US2022255758A1PendingUtilityA1

Systems and methods for protecting data

47
Assignee: WANG GANGPriority: Oct 15, 2019Filed: Oct 15, 2019Published: Aug 11, 2022
Est. expiryOct 15, 2039(~13.3 yrs left)· nominal 20-yr term from priority
H04L 67/562H04L 63/0869H04W 12/65H04L 2101/365H04L 63/0428H04W 12/065H04L 63/10H04L 9/3263H04L 9/3271H04L 63/107H04L 9/321H04W 12/033H04L 9/0825
47
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Systems and methods are disclosed for protecting data. A device requesting access to the data is required to correctly respond to a challenge embedded in the data provided responsive to a request for the data. If the device that receives the data is able to generate the correct response to the challenge, the device can be validated as the device that was intended to receive the data. When the device is able to generate the correct response to the challenge, the correct response can indicate that the requested data is being used as intended. That is, the challenge can ensure that the context specified in the request, which was deemed an appropriate environment for use of the data by the server that triggered distribution of the data responsive to the request, is, in fact, the context in which the data is actually going to be used.

Claims

exact text as granted — not AI-modified
1 . A method comprising:
 receiving, by one or more servers, a data request comprising one or more attributes characterizing an environment of a client device to which requested data will be provided;   selecting, by the one or more servers, response data based on the one or more attributes;   generating, by the one or more servers and using the one or more attributes characterizing the environment of the client device to which the requested data will be provided, a validation challenge that controls access to the response data based on whether the client device generates a correct answer to the validation challenge, including:
 providing the client device access to the response data when the answer generated by the client device correctly responds to the validation challenge and the client device validates the one or more attributes of the environment specified in the validation challenge; 
 preventing the client device from accessing the response data when the answer generated by the client device does not correctly respond to the validation challenge or the client device does not validate the one or more attributes of the environment specified in the validation challenge; and 
   securing, by the one or more servers, the response data with the validation challenge; and   transmitting, by the one or more servers, the response data secured with the validation challenge to the client device.   
     
     
         2 . The method of  claim 1 , further comprising:
 generating a challenge response at the client device;   determining, at the client device, whether the challenge response is a valid response to the validation challenge; and   in response to determining that the challenge response is a valid response to the validation challenge, accessing, by the client device the response data.   
     
     
         3 . The method of  claim 1 , wherein providing the client device access to the response data comprises providing, to the client device, executable code that enables the client device to access the response data on the client device when the client device generates a valid response to the validation challenge. 
     
     
         4 . The method of any of  claims 1 , wherein the one or more attributes comprise one or more of a public key of a browser of the client device, a public key of the client device, address of the client device, the server's cookie name and value, or an application name. 
     
     
         5 . The method of any of  claims 1 , wherein generating the validation challenge comprises:
 generating a unique value;   retrieving a public key of the client device;   encrypting the unique value and one or more attributes of the request using the public key of the client device; and   generating the validation challenge that includes the encrypted unique value and the one of the one or more attributes.   
     
     
         6 . The method of any of  claims 1 , wherein securing, by the one or more servers, the response data with the validation challenge comprises encrypting, using a public key of the client device, at least a portion of the response data. 
     
     
         7 . The method of any of  claims 1 , wherein receiving the data request comprising the one or more attributes characterizing an environment of a client device to which requested data will be provided comprises receiving the data request from an intermediary server that stores at least a portion of the one or more attributes. 
     
     
         8 . The method of any of  claims 1 , wherein transmitting, by the one or more servers, the response data secured with the validation challenge to the client device comprises:
 extracting, from the data request, an address of the client device; and   transmitting the validation challenge to the address of the client device.   
     
