Patents by Inventor Nicolas Lidzborski
Nicolas Lidzborski has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11893108Abstract: A method for accessing one or more service processes of service includes executing at least one service enclave and executing an enclave sandbox that wraps the at least one service enclave. The at least one service enclave provides an interface to the one or more service processes. The enclave sandbox is configured to establish an encrypted communication tunnel to the at least one service enclave interfacing with the one or more service processes, and communicate program calls to/from the one or more service processes as encrypted communications through the encrypted communication tunnel.Type: GrantFiled: December 31, 2022Date of Patent: February 6, 2024Assignee: Google LLCInventors: Nicolas Lidzborski, Jonathon Giffin
-
Publication number: 20230353548Abstract: A computer-implemented method when executed by data processing hardware of a user device causes the data processing hardware to perform operations. The operations include obtaining, from a message server, an encrypted message encrypted by a single-use data encryption key (DEK) and an encrypted DEK including the single-use DEK encrypted by a public key (PK). The operations also include transmitting, to a key access control list server (KACLS), a decryption request requesting the KACLS decrypt the encrypted DEK with a PRK associated with the PK. The decryption request includes the encrypted DEK. The KACLS is independent from the message server. The operations also include receiving, from the KACLS, the single-use DEK and decrypting, using the single-use DEK, the encrypted message.Type: ApplicationFiled: July 11, 2023Publication date: November 2, 2023Applicant: Google LLCInventor: Nicolas Lidzborski
-
Patent number: 11736462Abstract: A computer-implemented method when executed by data processing hardware of a user device causes the data processing hardware to perform operations. The operations include obtaining, from a message server, an encrypted message encrypted by a single-use data encryption key (DEK) and an encrypted DEK including the single-use DEK encrypted by a public key (PK). The operations also include transmitting, to a key access control list server (KACLS), a decryption request requesting the KACLS decrypt the encrypted DEK with a PRK associated with the PK. The decryption request includes the encrypted DEK. The KACLS is independent from the message server. The operations also include receiving, from the KACLS, the single-use DEK and decrypting, using the single-use DEK, the encrypted message.Type: GrantFiled: February 1, 2022Date of Patent: August 22, 2023Assignee: Google LLCInventor: Nicolas Lidzborski
-
Publication number: 20230247011Abstract: A computer-implemented method when executed by data processing hardware of a user device causes the data processing hardware to perform operations. Die operations include obtaining, from a message server, an encrypted message encrypted by a single-use data encryption key (DEK) and an encrypted DEK including the single-use DEK encrypted by a public key (PK). The operations also include transmitting, to a key access control list server (KACLS), a decryption request requesting the KACLS decrypt the encrypted DEK with a PRK associated with the PK. The decryption request includes the encrypted DEK. The KACLS is independent from the message server. The operations also include receiving, from the KACLS, the single-use DEK and decrypting, using the single-use DEK, the encrypted message.Type: ApplicationFiled: February 1, 2022Publication date: August 3, 2023Applicant: Google LLCInventor: Nicolas Lidzborski
-
Patent number: 11683159Abstract: A method for a hybrid content protection architecture includes obtaining, by data processing hardware, a client-side cryptographic key and locally encrypting user content using the client-side cryptographic key. The method also includes communicating the client-side cryptographic key to a third party key manager, the third party key manager configured to store the client-side cryptographic key. In response to the third party key manager storing the client-side cryptographic key, the method includes receiving a token from the third party key manager, the token identifying the client-side cryptographic key stored at the third party key manager. The method further includes uploading the encrypted user content and the token to a server of a cloud computing platform.Type: GrantFiled: November 7, 2019Date of Patent: June 20, 2023Assignee: Google LLCInventors: Nicolas Lidzborski, Laetitia Estelle Baudoin, Vivek Prahlad Bhandari
-
Publication number: 20230143188Abstract: A method for accessing one or more service processes of service includes executing at least one service enclave and executing an enclave sandbox that wraps the at least one service enclave. The at least one service enclave provides an interface to the one or more service processes. The enclave sandbox is configured to establish an encrypted communication tunnel to the at least one service enclave interfacing with the one or more service processes, and communicate program calls to/from the one or more service processes as encrypted communications through the encrypted communication tunnel.Type: ApplicationFiled: December 31, 2022Publication date: May 11, 2023Applicant: Google LLCInventors: Nicolas Lidzborski, Jonathon Giffin
-
Patent number: 11645256Abstract: A method for providing encrypted search includes receiving, at a user device associated with a user, a search query for a keyword that appears in one or more encrypted documents stored on an untrusted storage device and accessing a count table to obtain a count of documents that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of documents. The method also includes evaluating a first portion of the DPRF and delegating a remaining second portion of the DPRF to the untrusted storage device which causes the untrusted storage device to evaluate the DPRF and access an encrypted search index associated with the documents. The untrusted storage device determines one or more encrypted documents associated with DPRF and returns, to the user device, an identifier for each encrypted document associated with the DPRF.Type: GrantFiled: December 3, 2021Date of Patent: May 9, 2023Assignee: Google LLCInventors: Kevin Yeo, Ahmet Erhan Nergiz, Nicolas Lidzborski, Laetitia Estelle Baudoin, Sarvar Patel
