Method and apparatus for the secure distributed storage and retrieval of information
First Claim
1. A computer implemented method for the secure distributed storage and retrieval with confidentiality of information of a user in a storage system including a plurality of servers comprising:
- for a given transaction, designating one server of said plurality of servers as a gateway server for the user;
depositing an encrypted file from the user and a file encrypting key encrypted under a public key of the user to the storage system via the gateway server;
distributing by the gateway server by dispersing the file among a plurality of storage elements attached to servers within said storage system;
receiving by the gateway server a partial signature from each of the servers in the storage system receiving the parts of the dispersed file;
generating by the gateway server an authenticated proof that the storage system received and correctly stored the file, the proof being provided even when at least one of said servers malfunctions due to a malicious fault;
responding by the gateway server to a user request for a previously stored file by forwarding the request to all servers in the storage system, the user request including an encryption under the user'"'"'s public key of a user generated random number temporarily stored by the user, the random number serving as a blinding factor;
checking by each server to determine if the user making the request has permission to access the requested file;
if the user making the request has permission to access the requested file, computing by each server a partial decryption of their respective share of the requested file encrypting key multiplied by the encrypted blinding factor using a threshold decryption algorithm;
sending by each server in the storage system the computed partial decryption their respective shares of the stored file and hashes of all shares to the gateway server;
determining by the gateway server good shares from a majority of hashes received from other servers and reconstituting the encrypted file using an information dispersal algorithm;
determining by the gateway server the file-encrypting key multiplied by the blinding factor;
sending the reconstituted file and the product of the encrypting key multiplied by the blinding factor to the user;
obtaining the file-encrypting key by the user by dividing out the blinding factor;
receiving from the user an authenticated acknowledgment message;
forwarding by the gateway server an acknowledgment message to all servers in the storage system; and
echoing by the servers the acknowledgment message.
1 Assignment
0 Petitions
Accused Products
Abstract
A solution to the general problem of Secure Storage and Retrieval of Information (SSRI) guarantees that also the process of storing the information is correct even when some processors fail. A user interacts with the storage system by depositing a file and receiving a proof that the deposit was correctly executed. The user interacts with a single distinguished processor called the gateway. The mechanism enables storage in the presence of both inactive and maliciously active faults, while maintaining (asymptotical) space optimailty. This mechanism is enhanced with the added requirement of confidentiality of information; i.e., that a collusion of processors should not be able to learn anything about the information. Also, in this case space optimality is preserved.
1667 Citations
14 Claims
-
1. A computer implemented method for the secure distributed storage and retrieval with confidentiality of information of a user in a storage system including a plurality of servers comprising:
-
for a given transaction, designating one server of said plurality of servers as a gateway server for the user; depositing an encrypted file from the user and a file encrypting key encrypted under a public key of the user to the storage system via the gateway server; distributing by the gateway server by dispersing the file among a plurality of storage elements attached to servers within said storage system; receiving by the gateway server a partial signature from each of the servers in the storage system receiving the parts of the dispersed file; generating by the gateway server an authenticated proof that the storage system received and correctly stored the file, the proof being provided even when at least one of said servers malfunctions due to a malicious fault; responding by the gateway server to a user request for a previously stored file by forwarding the request to all servers in the storage system, the user request including an encryption under the user'"'"'s public key of a user generated random number temporarily stored by the user, the random number serving as a blinding factor; checking by each server to determine if the user making the request has permission to access the requested file; if the user making the request has permission to access the requested file, computing by each server a partial decryption of their respective share of the requested file encrypting key multiplied by the encrypted blinding factor using a threshold decryption algorithm; sending by each server in the storage system the computed partial decryption their respective shares of the stored file and hashes of all shares to the gateway server; determining by the gateway server good shares from a majority of hashes received from other servers and reconstituting the encrypted file using an information dispersal algorithm; determining by the gateway server the file-encrypting key multiplied by the blinding factor; sending the reconstituted file and the product of the encrypting key multiplied by the blinding factor to the user; obtaining the file-encrypting key by the user by dividing out the blinding factor; receiving from the user an authenticated acknowledgment message; forwarding by the gateway server an acknowledgment message to all servers in the storage system; and echoing by the servers the acknowledgment message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A secure distributed storage and retrieval system comprising:
-
a plurality of servers connected in a communication network having a protocol which enables information files to be stored distributively throughout the network of servers and information files to be retrieved by any single server in the network using a retrieval protocol, one of said servers being designated as a gateway server for a user of the storage and retrieval system for a given transaction; and a computer depositing an encrypted file from the user and a file encrypting key encrypted under a public key of the user to the storage system via the gateway server, the gateway server distributing the file among a plurality of storage elements attached to servers within said storage system, the gateway server receiving a partial signature from each of the servers receiving parts of the distributed file, the gateway server generating an authenticated proof that the storage system received and correctly stored the file, the proof being provided even when at least one of said servers malfunctions due to a malicious fault, the gateway server responding to a user request for a previously stored file by forwarding the request to all servers in the storage system, the user request including an encryption under the user'"'"'s public key of a user generated random number temporarily stored by the user, the random number serving as a blinding factor, each server checking to determine if the user making the request has permission to access the requested file, each server computing a partial decryption of their respective share of the requested file encrypting key multiplied by the encrypted blinding factor using a threshold decryption algorithm if the user making the request has permission to access the requested file, each server sending the computed partial decryption their respective shares of the stored file and hashes of all shares to the gateway server, the gateway server determining good shares from a majority of hashes received from other servers and reconstituting the encrypted file using an information dispersal algorithm, the gateway server determining the file-encrypting key multiplied by the blinding factor, sending the reconstituted file and the product of the encrypting key multiplied by the blinding factor to said computer, obtaining the file-encrypting key by the user by dividing out the blinding factor, receiving from said computer an authenticated acknowledgment message, and forwarding an acknowledgment message to all servers in the storage system, and the servers echoing the acknowledgment message. - View Dependent Claims (13, 14)
-
Specification