	US 12,425,381 B2
	Hybrid content protection architecture for email
Nicolas Lidzborski, Belmont, CA (US)
Assigned to Google LLC, Mountain View, CA (US)
Filed by Google LLC, Mountain View, CA (US)
Filed on Jul. 11, 2023, as Appl. No. 18/350,451.
Application 18/350,451 is a continuation of application No. 17/649,675, filed on Feb. 1, 2022, granted, now 11,736,462.
Prior Publication US 2023/0353548 A1, Nov. 2, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 9/32 (2006.01); H04L 51/212 (2022.01)

CPC H04L 63/0485 (2013.01) [H04L 9/321 (2013.01); H04L 51/212 (2022.05)]

20 Claims

1. A computer-implemented method when executed by data processing hardware of a user device causes the data processing hardware to perform operations comprising:

generating a single-use data encryption key (DEK);

signing a message with the single-use DEK;

transmitting, to a key access control list server (KACLS), an encryption request comprising the single-use DEK;

after transmitting the encryption request to the KACLS, receiving, from the KACLS, an encrypted single-use DEK encrypted by a private key associated with a user of the user device; and

transmitting, to a message server independent from the KACLS, the signed message and the encrypted single-use DEK.