Techniques for securing and controlling access to data

US 10,348,499 B2
Filed: 05/07/2018
Issued: 07/09/2019
Est. Priority Date: 03/25/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

determining, at a server, whether a request received from a computing device for access to a portion of data stored by the server identifies the portion with an address at which the portion is stored or with a combination of a first pseudo-random number (PRN) of a first leaf node of a first PRN tree and an indication of a location of a second leaf node within a branching structure of a second PRN tree, the request received via a network coupled to the server, and the first and second leaf nodes corresponding to the portion;

based on the determination, pseudo-randomly generating a second PRN of the second leaf node from a PRN of a top branching node of the second PRN tree and taking a hash of a combination of the first PRN and the second PRN to derive the address; and

accessing the portion at the address to satisfy the request for access.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments are directed to techniques for controlling access to data in a decentralized manner. An apparatus includes an apportioning component to divide an item of data into multiple portions based on an organizational structure of the item of data; a tree component to generate a PRN tree including a multitude of nodes and a branching structure based on the organizational structure, the multitude including at least one branching node and multiple leaf nodes that correspond to the multiple portions; a PRN component to generate a PRN for each node of the multitude, the PRN component to use a PRN of a branching node of the PRN tree to generate a PRN for a leaf node that depends therefrom; and a communications component to transmit the multiple portions and multiple addresses based on PRNs of leaf nodes of the PRN tree to a server. Other embodiments are described and claimed.

29 Citations

25 Claims

1. A computer-implemented method comprising:
- determining, at a server, whether a request received from a computing device for access to a portion of data stored by the server identifies the portion with an address at which the portion is stored or with a combination of a first pseudo-random number (PRN) of a first leaf node of a first PRN tree and an indication of a location of a second leaf node within a branching structure of a second PRN tree, the request received via a network coupled to the server, and the first and second leaf nodes corresponding to the portion;
  
  based on the determination, pseudo-randomly generating a second PRN of the second leaf node from a PRN of a top branching node of the second PRN tree and taking a hash of a combination of the first PRN and the second PRN to derive the address; and
  
  accessing the portion at the address to satisfy the request for access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, comprising allowing write access to the portion at the address based on the determination.
  - 3. The computer-implemented method of claim 1, the first PRN tree associated with read access and the second PRN tree associated with write access.
  - 4. The computer-implemented method of claim 3, comprising allowing write access to the portion in response to the request identifying the portion with the address and disallowing write access to the portion in response to the request failing to identify the portion with the address.
  - 5. The computer-implemented method of claim 1, comprising pseudo-randomly generating a chain of PRNs that follow a path through the branching structure of the second PRN tree to pseudo-randomly derive the second PRN.
  - 6. The computer-implemented method of claim 5, each PRN of the chain corresponding to a node of the second PRN tree, and the second PRN pseudo-randomly generated using the PRN of a branching node of the second PRN tree in the path from which the second leaf node depends as a seed.
  - 7. The computer-implemented method of claim 1, comprising receiving the portion, the address, and the PRN of the top branching node of the second PRN tree from another computing device via the network.
  - 8. The computer-implemented method of claim 1, comprising:
    - storing the portion within a storage location provided by a storage device coupled to the server; and
      
      assigning the address to the storage location.
  - 9. The computer-implemented method of claim 8, comprising making the portion accessible via the network at the address.

10. An apparatus, comprising:
- a processor; and
  
  a first memory comprising instructions that when executed by the processor cause the processor to;
  
  determine whether a request received from a computing device for access to a portion of data stored in a second memory identifies the portion of data with an address at which the portion of data is stored or with a combination of a first pseudo-random number (PRN) of a first leaf node of a first PRN tree and an indication of a location of a second leaf node within a branching structure of a second PRN tree, the first and second leaf nodes corresponding to the portion of data, and the request received via a network coupled to the processor;
  
  generate a second PRN of the second leaf node from a PRN of a top branching node of the second PRN tree based at least in part on a determination that the request identifies the portion with a combination of the first PRN and an indication of the location of the second leaf node within the branching structure of the second PRN tree;
  
