Systems and methods for providing file level security
1. A computer-implemented method of providing file level security, the method comprising:
- providing a network-based file storage and retrieval system comprising a server computer having at least one processor and memory storing instructions;
providing at said server computer access to a plurality of data storage locations in data communication with said server computer, said data storage locations comprising at least two of cloud data storage, local data storage, network data storage, and removable data storage;
receiving at said server computer as input a user instruction designating a number of file shreds into which a data file is to be shredded, wherein said number of file shreds is selected by said user;
receiving at said server computer as input a user instruction designating a plurality of said data storage locations to which said designated number of shreds are to be copied, wherein said data storage locations are selected by said user;
receiving at said server computer as input a user selection of a target upload file;
causing said processor to shred said target upload file into said user designated number of file shreds;
causing said processor to add non-operational bits of data to each said file shred;
causing said processor to encrypt each said file shred; and
causing said processor to copy said encrypted file shreds from said server computer to said user designated plurality of said data storage locations, and to maintain said encrypted file shreds in said user designated plurality of said data storage locations until receipt at said server computer as input a user instruction to download said encrypted file shreds to reform said data file.
Storage end points, whether they are local, remote, network, or cloud, such as DROPBOX and APPLE, present security issues for the general public and corporate consumers. These storage end points are not always encrypted. Even when the end user does perform encryption, the drawback to normal implementations is that the entirety of the file, the file key, and the key store are encrypted and stored in a single location. Computers can be hacked and encryption can be broken when given access and time. Disclosed is a system and method that enhances file level security by shredding the file, file pointers, and key store into parts, allowing the parts to be stored in different storage end points specified by the user.
|Conditional access overlay partial encryption using MPEG transport continuity counter|
Patent #US 20050152548A1
Current AssigneeCisco Technology Incorporated
Sponsoring EntityScientific-Atlanta LLC
|SYSTEMS AND METHODS FOR DYNAMIC DATA STORAGE|
Patent #US 20150356114A1
Current AssigneeHarris Corporation
Sponsoring EntityHarris Corporation
|Deduplication of encrypted dataset on datadomain backup appliance|
Patent #US 9,225,691 B1
Current AssigneeEmc IP Holding Company LLC
Sponsoring EntityEMC Corporation
- 1. A computer-implemented method of providing file level security, the method comprising:
providing a network-based file storage and retrieval system comprising a server computer having at least one processor and memory storing instructions; providing at said server computer access to a plurality of data storage locations in data communication with said server computer, said data storage locations comprising at least two of cloud data storage, local data storage, network data storage, and removable data storage; receiving at said server computer as input a user instruction designating a number of file shreds into which a data file is to be shredded, wherein said number of file shreds is selected by said user; receiving at said server computer as input a user instruction designating a plurality of said data storage locations to which said designated number of shreds are to be copied, wherein said data storage locations are selected by said user; receiving at said server computer as input a user selection of a target upload file; causing said processor to shred said target upload file into said user designated number of file shreds; causing said processor to add non-operational bits of data to each said file shred; causing said processor to encrypt each said file shred; and causing said processor to copy said encrypted file shreds from said server computer to said user designated plurality of said data storage locations, and to maintain said encrypted file shreds in said user designated plurality of said data storage locations until receipt at said server computer as input a user instruction to download said encrypted file shreds to reform said data file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
This application is based upon co-pending and co-owned U.S. Provisional Patent Application Ser. No. 62/076,578 entitled “Systems and Methods for Providing File Level Security,” filed with the U.S. Patent and Trademark Office on Nov. 7, 2015, the specification of which is incorporated herein by reference.
The invention relates to file security, and more particularly to systems and methods for file level security when storing or sharing files.
