84 results about "Client-side encryption" patented technology

Embodiments of the present invention are directed to Web-Services-based data backup and data-archiving applications that provide remote data backup and data archiving to private individuals, small businesses, and other organizations that need reliable, secure, geographically remote, and cost-effective data backup, data archiving, and backed-up and archived-data retrieval. In one embodiment of the present invention, a private or small-business client contracts with a service provider for data-backup and data-archiving services. The service provider, in turn, contracts with a remote data-storage facility to provide secure, reliable data backup and data archiving to the personal or small-business client. A client-side application is downloaded to the client computer and configured to allow the client to store locally encrypted data at the remote, data-storage facilities. Neither the service provider nor the data-storage facility can decrypt or otherwise access the information stored by the client. In addition, the encryption key or encryption keys used by the client to encrypt the data for remote storage are securely stored at the remote, data-storage facility for subsequent recovery by the client, should the client suffer damage or loss to a local computer system. However, the client encryption key is stored in a doubly encrypted fashion, preventing access to the client's encryption key by either the service provider or the data-storage facility. Certain embodiments of the present invention also provide local indexing for remotely stored, encrypted data and efficient storage of updates to already remotely stored data.

Disclosed is a zero-knowledge distributed application configured to securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.

A method for performing access management to facilitate a user to access applications in a single sign-on enabled enterprise solution is provided. A challenge token and a response token are transmitted between a server and a client. The challenge token and response token comprises one-way hashed data. The response token is verified at the server and the client to authenticate the user. Further, a request for service token is transmitted between the server and the client. The request for service token is encrypted at the client and decrypted at the server using a unique session key negotiated between the server and client. A service token is generated and transmitted between the server and the client. The service token is encrypted and decrypted at the server using a secret key to verify the service token. Based on the verification, the requested applications are rendered on client based user interface.

Techniques are provided for processing data. Connections having different security properties are stored, wherein each of the connections allows applications at the client computer to access data sources at a server computer. A request is received from an application to access a data source, wherein the request has associated security properties. In response to the client computer requesting establishment of a connection on behalf of the application, it is determined whether there is a stored connection that used a same set of security properties as are associated with the request from the application and that connected to the data source that the application requests access to. In response to determining that there is a stored connection that used the same set of security properties and that connected to the data source, the connection and an associated client encryption seed, client encryption token, server encryption seed, and server encryption token are re-used. In response to determining that there is not a connection that used the same set of security properties and that connected to the data source, a new client connection key, client encryption seed, client encryption token, sever connection key, server encryption seed, and server encryption token are generated.

A technique for extending security to a data object (e.g., a document, a file, a message, etc.) once it has been shared and during collaboration with others who have access rights to that data object. The approach advantageously combines group key-based client-side encryption to secure the data object as it travels from a user's computer, to the cloud, and to a chosen collaborator's computer, together with a digital rights management (DRM) layer that provides permission management that associates a set of permission rights that travel with the data object.

The invention discloses a federal learning incentive method and system based on a license chain, and relates to the technical field of blockchains, and the method comprises the steps that the registration and authentication of clients is carried out, the registration of each client is carried out to the license chain, and the authentication and certificate issuing of each client is carried out through the license chain; the smart contract of the license chain runs, and sampling is carried out from a group of clients meeting qualification requirements; the client downloads the training model and the program from the license chain; the client updates parameters of the model by executing a training program in local calculation, encrypts the updated parameters and uploads the encrypted parameters to the license chain; the license chain node receives the data encrypted by the client, decrypts the data and verifies the correctness of the data; the license chain node carries out consensus, after the consensus is passed, the reputation value and the contribution value of the client are calculated, and a new block is generated; the intelligent contract aggregates the model parameters and updates the parameters; and the smart contract judges whether a preset convergence condition of the model is met, if not, the next round of training is carried out, if yes, training is terminated, and excitation is issued according to the contribution value of the client. According to the method and system, the license block chain and the intelligent contract technology are applied, the problem that a federal learning malicious client or participants damage the correctness of training by utilizing wrong gradient collection and parameter updating is solved, an incentive mechanism is provided, the enthusiasm of providing data and updating network model parameters among the participants is increased, and meanwhile, the security of private data is improved.

Abstract of the Disclosure A network system providing integration. The network system includes a client computer, a server, a server-side cryptographic function, a PKI-Bridge, a remote access switch, a client-side cryptographic function, a dial-up client, and a custom script dynamically linked library. The server-side cryptographic function is located on the server and provides cryptographic services. The PKI-Bridge provides an interface between the server and the server-side cryptographic function. The remote access switch provides an interface between the client computer and the server. The client-side cryptographic function is located on the client computer and provides cryptographic services. The dial-up client provides dial-up services to access the remote access switch. The custom script dynamically linked library provides an interface between the dial-up client and the client-side cryptographic function.

A server and a client mutually exclusively execute server-side and client-side commutative cryptographic processes and server-side and client-side commutative permutation processes. The server has access to a hash table, while the client does not. The server and client perform a method including: encrypting and reordering the hash table using the server; communicating the encrypted and reordered hash table to the client; further encrypting and further reordering the hash table using the client; communicating the further encrypted and further reordered hash table back to the server; and partially decrypting and partially undoing the reordering using the server to generate a double-blind hash table. To read an entry, the client hashes and permute an index key and communicates same to the server which retrieves an item from the double-blind hash table using the hashed and permuted index key and sends it back to the client which decrypts the retrieved item.