Systems and methods for protecting data
Abstract
Systems and methods are disclosed for protecting data. A device requesting access to the data is required to correctly respond to a challenge embedded in the data provided responsive to a request for the data. If the device that receives the data is able to generate the correct response to the challenge, the device can be validated as the device that was intended to receive the data. When the device is able to generate the correct response to the challenge, the correct response can indicate that the requested data is being used as intended. That is, the challenge can ensure that the context specified in the request, which was deemed an appropriate environment for use of the data by the server that triggered distribution of the data responsive to the request, is, in fact, the context in which the data is actually going to be used.
Claims
exact text as granted — not AI-modified1 . A method comprising:
receiving, by one or more servers, a data request comprising one or more attributes characterizing an environment of a client device to which requested data will be provided; selecting, by the one or more servers, response data based on the one or more attributes; generating, by the one or more servers and using the one or more attributes characterizing the environment of the client device to which the requested data will be provided, a validation challenge that controls access to the response data based on whether the client device generates a correct answer to the validation challenge, including:
providing the client device access to the response data when the answer generated by the client device correctly responds to the validation challenge and the client device validates the one or more attributes of the environment specified in the validation challenge;
preventing the client device from accessing the response data when the answer generated by the client device does not correctly respond to the validation challenge or the client device does not validate the one or more attributes of the environment specified in the validation challenge; and
securing, by the one or more servers, the response data with the validation challenge; and transmitting, by the one or more servers, the response data secured with the validation challenge to the client device.
2 . The method of claim 1 , further comprising:
generating a challenge response at the client device; determining, at the client device, whether the challenge response is a valid response to the validation challenge; and in response to determining that the challenge response is a valid response to the validation challenge, accessing, by the client device the response data.
3 . The method of claim 1 , wherein providing the client device access to the response data comprises providing, to the client device, executable code that enables the client device to access the response data on the client device when the client device generates a valid response to the validation challenge.
4 . The method of any of claims 1 , wherein the one or more attributes comprise one or more of a public key of a browser of the client device, a public key of the client device, address of the client device, the server's cookie name and value, or an application name.
5 . The method of any of claims 1 , wherein generating the validation challenge comprises:
generating a unique value; retrieving a public key of the client device; encrypting the unique value and one or more attributes of the request using the public key of the client device; and generating the validation challenge that includes the encrypted unique value and the one of the one or more attributes.
6 . The method of any of claims 1 , wherein securing, by the one or more servers, the response data with the validation challenge comprises encrypting, using a public key of the client device, at least a portion of the response data.
7 . The method of any of claims 1 , wherein receiving the data request comprising the one or more attributes characterizing an environment of a client device to which requested data will be provided comprises receiving the data request from an intermediary server that stores at least a portion of the one or more attributes.
8 . The method of any of claims 1 , wherein transmitting, by the one or more servers, the response data secured with the validation challenge to the client device comprises:
extracting, from the data request, an address of the client device; and transmitting the validation challenge to the address of the client device.
9 . A non-transitory computer storage medium encoded with a computer program, the program comprising instructions that when executed by data processing apparatus cause the data processing apparatus to perform operations comprising:
receiving, by one or more servers, a data request comprising one or more attributes characterizing an environment of a client device to which requested data will be provided; selecting, by the one or more servers, response data based on the one or more attributes; generating, by the one or more servers and using the one or more attributes characterizing the environment of the client device to which the requested data will be provided, a validation challenge that controls access to the response data based on whether the client device generates a correct answer to the validation challenge, including:
providing the client device access to the response data when the answer generated by the client device correctly responds to the validation challenge and the client device validates the one or more attributes of the environment specified in the validation challenge;
preventing the client device from accessing the response data when the answer generated by the client device does not correctly respond to the validation challenge or the client device does not validate the one or more attributes of the environment specified in the validation challenge; and
securing, by the one or more servers, the response data with the validation challenge; and transmitting, by the one or more servers, the response data secured with the validation challenge to the client device.
10 . The non-transitory computer storage medium of claim 9 , further comprising:
generating a challenge response at the client device; determining, at the client device, whether the challenge response is a valid response to the validation challenge; and in response to determining that the challenge response is a valid response to the validation challenge, accessing, by the client device the response data.
11 . The non-transitory computer storage medium of claim 9 , wherein providing the client device access to the response data comprises providing, to the client device, executable code that enables the client device to access the response data on the client device when the client device generates a valid response to the validation challenge.
12 . The non-transitory computer storage medium of any of claims 9 , wherein the one or more attributes comprise one or more of a public key of a browser of the client device, a public key of the client device, address of the client device, the server's cookie name and value, or an application name.
13 . The non-transitory computer storage medium of any of claims 9 , wherein generating the validation challenge comprises:
generating a unique value; retrieving a public key of the client device; encrypting the unique value and one or more attributes of the request using the public key of the client device; and generating the validation challenge that includes the encrypted unique value and the one of the one or more attributes.
14 . The non-transitory computer storage medium of any of claims 9 , wherein securing, by the one or more servers, the response data with the validation challenge comprises encrypting, using a public key of the client device, at least a portion of the response data.
15 . The non-transitory computer storage medium of any of claims 9 , wherein receiving the data request comprising the one or more attributes characterizing an environment of a client device to which requested data will be provided comprises receiving the data request from an intermediary server that stores at least a portion of the one or more attributes.
16 . The non-transitory computer storage medium of any of claims 9 , wherein transmitting, by the one or more servers, the response data secured with the validation challenge to the client device comprises:
extracting, from the data request, an address of the client device; and transmitting the validation challenge to the address of the client device.
17 . A system comprising one or more servers configured for:
receiving a data request comprising one or more attributes characterizing an environment of a client device to which requested data will be provided; selecting response data based on the one or more attributes; generating, using the one or more attributes characterizing the environment of the client device to which the requested data will be provided, a validation challenge that controls access to the response data based on whether the client device generates a correct answer to the validation challenge, including:
providing the client device access to the response data when the answer generated by the client device correctly responds to the validation challenge and the client device validates the one or more attributes of the environment specified in the validation challenge;
preventing the client device from accessing the response data when the answer generated by the client device does not correctly respond to the validation challenge or the client device does not validate the one or more attributes of the environment specified in the validation challenge; and
securing the response data with the validation challenge; and transmitting the response data secured with the validation challenge to the client device.
18 . The system of claim 17 , the server performs operations further comprising:
generating a challenge response at the client device; determining, at the client device, whether the challenge response is a valid response to the validation challenge; and in response to determining that the challenge response is a valid response to the validation challenge, accessing, by the client device the response data.
19 . The system of claim 17 , wherein providing the client device access to the response data comprises providing, to the client device, executable code that enables the client device to access the response data on the client device when the client device generates a valid response to the validation challenge.
20 . The system of any of claims 17 , wherein the one or more attributes comprise one or more of a public key of a browser of the client device, a public key of the client device, address of the client device, the server's cookie name and value, or an application name.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.