When working with file security, the traditional approach to securing any file or set of files is to encrypt the entirety of the file as a whole. Many API'"'"'s exist to encrypt files and many applications include those API'"'"'s to perform the encryption and decryption. One common aspect of such API'"'"'s is the encryption of the entire file and the storage of that file. For API'"'"'s, OpenSSL or Crypto++ are common examples of API'"'"'s. Likewise, Norton and APG are common examples of applications. Unfortunately, if someone is able to overcome such encryption, they have access to the full file, such that these prior protective encryption methods warrant improvement.
Another common feature with applications that handle files, such as WINZIP, is the ability to break files into parts and put them back together. While useful for storing and transferring large files, such tools do little to protect against nefarious efforts to obtain such files. Similarly, many applications can write data in the cloud, to network drives, local drives and other removable mounted devices similar to SD cards, all of which carry risk of unauthorized access.
Data storage redundancy, also known as software RAID (Redundant Array of Independent Disks), is a well-known methodology for providing a failsafe in the event that hardware should fail. When a file is written with any RAID 1 and above, the data written is copied to different locations. Should any location fail, the file can still be recovered because parts of the file are repeated in different file locations. While such redundancy provides a helpful backup function, it again does nothing to protect against unauthorized file access.
Disclosed herein are systems and methods for combining functions of file encryption, parsing files into parts, parsing the key store into parts, parsing the file pointers into parts, applying software RAID, and storing written data to local attached devices, network attached devices, removable devices such as SD cards and cloud storage end points for the file parts. To that, one or more parts can optionally be identified as the sentinel. Presence of the sentinel, or access to it, is required for the software to access and decrypt files. As used herein, the sentinel or sentinels, as established by the user, can be, but are not limited to, an encrypted non-shredded data storage device, an encrypted non-shredded key store location, or a simple network access point that the system and method require access to in order to allow the file parts to be retrieved, decrypted, reconstructed, and presented.
The advantages of such a system may include one or more of the following advantages: the user can use different devices to access data files; the data files are broken apart into pieces, encrypted and stored; the different parts are treated much like software RAID for recoverability, such that should access fail or become corrupted, the file can still be recovered; the locations of the stored data include any combination of local storage, network storage, removable storage and cloud storage; it would be onerous and time consuming for anyone to attempt to locate and decrypt the stored data processed pursuant to the system and method set forth herein; and data stored in the public domain remains truly private. The sentinel(s) configured as set forth in accordance with certain aspects of an embodiment of the invention can be set to aid in the prevention of unauthorized decryption and access.
The numerous advantages of the present invention may be better understood by those skilled in the art by reference to the accompanying drawings in which:
The following description is of a particular embodiment of the invention, set out to enable one to practice an implementation of the invention, and is not intended to limit the preferred embodiment, but to serve as a particular example thereof. Those skilled in the art should appreciate that they may readily use the conception and specific embodiments disclosed as a basis for modifying or designing other methods and systems for carrying out the same purposes of the present invention. Those skilled in the art should also realize that such equivalent assemblies do not depart from the spirit and scope of the invention in its broadest form.
In accordance with certain aspects of an embodiment of the invention, a software system is provided by which a user can securely store parts of a single file in one or more selected different storage locations. Each file, and more particularly the separate parts of the file, may be encrypted with a different key. Using concepts of software RAID, the file data parts would be accessible or recoverable should some part of the access points become inaccessible or the file become corrupted.
Utilizing a hardware input device of standard configuration, such as a personal computer or the like executing the application described herein, the user opens the application using the standard user interface for that given hardware. Typically, a person of ordinary skill in the art will have made this process simple, such as by placing a link to the application on the desktop or display for the user to select. The application provided in accordance with aspects of the invention will launch, using the graphics chip to render the display. The application can then be said to be in a running state. At this time, the application will attempt to authenticate and authorize the user. User authentication may be accomplished in a number of ways as may be defined by the user when installed or reconfigured, and may include: user name and password, or use of a sentinel, or, multi-factor that is a combination. A multi-factor authentication preferably includes user name, password and sentinel. The user name and password may be collected and then validated locally by the application. Once validated, the sentinel will also be automatically validated. There are several methods by which sentinel validation may be carried out, including but not limited to checking the availability of a network connection, checking the availability of a named path to an SD card, and validating the user with an active directory service or domain name service. As can been seen in
Storage 10 may be accomplished over a TCP/IP network in virtual environments. This is the fiber, Ethernet, SCSII, NAS, or even SATA connection from the physical host to the physical storage device. This is used by the system to send and receive file content and metadata.
