Many websites, services, and applications implement various data protection techniques. For instance, sensitive data entered into a web-based field or form can be encrypted before it is sent from a client device to an associated receiving server (a “server” herein). However, such transport layer encryption is done for the purpose of protecting data from unauthorized entities within the network. The server generally has access to the encryption key used by the client device, thus rendering the data unprotected from the server. The client device may be configured in advance to protect data from the server, but such a solution may require retrofitting or re-programming thousands or millions of client devices associated with the server. Further, the client may simply be a User Interface (UI) extension of the server (e.g. server originated web pages rendered in a client web browser) which makes it infeasible for the end-user of the client device to modify the client.
The figures (Figs.) depict embodiments for purposes of illustration only. One skilled in the art will readily recognize from the following description that alternative embodiments of the structures and methods illustrated herein can be employed without departing from the principles of the invention described herein.