-
Publication number: 20230021749Abstract: A method for wrapped keys with access control predicates includes obtaining a cryptographic key for content. The method also includes encrypting the content using the cryptographic key and generating an encryption request. The encryption request requests that a third party cryptography service encrypts an encapsulation of the cryptographic key and an access control condition governing access to the content. The method also includes communicating the encryption request to the third party cryptography service. The encryption request includes the cryptographic key.Type: ApplicationFiled: October 3, 2022Publication date: January 26, 2023Applicant: Google LLCInventors: Nicolas Lidzborski, Laetitia Estelle Baudoin
-
Patent number: 11544372Abstract: A method (400) for accessing one or more service processes (222) of service (250) includes executing at least one service enclave (220) and executing an enclave sandbox (200) that wraps the at least one service enclave. The at least one service enclave provides an interface to the one or more service processes. The enclave sandbox is configured to establish an encrypted communication tunnel (210) to the at least one service enclave interfacing with the one or more service processes, and communicate program calls (302) to/from the one or more service processes as encrypted communications through the encrypted communication tunnel.Type: GrantFiled: April 11, 2018Date of Patent: January 3, 2023Assignee: Google LLCInventors: Nicolas Lidzborski, Jonathon Giffin
-
Patent number: 11483136Abstract: A method for wrapped keys with access control predicates includes obtaining a cryptographic key for content. The method also includes encrypting the content using the cryptographic key and generating an encryption request. The encryption request requests that a third party cryptography service encrypts an encapsulation of the cryptographic key and an access control condition governing access to the content. The method also includes communicating the encryption request to the third party cryptography service. The encryption request includes the cryptographic key.Type: GrantFiled: December 10, 2019Date of Patent: October 25, 2022Assignee: Google LLCInventors: Nicolas Lidzborski, Laetitia Estelle Baudoin
-
Patent number: 11308224Abstract: A method for providing an encrypted search system includes receiving a search query for a keyword that appears in one or more encrypted emails stored on an untrusted storage device and accessing, a count table to obtain a count of unique emails within the emails that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of unique emails that include the keyword and delegating at least a portion of the DPRF to the untrusted storage device that causes the storage device to evaluate the delegated DPRF, access an encrypted search index associated with the emails, and determine one or more encrypted emails associated with the delegated DPRF based on the encrypted search index. The storage device also returns, to the user device, an identifier for each encrypted email associated with the delegated DPRF.Type: GrantFiled: December 13, 2019Date of Patent: April 19, 2022Assignee: Google LLCInventors: Kevin Yeo, Ahmet Erhan Nergiz, Laetitia Estelle Baudoin, Nicolas Lidzborski, Sarvar Patel
-
Publication number: 20220092047Abstract: A method for providing encrypted search includes receiving, at a user device associated with a user, a search query for a keyword that appears in one or more encrypted documents stored on an untrusted storage device and accessing a count table to obtain a count of documents that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of documents. The method also includes evaluating a first portion of the DPRF and delegating a remaining second portion of the DPRF to the untrusted storage device which causes the untrusted storage device to evaluate the DPRF and access an encrypted search index associated with the documents. The untrusted storage device determines one or more encrypted documents associated with DPRF and returns, to the user device, an identifier for each encrypted document associated with the DPRF.Type: ApplicationFiled: December 3, 2021Publication date: March 24, 2022Applicant: Google LLCInventors: Kevin Yeo, Ahmet Erhan Nergiz, Nicolas Lidzborski, Laetitia Estelle Baudoin, Sarvar Patel
-
Patent number: 11216433Abstract: A method for providing encrypted search includes receiving, at a user device associated with a user, a search query for a keyword that appears in one or more encrypted documents stored on an untrusted storage device and accessing a count table to obtain a count of documents that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of documents. The method also includes evaluating a first portion of the DPRF and delegating a remaining second portion of the DPRF to the untrusted storage device which causes the untrusted storage device to evaluate the DPRF and access an encrypted search index associated with the documents. The untrusted storage device determines one or more encrypted documents associated with DPRF and returns, to the user device, an identifier for each encrypted document associated with the DPRF.Type: GrantFiled: December 12, 2019Date of Patent: January 4, 2022Assignee: Google LLCInventors: Kevin Yeo, Ahmet Erhan Nergiz, Nicolas Lidzborski, Laetitia Estelle Baudoin, Sarvar Patel
-