Network connectivity to storage provides a physical connection from the storage devices to the network infrastructure. This is typically a TCP/IP, fiber, or direct Ethernet connection.
Physical storage devices may likewise be provided and identified by a logical unit number or LUN. In computer storage, a logical unit number or LUN is a number used to identify a logical unit, which is a device addressed by the SCSI protocol or similar protocols such as fiber channel or iSCSI. A LUN may be used with any device that supports read/write operations, such as a tape drive, but is most often used to refer to a logical disk as created on a SAN. Though not technically correct, the term “LUN” is often also used to refer to the drive itself.
Further, cloud storage may be provided, comprising a service model in which data is maintained, managed and backed up remotely and made available to users over a network (typically the Internet).
If the application is not successful in retrieving the keystore and File DB shreds from the user data stores, the application will give the user the option to try again, as seen in
The keystore utilizes mutual authentication, also called two-way authentication, which is a process in which both entities in a communications link authenticate each other. In a network environment, the client authenticates the server and vice-versa. In this way, network users can be assured that they are doing business exclusively with legitimate entities, and servers can be certain that all would-be users are attempting to gain access for legitimate purposes. The Graphics engine will then be used to render the display of the available file and share information stored by the application in the user defined locations.
Once the system is viewable, normal user activities such as uploading a file and sharing a file are available via the application menu, such as upload a file, download a file, share a file, file open and file delete.
The application process for uploading a file can be seen in
The ALU is the part of a computer processor (CPU) suitable for implementing the application in accordance with embodiments of the invention, which carries out arithmetic and logic operations on the operands in computer instruction words. In some processors, the ALU is divided into two units, an arithmetic unit (AU) and a logic unit (LU). Some processors contain more than one AU—for example, one for fixed-point operations and another for floating-point operations. (In personal computers floating point operations are sometimes done by a floating point unit on a separate chip called a numeric coprocessor.)
Typically, the ALU has direct input and output access to the processor controller, main memory (random access memory or RAM in a personal computer), and input/output devices. Inputs and outputs flow along an electronic path that is called a bus. The input consists of an instruction word (sometimes called a machine instruction word) that contains an operation code (sometimes called an “op code”), one or more operands, and sometimes a format code. The operation code tells the ALU what operation to perform and the operands are used in the operation. (For example, two operands might be added together or compared logically.) The format may be combined with the op code and tells, for example, whether this is a fixed-point or a floating-point instruction. The output consists of a result that is placed in a storage register and settings that indicate whether the operation was performed successfully. (If it isn'"'"'t, some sort of status will be stored in a permanent place that is sometimes called the machine status word.)
Example encryption types can be seen in the storage location setup of
To download a file, which will effectively place a copy of the file on the user system, the system state effectively presents the Menu list as shown at the end of
As used above, M:N, or “M of N,” is associated with redundancy; redundancy is a system design in which a component is duplicated so that if it fails, there will be a backup.
In order to share a file with another device, that device must already be registered, per
The relying party trust allows federation, which comprises two sides, viz. the IDP (claims provider) (the owner of the identity repository) and the RP (relying party), which is another security token service (“STS”) or application that wishes to outsource authentication to the IDP. Trusts are handled via certificates based on the ownership of private keys, e.g., SAML tokens are signed by the IDP. So the RP trust is the trust between the RP and the IDP—a token signed by the IDP must originate from the IDP and therefore the claims inside the token can be trusted.