  take a hash of a combination of the first PRN and the second PRN to derive the address; and
  
  access the portion at the address to satisfy the request for access.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10, the first memory comprising instructions that when executed by the processor cause the processor to allow write access to the portion at the address based on the determination.
  - 12. The apparatus of claim 10, the first PRN tree associated with read access and the second PRN tree associated with write access.
  - 13. The apparatus of claim 12, the first memory comprising instructions that when executed by the processor cause the processor to allow write access to the portion in response to the request identifying the portion with the address and disallow write access to the portion in response to the request failing to identify the portion with the address.
  - 14. The apparatus of claim 10, the first memory comprising instructions that when executed by the processor cause the processor to pseudo-randomly generate a chain of PRNs that follow a path through the branching structure of the second PRN tree to pseudo-randomly derive the second PRN.
  - 15. The apparatus of claim 14, each PRN of the chain corresponding to a node of the second PRN tree, and the second PRN pseudo-randomly generated using the PRN of a branching node of the second PRN tree in the path from which the second leaf node depends as a seed.
  - 16. The apparatus of claim 10, the first memory comprising instructions that when executed by the processor cause the processor to receive the portion, the address, and the PRN of the top branching node of the second PRN tree from another computing device via the network.
  - 17. The apparatus of claim 10, the first memory comprising instructions that when executed by the processor cause the processor to:
    - store the portion within a storage location provided by a storage device coupled to a server; and
      
      assign the address to the storage location.
  - 18. The apparatus of claim 10, comprising the second memory.

19. At least one non-transitory computer-readable medium comprising a set of instructions that, in response to being executed by a processor circuit, cause the processor circuit to:
- determine whether a request received from a computing device for access to a portion of data stored by a server identifies the portion with an address at which the portion is stored or with a combination of a first pseudo-random number (PRN) of a first leaf node of a first PRN tree and an indication of a location of a second leaf node within a branching structure of a second PRN tree, the request received via a network coupled to the server, and the first and second leaf nodes corresponding to the portion;
  
  based on the determination, pseudo-randomly generate a second PRN of the second leaf node from a PRN of a top branching node of the second PRN tree and take a hash of a combination of the first PRN and the second PRN to derive the address; and
  
  access the portion at the address to satisfy the request for access.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The at least one non-transitory computer-readable medium of claim 19, comprising instructions that, in response to being executed by the processor circuit, cause the processor circuit to allow write access to the portion at the address based on the determination.
  - 21. The at least one non-transitory computer-readable medium of claim 19, the first PRN tree associated with read access and the second PRN tree associated with write access.
  - 22. The at least one non-transitory computer-readable medium of claim 21, comprising instructions that, in response to being executed by the processor circuit, cause the processor circuit to allow write access to the portion in response to the request identifying the portion with the address and disallow write access to the portion in response to the request failing to identify the portion with the address.
  - 23. The at least one non-transitory computer-readable medium of claim 19, comprising instructions that, in response to being executed by the processor circuit, cause the processor circuit to pseudo-randomly generate a chain of PRNs that follow a path through the branching structure of the second PRN tree to pseudo-randomly derive the second PRN.
  - 24. The at least one non-transitory computer-readable medium of claim 23, each PRN of the chain corresponding to a node of the second PRN tree, and the second PRN pseudo-randomly generated using the PRN of a branching node of the second PRN tree in the path from which the second leaf node depends as a seed.
  - 25. The at least one non-transitory computer-readable medium of claim 19, comprising instructions that, in response to being executed by the processor circuit, cause the processor circuit to receive the portion, the address, and the PRN of the top branching node of the second PRN tree from another computing device via the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Deleeuw, William C., Smith, Ned M.
Primary Examiner(s)
Simitoski, Michael

Application Number

US15/973,172
Publication Number

US 20190013940A1
Time in Patent Office

428 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 7/582   Pseudo-random number genera...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 67/1001   for accessing one among a p...

H04L 9/0869   involving random numbers or...

Techniques for securing and controlling access to data

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for securing and controlling access to data

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links