Publication number: 20210182261Abstract: A method for providing encrypted search includes receiving, at a user device associated with a user, a search query for a keyword that appears in one or more encrypted documents stored on an untrusted storage device and accessing a count table to obtain a count of documents that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of documents. The method also includes evaluating a first portion of the DPRF and delegating a remaining second portion of the DPRF to the untrusted storage device which causes the untrusted storage device to evaluate the DPRF and access an encrypted search index associated with the documents. The untrusted storage device determines one or more encrypted documents associated with DPRF and returns, to the user device, an identifier for each encrypted document associated with the DPRF.Type: ApplicationFiled: December 12, 2019Publication date: June 17, 2021Applicant: Google LLCInventors: Kevin Yeo, Ahmet Erhan Nergiz, Nicolas Lidzborski, Laetitia Estelle Baudoin, Sarvar Patel
-
Publication number: 20210182408Abstract: A method for providing an encrypted search system includes receiving a search query for a keyword that appears in one or more encrypted emails stored on an untrusted storage device and accessing, a count table to obtain a count of unique emails within the emails that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of unique emails that include the keyword and delegating at least a portion of the DPRF to the untrusted storage device that causes the storage device to evaluate the delegated DPRF, access an encrypted search index associated with the emails, and determine one or more encrypted emails associated with the delegated DPRF based on the encrypted search index. The storage device also returns, to the user device, an identifier for each encrypted email associated with the delegated DPRF.Type: ApplicationFiled: December 13, 2019Publication date: June 17, 2021Applicant: Google LLCInventors: Kevin Yeo, Ahmet Erhan Nergiz, Laetitia Estelle Baudoin, Nicolas Lidzborski, Sarvar Patel
-
Publication number: 20210176050Abstract: A method for wrapped keys with access control predicates includes obtaining a cryptographic key for content. The method also includes encrypting the content using the cryptographic key and generating an encryption request. The encryption request requests that a third party cryptography service encrypts an encapsulation of the cryptographic key and an access control condition governing access to the content. The method also includes communicating the encryption request to the third party cryptography service. The encryption request includes the cryptographic key.Type: ApplicationFiled: December 10, 2019Publication date: June 10, 2021Applicant: Google LLCInventors: Nicolas Lidzborski, Laetitia Estelle Baudoin
-
Publication number: 20210143983Abstract: A method for a hybrid content protection architecture includes obtaining, by data processing hardware, a client-side cryptographic key and locally encrypting user content using the client-side cryptographic key. The method also includes communicating the client-side cryptographic key to a third party key manager, the third party key manager configured to store the client-side cryptographic key. In response to the third party key manager storing the client-side cryptographic key, the method includes receiving a token from the third party key manager, the token identifying the client-side cryptographic key stored at the third party key manager. The method further includes uploading the encrypted user content and the token to a server of a cloud computing platform.Type: ApplicationFiled: November 7, 2019Publication date: May 13, 2021Applicant: Google LLCInventors: Nicolas Lidzborski, Laetitia Estelle Baudoin, Vivek Prahlad Bhandari
-
Publication number: 20210124823Abstract: A method (400) for accessing one or more service processes (222) of service (250) includes executing at least one service enclave (220) and executing an enclave sandbox (200) that wraps the at least one service enclave. The at least one service enclave provides an interface to the one or more service processes. The enclave sandbox is configured to establish an encrypted communication tunnel (210) to the at least one service enclave interfacing with the one or more service processes, and communicate program calls (302) to/from the one or more service processes as encrypted communications through the encrypted communication tunnel.Type: ApplicationFiled: April 11, 2018Publication date: April 29, 2021Applicant: Google LLCInventors: Nicolas Lidzborski, Jonathon Giffin
-
Patent number: 9118632Abstract: A sender may generate a primary email including a primary header and a primary body, the primary header including a sender address associated with the sender computing system and the recipient address associated with a recipient client, encrypt at least a part of the primary body to generate a primary encrypted email, encrypt the primary encrypted email to generate an encrypted sender-to-recipient pseudo-body, add a trusted party-to-recipient header to the encrypted sender-to-recipient pseudo-body including a trusted party address of a trusted party and the recipient address associated with the recipient client to generate a trusted party-to-recipient email, encrypt the trusted party-to-recipient email to generate an encrypted trusted party-to-recipient pseudo-body, add a sender-to-trusted party header to the encrypted trusted party-to-recipient pseudo-body including the sender address and the address of the trusted party to generate a sender-to-trusted party email, and send the sender-to-trusted party emailType: GrantFiled: March 12, 2015Date of Patent: August 25, 2015Assignee: Google Inc.Inventors: Weihaw Chuang, Nicolas Lidzborski
-
Patent number: 8863243Abstract: When a portable electronic device receives an access request for an application, the device detects one or more available communication networks. Based on the detected network or networks, the device determines a current location. The device then accesses a usage data store to determine whether the access request and the current location correspond to a familiar usage pattern. If the access request and the current location do not correspond to a familiar usage pattern, the device presents a security prompt and denies the access request until a verified response to the security prompt is received.Type: GrantFiled: April 11, 2012Date of Patent: October 14, 2014Assignee: Google Inc.Inventor: Nicolas Lidzborski