Secure data storage

US 8,627,104 B2
Filed: 04/28/2011
Issued: 01/07/2014
Est. Priority Date: 04/28/2011
Status: Active Grant

First Claim

Patent Images

1. A method for storing files, comprising:

receiving by a first client application at least first and second identifiers;

providing the first and second identifiers to a hash algorithm, wherein the hash algorithm produces a first output;

using the first output to determine a first file system location;

storing a first index file in data storage at the first file system location;

assigning a first filename to a first data file;

providing the first filename as a third identifier to the hash algorithm, wherein the third identifier is different than the first identifier and the second identifier, and wherein the hash algorithm produces a second output;

using the second output to determine a second file system location;

storing the first data file in the data storage at the second file system location;

storing the second file system location in the first index file;

receiving at the first client application a request to access the first data file;

prompting by the first client application entry by a user of at least one of the first and second identifiers, wherein the user is prompted to enter the at least one of the first and second identifiers after the first output has been produced;

in response to the prompt, the user entering the at least one of the first and second identifiers;

receiving by the first client application the at least one of the first and second identifiers, wherein the at least one of the first and second identifiers are provided to the hash algorithm to reproduce the first output and to determine the first file system location;

accessing the first index file stored in the data storage at the first file system location and retrieving from the first index file the second file system location;

assigning a second filename to a second data file, wherein the first filename has a first character length, and wherein the second filename has the first character length;

determining a size of the first data file, wherein in response to the size of the first data file having less than a first predetermined size the first data file is padded to have a first normalized size, and wherein the padded first data file is stored.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for obscuring the location of critical system files are provided. In particular, the locations of files stored within a file system are selected by applying various inputs to a hash algorithm. For system files, the inputs applied to the hash algorithm can include a user name and password. For data files, the information provided to the hash algorithm can include the file name. In addition to providing random file locations, a file system in accordance with embodiments of the present invention can homogenize other information, including file names, sizes and creation dates.

74 Citations

View as Search Results

15 Claims

1. A method for storing files, comprising:
- receiving by a first client application at least first and second identifiers;
  
  providing the first and second identifiers to a hash algorithm, wherein the hash algorithm produces a first output;
  
  using the first output to determine a first file system location;
  
  storing a first index file in data storage at the first file system location;
  
  assigning a first filename to a first data file;
  
  providing the first filename as a third identifier to the hash algorithm, wherein the third identifier is different than the first identifier and the second identifier, and wherein the hash algorithm produces a second output;
  
  using the second output to determine a second file system location;
  
  storing the first data file in the data storage at the second file system location;
  
  storing the second file system location in the first index file;
  
  receiving at the first client application a request to access the first data file;
  
  prompting by the first client application entry by a user of at least one of the first and second identifiers, wherein the user is prompted to enter the at least one of the first and second identifiers after the first output has been produced;
  
  in response to the prompt, the user entering the at least one of the first and second identifiers;
  
  receiving by the first client application the at least one of the first and second identifiers, wherein the at least one of the first and second identifiers are provided to the hash algorithm to reproduce the first output and to determine the first file system location;
  
  accessing the first index file stored in the data storage at the first file system location and retrieving from the first index file the second file system location;
  
  assigning a second filename to a second data file, wherein the first filename has a first character length, and wherein the second filename has the first character length;
  
  determining a size of the first data file, wherein in response to the size of the first data file having less than a first predetermined size the first data file is padded to have a first normalized size, and wherein the padded first data file is stored.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the first identifier is a user name and wherein the second identifier is a password.
  - 3. The method of claim 1, further comprising:
    - a first salt, wherein the first salt is input to the hash algorithm with the first identifier and the second identifier to produce the first output that is used to determine the first file system location.
  - 4. The method of claim 3, further comprising:
    - a second salt, wherein the second salt is input to the hash algorithm with the third identifier, wherein the hash algorithm produces the second output that is used to determine the second file system location.
  - 5. The method of claim 3, further comprising:
    - a second salt, wherein the second salt is input to the hash algorithm with the first identifier and the second identifier, wherein the hash algorithm produces the second output that is used to determine the second file system location;
      
      storing a second file in the data storage at the second file system location.
  - 6. The method of claim 5, wherein the second file is a key store.
  - 7. The method of claim 1, further comprising:
    - receiving by the first client application a fourth identifier;
      