The application level components required regardless of the style of user interface or device used are (as shown in
1. Client Application Components
- a. Configuration Component API
- b. Application Components
- i. Storage Management
- 1. Network Management
- 2. Storage Management
- 3. Cloud Management
- ii. Reporting Management
- iii. File Operations
- iv. File Sharing
- v. Device Management
- vi. Access Management
- i. Storage Management
- c. UI Components
- i. Web Interface
- ii. Thick Client
- iii. Language
2. Application Network Components
3. Reporting Components
- a. Reporting API
- b. Reporting Component
- c. DB Component
- d. Logging Component
4. File Processing Components
- a. File Handling API
- b. RAID HA Component
- c. File Splitting Component
- d. Encryption Component
- e. File DB Component
5. Relying Trust Components (CRC Services)
- a. Web Components API
- b. Registration Components
- i. License and User Storage
- c. Licensing Component
- d. Payment Component
For an example of basic file operations regardless of needed action, see the file operations of
Next, as shown in
Once the software is installed on the device, the setup process will launch. This process, defined in
- File Management, process 2.1 (
FIG. 6b), establishes the working directory, which is the location where the application will perform intermediate work when encrypting, decrypting and shredding files.
- Storage Management, process 2.2 (
FIG. 6c), sets the file storage RAID by default to RAID 1. This means that the file is encrypted and not split into parts, with redundancy applied. In short, an exact copy of the file is made, encrypted and stored. No RAID is applied to the keystore, FileDB, or configuration file when these default conditions are accepted. In order for RAID 1 to be accomplished, a person skilled in the art will set and create two different default locations for the files to be stored on the local device.
The setup process will then proceed to process 2.6 (
FIG. 10c), in which the application will interact with the graphics chip to display the web page, summarizing the user selections and presenting the user with the option to test the setup. The selections are shown in editable form, allowing for changes to be made should the user so decide. A successful test will be displayed to the user, and the user will confirm their instruction to exit from the process. Should the test fail, the application flow, as in process 2.0 ( FIG. 6a), will allow the choice of returning back to the test page or starting over with the setup process.
- File Management, process 2.1 (
In the case that the user chooses not to accept the default setup, the system, using a web-based application using well known procedures and well known protocols, interacting with the graphics chip will walk the user through the setup process. The application will guide the user through the following processes:
File Management (process 2.1,
Storage Management (process 2.2,
For creating cloud locations (process 22.214.171.124), the application captures the cloud name, type, URL and user credentials. The process validates connection to the new storage location and updates the N counter as necessary, and as shown in process 126.96.36.199.1, updates the configuration file and proceeds to the next storage location setup or exits.
For creating local locations (process 188.8.131.52), the application follows the same basic process as create cloud locations. The name of the local storage locations and the path to the local storage location are captured, optionally creating the storage location as needed specific to the device type, updating the N counter (process 184.108.40.206.1) and the user configuration file and proceeding to the next storage location or exits.
For creating removable locations (process 220.127.116.11), the application performs the same process as create local locations, but involves working with removable media storage. In short, this includes any device that can be connected to a device, be a location for storing data, removed, reconnected to the device and have its data retrieved. Examples include, but are not limited to, SD cards, USB connected thumb drives, USB connected hard drives, read/write CD/DVD/BR, optical disk, tape drives, and printer file storage.
For creating network locations (process 18.104.22.168), the application designates network storage devices. Examples may include network attached storage (NAS), disk arrays, local area network (LAN), and virtual private networks (VPN'"'"'s). The principal distinction from removable locations is that the network locations are attached to the device via a network where there is usually some form of controlled access but are not actively managed by vendors such as those defined in cloud locations. The same process applies here as in process 22.214.171.124, but with the addition of optionally capturing user network credentials.
Network management (process 2.3 of
Device management (process 2.4 of
Access management (process 2.5 of
Review setup (process 2.6 of
Once the setup process is complete, the software can be managed as defined in process 5.0 of
Managing storage, as shown in process 5.1 of
More particularly, add storage process 5.1.1 enables a user to perform the following processes.
