conditions (USPTO 11640717): State Farm Mutual Automobile Insurance Company
Patent Application Titled “Server Device, Terminal Device, Information Processing Program, And Information Processing Method” Published Online (USPTO 20230140630): Sony Group Corporation
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News