Techniques for cloud-based privacy controls

Assignee

• AMAZON TECHNOLOGIES, INC. · US

Inventors

• Sachin Purushottam Joglekar · Dallas, US
• Temesghen Kahsai Azene · Union City, US
• Kadirvel Chockalingam Vanniarajan · Mercer Island, US
• Firas Azrai · Austin, US
• Charles L. Ward · Sammamish, US
• David Wheeler · Chandler, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0478
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems, devices, and methods are provided for cloud-based privacy controls. User content is encrypted using a content encryption key (CEK). The CEK may be double-encrypted by the data producer—the inner envelope is encrypted using keys associated with privacy domains that are authorized to access the user content. The outer envelope is encrypted using a cloud privacy control's public key. When a data consumer requests access the user content, the cloud privacy control evaluates privacy policies and determine whether access should be permitted. If permitted, the cloud privacy control decrypts the outer envelope and provides the inner envelope with CEK to the requestor. Upon receiving the inner envelope, the data consumer may then decrypt the inner envelope with its privacy domain private key to obtain the CEK. The CEK may then be used to perform a decryption and obtain the user content.