Patent attributes
Systems and methods for protecting user data received by, stored on, and/or requested by third-party computing devices include a data entry computing system on a first network node. The data entry computing system includes a processing circuit configured to: identify user-entered data as sensitive user data, generate a content encryption key (CEK), generate encrypted user data by encrypting the sensitive user data with the CEK, and tag the encrypted user data and the CEK with a tag readable by a database server on a network node different than the data entry computing system. The tag includes information indicative of the user data. The processing circuit is configured to transmit the encrypted user data to the database server, wherein the database server excludes a private key of a key manager on a network node different than the data entry computing system.