      providing the first identifier and the fourth identifier to the hash algorithm to produce a third output;
      
      using the third output to determine a third file system location.
  - 8. The method of claim 1, further comprising:
    - receiving by the first client application a fourth identifier;
      
      providing the first identifier and the fourth identifier to the hash algorithm to produce a third output;
      
      using the third output to determine a third file system location;
      
      accessing an executable file stored in the data storage at the third file system location;
      
      executing the executable file.
  - 9. The method of claim 1, further comprising:
    - providing at least a fourth identifier to the hash algorithm, wherein the hash algorithm produces a third output;
      
      using the third output to determine a third file system location;
      
      storing a second file in the data storage at the third file system location.
  - 10. The method of claim 9, wherein the third file stored in the second file system location is a second index file associated with a second data set.
  - 11. The method of claim 1, further comprising:
    - providing the second file name as a fourth identifier to the hash algorithm, wherein the hash algorithm produces a third output;
      
      using the third output to determine a third file system location;
      
      storing the second data file in the data storage at the third file system location;
      
      storing the third file system location in the first index file.

12. A method for storing files, comprising:
- providing data storage;
  
  providing a processor;
  
  providing a client application that is executable by the processor, wherein the client application includes a file system module;
  
  prompting a user for a password;
  
  receiving a first password at the client application;
  
  providing at least the received first password and a first salt as a first input to a hash algorithm;
  
  in response to the first input, generating by the hash algorithm a first output;
  
  transforming the first output to a first file system location;
  
  storing a first index file at the first file system location in the data storage;
  
  providing at least the received first password and a second salt as a second input to the hash algorithm;
  
  in response to the second input, generating by the hash algorithm a second output;
  
  transforming the second output to a second file system location;
  
  storing a first key store file at the second file system location in the data storage;
  
  receiving a first data file, wherein the first data file is associated with a first name, wherein the first name has a first character length;
  
  assigning a second name to a second data file, wherein the second name has the first character length;
  
  determining a size of the first data file, wherein in response to the size of the first data file having less than a first predetermined size the first data file is padded to have a first normalized size, and wherein the padded first data file is stored.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, further comprising:
    - providing at least the first name and the second salt as a third input to the hash algorithm;
      
      in response to the third input, generating by the hash algorithm a third output;
      
      transforming the third output to a third file system location;
      
      storing the first data file at the third file system location in the data storage;
      
      storing a record of the third file system location in the first index file;
      
      placing a key associated with the first data file in the first key store file.
  - 14. The method of claim 13, further comprising:
    - receiving a second password at the client application;
      
      providing at least the received second password and the first salt as a fourth input to the hash algorithm;
      
      in response to the fourth input, generating by the hash algorithm a fourth output;
      
      transforming the fourth output to a fourth file system location;
      
      storing a second index file at the fourth file system location in the data storage.

15. A system, comprising:
- data storage device;
  
  a client application, wherein the client application is stored in the data storage device, and wherein the client application includes a hash algorithm;
  
  a user input, wherein in response to receiving at least a first input at the user input the client application is operable to generate a first value using the hash algorithm, wherein the first value is used to determine a first location in the data storage device for storing a system index file, wherein the system index file is stored at the first location in the data storage device, and wherein a record of the first location is not stored in the data storage device, wherein in response to the client application receiving a request to store a data file in the data storage device the client application is operable to generate a second value using a first filename of the data file as a second input to the hash algorithm, wherein the second value is used to determine a second location in the data storage device for storing the data file, wherein the data file is placed in the data storage device at the second location, and wherein the second location is stored in the system index file, wherein a second data file has a second filename, wherein the first filename has a first character length, wherein the second filename has the first character length, wherein in response to the client application determining a size of the data file is less than a first predetermined size the client application is operable to pad the data file to have a first normalized size, and wherein the padded data file is stored.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Absio Corp.
Original Assignee
Absio Corp.
Inventors
Oltmans, James Robert, Zweber, Benjamin E.
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
Lane, Gregory

Application Number

US13/096,603
Publication Number

US 20130031372A1
Time in Patent Office

985 Days
Field of Search

713/189, 707/640, 707/999.2
US Class Current

713/189
CPC Class Codes

G06F 16/13   File access structures, e.g...

G06F 16/137   Hash-based content-based in...

G06F 21/6218   to a system of files or obj...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

Secure data storage

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

74 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Secure data storage

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others