Secondary Data Encryption Via Browser Extension

What is claimed is: 1 . A computing device configured to protect sensitive data, the computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the computing device to: send, to one or more remote servers, a request for a server secret that comprises: a device fingerprint of the computing device, and an identification of an application executing on the computing device; receive, from the one or more remote servers and in response to the request for the server secret, the server secret; establish a session with the one or more remote servers; generate a session key based on: the server secret, the device fingerprint of the computing device, and the identification of the application; receive, from the remote server and via the session, data comprising unencrypted data and encrypted data; and decrypt the encrypted data based on the session key. 2 . The computing device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the computing device to generate the session key based on a nonce string generated on a periodic basis. 3 . The computing device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the computing device to: generate a first public-private key pair; sign, using a first public-private key pair, the server secret; and store the signed server secret. 4 . The computing device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the computing device to: store the session key in temporary storage, wherein the temporary storage is configured to be deleted based on one or more of: closing of the application; or expiration of a period of time. 5 . The computing device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the computing device to: generate the device fingerprint of the computing device by executing code received from the one or more remote servers. 6 . The computing device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the computing device to: send, to the remote server, a request for sensitive data, wherein the encrypted data comprises the sensitive data. 7 . The computing device of claim 1 , wherein the device fingerprint identifies one or more of: hardware components of the computing device, or a name of a network used by the computing device. 8 . A method for protecting protect sensitive data, the method comprising: sending, by a computing device and to one or more remote servers, a request for a server secret that comprises: a device fingerprint of the computing device, and an identification of an application executing on the computing device; receiving, from the one or more remote servers and in response to the request for the server secret, the server secret; establishing a session with the one or more remote servers; generating a session key based on: the server secret, the device fingerprint of the computing device, and the identification of the application; receiving, from the remote server and via the session, data comprising unencrypted data and encrypted data; and decrypting the encrypted data based on the session key. 9 . The method of claim 8 , wherein the generating the session key is based on a nonce string generated on a periodic basis. 10 . The method of claim 8 , further comprising: generating a first public-private key pair; signing, using a first public-private key pair, the server secret; and storing the signed server secret. 11 . The method of claim 8 , further comprising: storing the session key in temporary storage, wherein the temporary storage is configured to be deleted based on one or more of: closing of the application; or expiration of a period of time. 12 . The method of claim 8 , further comprising: generating the device fingerprint of the computing device by executing code received from the one or more remote servers. 13 . The method of claim 8 , further comprising: sending, to the remote server, a request for sensitive data, wherein the encrypted data comprises the sensitive data. 14 . The method of claim 8 , wherein the device fingerprint identifies one or more of: hardware components of the computing device, or a name of a network used by the computing device. 15 . One or more non-transitory computer-readable media storing instructions configured to protect sensitive data, wherein the instructions, when executed by one or more processors of a computing device, cause the computing device to: send, to one or more remote servers, a request for a server secret that comprises: a device fingerprint of the computing device, and an identification of an application executing on the computing device; receive, from the one or more remote servers and in response to the request for the server secret, the server secret; establish a session with the one or more remote servers; generate a session key based on: the server secret, the device fingerprint of the computing device, and the identification of the application; receive, from the remote server and via the session, data comprising unencrypted data and encrypted data; and decrypt the encrypted data based on the session key. 16 . The one or more non-transitory computer-readable media of claim 15 , wherein the instructions, when executed by the one or more processors, cause the computing device to generate the session key based on a nonce string generated on a periodic basis. 17 . The one or more non-transitory computer-readable media of claim 15 , wherein the instructions, when executed by the one or more processors, cause the computing device to: generate a first public-private key pair; sign, using a first public-private key pair, the server secret; and store the signed server secret. 18 . The one or more non-transitory computer-readable media of claim 15 , wherein the instructions, when executed by the one or more processors, cause the computing device to: store the session key in temporary storage, wherein the temporary storage is configured to be deleted based on one or more of: closing of the application; or expiration of a period of time. 19 . The one or more non-transitory computer-readable media of claim 15 , wherein the instructions, when executed by the one or more processors, cause the computing device to: generate the device fingerprint of the computing device by executing code received from the one or more remote servers. 20 . The one or more non-transitory computer-readable media of claim 15 , wherein the instructions, when executed by the one or more processors, cause the computing device to: send, to the remote server, a request for sensitive data, wherein the encrypted data comprises the sensitive data.