     
         9 . A non-transitory computer storage medium encoded with a computer program, the program comprising instructions that when executed by data processing apparatus cause the data processing apparatus to perform operations comprising:
 receiving, by one or more servers, a data request comprising one or more attributes characterizing an environment of a client device to which requested data will be provided;   selecting, by the one or more servers, response data based on the one or more attributes;   generating, by the one or more servers and using the one or more attributes characterizing the environment of the client device to which the requested data will be provided, a validation challenge that controls access to the response data based on whether the client device generates a correct answer to the validation challenge, including:
 providing the client device access to the response data when the answer generated by the client device correctly responds to the validation challenge and the client device validates the one or more attributes of the environment specified in the validation challenge; 
 preventing the client device from accessing the response data when the answer generated by the client device does not correctly respond to the validation challenge or the client device does not validate the one or more attributes of the environment specified in the validation challenge; and 
   securing, by the one or more servers, the response data with the validation challenge; and   transmitting, by the one or more servers, the response data secured with the validation challenge to the client device.   
     
     
         10 . The non-transitory computer storage medium of  claim 9 , further comprising:
 generating a challenge response at the client device;   determining, at the client device, whether the challenge response is a valid response to the validation challenge; and   in response to determining that the challenge response is a valid response to the validation challenge, accessing, by the client device the response data.   
     
     
         11 . The non-transitory computer storage medium of  claim 9 , wherein providing the client device access to the response data comprises providing, to the client device, executable code that enables the client device to access the response data on the client device when the client device generates a valid response to the validation challenge. 
     
     
         12 . The non-transitory computer storage medium of any of  claims 9 , wherein the one or more attributes comprise one or more of a public key of a browser of the client device, a public key of the client device, address of the client device, the server's cookie name and value, or an application name. 
     
     
         13 . The non-transitory computer storage medium of any of  claims 9 , wherein generating the validation challenge comprises:
 generating a unique value;   retrieving a public key of the client device;   encrypting the unique value and one or more attributes of the request using the public key of the client device; and   generating the validation challenge that includes the encrypted unique value and the one of the one or more attributes.   
     
     
         14 . The non-transitory computer storage medium of any of  claims 9 , wherein securing, by the one or more servers, the response data with the validation challenge comprises encrypting, using a public key of the client device, at least a portion of the response data. 
     
     
         15 . The non-transitory computer storage medium of any of  claims 9 , wherein receiving the data request comprising the one or more attributes characterizing an environment of a client device to which requested data will be provided comprises receiving the data request from an intermediary server that stores at least a portion of the one or more attributes. 
     
     
         16 . The non-transitory computer storage medium of any of  claims 9 , wherein transmitting, by the one or more servers, the response data secured with the validation challenge to the client device comprises:
 extracting, from the data request, an address of the client device; and   transmitting the validation challenge to the address of the client device.   
     
     
         17 . A system comprising one or more servers configured for:
 receiving a data request comprising one or more attributes characterizing an environment of a client device to which requested data will be provided;   selecting response data based on the one or more attributes;   generating, using the one or more attributes characterizing the environment of the client device to which the requested data will be provided, a validation challenge that controls access to the response data based on whether the client device generates a correct answer to the validation challenge, including:
 providing the client device access to the response data when the answer generated by the client device correctly responds to the validation challenge and the client device validates the one or more attributes of the environment specified in the validation challenge; 
 preventing the client device from accessing the response data when the answer generated by the client device does not correctly respond to the validation challenge or the client device does not validate the one or more attributes of the environment specified in the validation challenge; and 
   securing the response data with the validation challenge; and   transmitting the response data secured with the validation challenge to the client device.   
     
     
         18 . The system of  claim 17 , the server performs operations further comprising:
 generating a challenge response at the client device;   determining, at the client device, whether the challenge response is a valid response to the validation challenge; and   in response to determining that the challenge response is a valid response to the validation challenge, accessing, by the client device the response data.   
     
     
         19 . The system of  claim 17 , wherein providing the client device access to the response data comprises providing, to the client device, executable code that enables the client device to access the response data on the client device when the client device generates a valid response to the validation challenge. 
     
     
         20 . The system of any of  claims 17 , wherein the one or more attributes comprise one or more of a public key of a browser of the client device, a public key of the client device, address of the client device, the server's cookie name and value, or an application name.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.