Add local storage process 126.96.36.199 invokes the same web-based interface process as described in the previous section under process 188.8.131.52 (
Add removable storage process 184.108.40.206 invokes the same web-based interface process as described in the previous section under process 220.127.116.11 (
Add network storage process 18.104.22.168 invokes the same web-based interface process as described in the previous section under process 22.214.171.124 (
Add cloud storage process 126.96.36.199 invokes the same web-based interface process as described in the previous section under process 188.8.131.52 (
Remove Storage process 5.1.2 (
Manage Storage process 5.1.3 (
Enable and Disable, process 184.108.40.206, turns the storage on and off, from the application perspective. It updates the configuration file and shared configuration files. On successful completion, the application optionally returns to the manage storage menu, process 5.1.3.
Change Name, process 220.127.116.11, provides the user with the option to rename the storage location. Once entered and validated, the name of the storage location is updated in the configuration file, and optionally returns to the manage storage menu, process 5.1.3.
Change Encryption Scheme, process 18.104.22.168, provides the user with the ability to alter the encryption scheme of the slices of data stored inside the storage location in two ways. First, the user will have the ability to have all future files written to the stored location encrypted with the newly selected encryption methodology. Or optionally, it will change the encryption scheme of all current and future slices. Accomplishing the simple change of encryption types requires an update to the configuration file. To accomplish a change in all file slices currently stored in a storage location, the web API, file handle API, network components and ALU and memory, will read the File DB, returning a file list of all the files that will need encryption changed. Each file will be downloaded, decrypted, encrypted with the new encryption scheme and uploaded. After each file is successfully encrypted and stored, the configuration file is updated to reflect the change in encryption.
Edit Connection Properties, process 22.214.171.124, allows the system to change the connection parameters for each storage location. The web API, network API and graphics chip, displays the relevant UI sections from 2.2.X to present and allow the user to enter new connection parameters for storage locations. Upon successful test, the configuration file and share files are updated with the relying trust.
Add Additional Folders, process 126.96.36.199, allows the system to add folders for each storage location. The web API, network API and graphics chip, displays the relevant UI sections from 2.2.X to present and allow the user to add new folders to storage locations. Upon successful test, the configuration file and share files are updated with the relying trust.
Rebalance Storage, process 188.8.131.52, allows the system to move data shreds from one location to another. The web UI presents the active storage locations. Once the “from storage location” and “to storage location” is selected along with the amount of storage, the process reads the configuration file and File DB for a list of impacted files, shared files and connection parameters. The file shreds are moved and optionally converted to the encryption scheme of the receiving storage location. If not successful, the system presents an option to retry or exit. If successfully moved, the configuration file, File DB and the relying trust are updated.
Remove Storage is another way to invoke process 5.1.2 described above.
Next, device management, as shown in process 5.2 of
As shown in
Likewise, as shown in
Manage sharing, as shown in process 5.3 of
Process 5.3.1 (
Process 5.3.2 (
With reference to
Licensing registration services (process 4.1) provide services including but not limited to the following. License generation, process 4.1.1 (
Relying trust services (process 4.2 of
Payment processing services (process 4.3 of
As shown in
Set reporting options, once set, are reported on each time a given report is executed and consists of the following available reports.
Set Storage Reporting (process 6.1 of
Set File DB reporting (process 6.2 of
Set file sharing reporting (process 6.3 of
Set system performance reporting (process 6.4 of
The run reports process 6.5 of
The user, interacting with the web UI main menu, selects reporting, which enters into process 6.0 (
The various embodiments have been described herein in an illustrative manner, and it is to be understood that the terminology used is intended to be in the nature of words of description rather than of limitation. Any embodiment herein disclosed may include one or more aspects of the other embodiments. The exemplary embodiments were described to explain some of the principles of the present invention so that others skilled in the art may practice the invention. Obviously, many modifications and variations of the invention are possible in light of the above teachings. The present invention may be practiced otherwise than as specifically described within the scope of the appended claims and their legal equivalents.