Binary Data Store

US 20130262881A1
Filed: 03/13/2013
Published: 10/03/2013
Est. Priority Date: 04/02/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method for encrypting and storing binary data in at least one data store, the method comprising the steps of:

at a storage interface, receiving, from a collaboration system, a store request and binary data that is to be stored;

at a storage interface, providing a first encryption key;

at a storage interface, generating a second encryption key;

at a storage interface, encrypting said binary data using said first and second encryption keys and an encryption algorithm;

at a storage interface, storing said encrypted binary data in the at least one data store; and

at a storage interface, creating an access token to said stored binary data, including said second encryption key, and returning the access token to said collaboration system,wherein either or both of said first encryption key and said second encryption key are stored remote from said encrypted binary data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for storing binary data, preferably in the form of Binary Large Objects (BLOBs), in more than one location. The method includes the steps of encrypting the data when it is stored using two encryption keys; storing one of the keys, in an access token, and passing the access token to a requesting application when the storage is complete.

Citations

21 Claims

1. A method for encrypting and storing binary data in at least one data store, the method comprising the steps of:
- at a storage interface, receiving, from a collaboration system, a store request and binary data that is to be stored;
  
  at a storage interface, providing a first encryption key;
  
  at a storage interface, generating a second encryption key;
  
  at a storage interface, encrypting said binary data using said first and second encryption keys and an encryption algorithm;
  
  at a storage interface, storing said encrypted binary data in the at least one data store; and
  
  at a storage interface, creating an access token to said stored binary data, including said second encryption key, and returning the access token to said collaboration system,wherein either or both of said first encryption key and said second encryption key are stored remote from said encrypted binary data.
- View Dependent Claims (2, 7, 8, 9, 10, 11, 13, 14, 18, 19, 20, 21)
- - 2. The method according to claim 1, wherein the method further comprises the step of computing a hash value for said binary data and wherein said access token comprises said hash value.
  - 7. The method according to claim 1, wherein the encryption algorithm is a block cipher and the second encryption key is an Initialization Vector that is generated by the storage interface and used to randomize the binary data prior to encryption.
  - 8. The method according to claim 7, wherein said access token comprises said Initialization Vector.
  - 9. The method according to claim 1, wherein the method further comprises the steps of:
    - at a storage interface, providing read/write access to at least two data stores;
      
      at a storage interface, creating one processing thread for each available data store, and configuring each processing thread for writing said binary data to one of said data stores;
      
      at a storage interface, checking for successful termination of said processing threads after a timeout delay;
      
      at a storage interface, for each thread that has not successfully terminated after said timeout delay, creating an entry in a Control Log; and
      
      at a storage interface, creating an access token for said binary data, and sending said access token to said collaboration system.
  - 10. The method according to claim 9, wherein said timeout delay for said processing threads is computed as a factor of a running time of a first successfully terminating thread.
  - 11. The method according to claim 9, wherein the Control Log is a database.
  - 13. The method according to claim 9, wherein said Control Log entry comprises information on a data store in which the binary data was not successfully written.
  - 14. The method according to claim 13, wherein the method further comprises the steps of:
    - creating a processing thread for each Control Log entry that indicates an unsuccessful storage operation of said binary data in a data store;
      
      configuring each created processing thread for writing said binary data to one of said data stores; and
      
      in case one of said processing threads succeeds in storing said binary data to said data store, updating the corresponding Control Log entry by providing the new storage location for said binary data.
  - 18. The method according to claim 1, wherein the access token comprises information on the storage location of the stored data.
  - 19. The method according to claim 1, wherein said collaboration system is a Microsoft SharePoint™
    - collaboration system.
  - 20. The method according to claim 1, wherein the binary data is a Binary Large Object (BLOB).
  - 21. A device comprising a processor and memory, the memory being configured with stored instructions that, in response to being processed by the processor, cause the device to carry out the method according to claim 1.

3. A method for decrypting and reading binary data that is stored in at least one data store, the method comprising the steps of:
- at a storage interface, receiving, from a collaboration system, a read request and an access token for encrypted binary data that is to be read;
  
  at a storage interface, providing a first encryption key;
  
  at a storage interface, providing a second encryption key;
  
  at a storage interface, locating said binary data in the at least one data store and storing it in a buffer memory;
  
  at a storage interface, decrypting said binary data using said first and second encryption keys and a decryption algorithm; and
  
  at a storage interface, returning said decrypted binary data to said requesting collaboration system,wherein either or both of said first encryption key and said second encryption key are stored remote from said encrypted binary data.
- View Dependent Claims (4, 5, 6, 12, 15, 16, 17)
- - 4. The method according to claim 3, wherein the method further comprises the step of computing a hash value for said located binary data.
  - 5. The method according to claim 4, wherein said access token comprises said hash value for said binary data, and wherein the method further comprises the step of:
    - checking whether the hash value for the located binary data is equal to the hash value comprised in the access token, and decrypting the binary data conditionally on the equality of the two hash values.
  - 6. The method according to claim 3, wherein the first encryption key is provided by said collaboration system.
  - 12. The method according to claim 3, wherein the method further comprises the step of computing a hash value for the binary data, and wherein said access token comprises said hash value.
  - 15. The method according to claim 3, wherein the method further comprises the steps of:
    - at a storage interface, providing read/write access to at least two data stores;
      
      at a storage interface, locating said binary data in at least one data store using information from said access token or a Control Log; and
      
      retrieving said binary data from said data store and returning it to said requesting collaboration system.
  - 16. The method according to claim 15, wherein the method further comprises the step of computing a hash value for said located binary data.
  - 17. The method according to claim 16, wherein said access token comprises said hash value for said binary data, and wherein the method further comprises the step of:
    - checking whether the hash value for the located binary data is equal to the hash value comprised in the access token, and returning the binary data to said collaboration system conditionally on the equality of the two hash values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stealth Software IP SARL
Original Assignee
Stealth Software IP SARL
Inventors
Garrard, Thomas

Application Number

US13/802,129
Publication Number

US 20130262881A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6272   by registering files or doc...

G06F 2221/2101   Auditing as a secondary aspect

H04L 2209/60   Digital content management,...

H04L 9/08   Key distribution or managem...

H04L 9/0897   involving additional device...

H04L 9/14   using a plurality of keys o...

Binary Data Store

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Binary Data Store

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links