Process for storing data on a central server

US 8,874,908 B2
Filed: 11/07/2012
Issued: 10/28/2014
Est. Priority Date: 11/07/2012
Status: Active Grant

First Claim

Patent Images

1. A process for storing data on a central server, a plurality of users of said server each having a user password which is at least used for generating a user key and at least one client with data saved thereon being respectively assigned to at least some of these users and, as required, at least some of these data being subdivided into at least one data block to be uploaded, and, based on a unique data block ID value identifying each data block, it is determined whether a corresponding data block is already present on the server, the data blocks not being present on the server being uploaded to said central server, a data block list to be uploaded being compiled and uploaded to the central server, based on which data can be regenerated in their original form by a data recovery step following a request for data stored on the central server by the user,wherein a file key is generated using a key generation rule which uses an unencrypted file consisting of at least one data block as an integral component for generating said file key;

the following steps are carried out for each unencrypted data block on the client, wherein the unencrypted data block is first compressed, in order to determine the data blocks and the data block list to be uploaded to the central server;

encrypting the unencrypted data block using the generated file key to create an encrypted data block based on a predefined encryption rule;

generating a unique data block ID value based on the encrypted data block using a method known to the server and assigning of this unique data block ID value to the encrypted data block using a data block ID generation rule predetermined for each user in a data block ID value generating step,communicating this unique data block ID value from the client to the central server in a data block ID value communication step in order to receive a response from the server as to whether the encrypted data block assigned to this data block ID value has to be uploaded to the server, and, based on this response, uploading at least parts of the encrypted data block or information generated there from or not;

saving said unique data block ID value in the data block list, which is to be uploaded to the server;

and wherein the following steps are carried out after having completed the above steps for each unencrypted data block;

encrypting the data block list using the file key;

generating a unique data block list ID value from the encrypted list of data blocks and assigning said value to the encrypted list of data blocks;

encrypting the data block list ID value using the user key, which is generated based on a data block list ID value key rule, said rule being managed by and only known to the user;

encrypting the file key using the user key, which is generated based on a data block list ID value key rule, said rule being managed by and only known to the user;

uploading the encrypted data block list and the encrypted data block list ID value as well as the encrypted file key from the client to the central server and assigning the encrypted file key to the encrypted data block ID value;

the unencrypted data blocks, the unencrypted data block list, the unencrypted file key, the unencrypted ID value of the list of data blocks and the user key remaining exclusively on the client;

and, in the data recovery step, the server sending the data which are stored on the server in their encrypted form, the server being not able to decrypt them, to the client, so that data recovery is only carried out on the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure describes a process for storing data on a central server with a plurality of users, each of them having their own user password used for creating a user key, being respectively assigned to some of these users, and some of the data, being divided into data blocks to be uploaded, and each data block being compared to data blocks on the server based on a unique data block ID value in order to determine whether a corresponding data block is already stored on the server and to upload to the server those data blocks which are not already present, a data block list to be uploaded being created and uploaded to the central server, so that in a data recovery step data stored on the central server which are requested by the user can be restored in their original form based on said list.

14 Citations

View as Search Results

19 Claims

1. A process for storing data on a central server, a plurality of users of said server each having a user password which is at least used for generating a user key and at least one client with data saved thereon being respectively assigned to at least some of these users and, as required, at least some of these data being subdivided into at least one data block to be uploaded, and, based on a unique data block ID value identifying each data block, it is determined whether a corresponding data block is already present on the server, the data blocks not being present on the server being uploaded to said central server, a data block list to be uploaded being compiled and uploaded to the central server, based on which data can be regenerated in their original form by a data recovery step following a request for data stored on the central server by the user,wherein a file key is generated using a key generation rule which uses an unencrypted file consisting of at least one data block as an integral component for generating said file key;
- the following steps are carried out for each unencrypted data block on the client, wherein the unencrypted data block is first compressed, in order to determine the data blocks and the data block list to be uploaded to the central server;
  
  encrypting the unencrypted data block using the generated file key to create an encrypted data block based on a predefined encryption rule;
  
  generating a unique data block ID value based on the encrypted data block using a method known to the server and assigning of this unique data block ID value to the encrypted data block using a data block ID generation rule predetermined for each user in a data block ID value generating step,communicating this unique data block ID value from the client to the central server in a data block ID value communication step in order to receive a response from the server as to whether the encrypted data block assigned to this data block ID value has to be uploaded to the server, and, based on this response, uploading at least parts of the encrypted data block or information generated there from or not;
  
  saving said unique data block ID value in the data block list, which is to be uploaded to the server;
  
  and wherein the following steps are carried out after having completed the above steps for each unencrypted data block;
  
  encrypting the data block list using the file key;
  
  generating a unique data block list ID value from the encrypted list of data blocks and assigning said value to the encrypted list of data blocks;
  
  encrypting the data block list ID value using the user key, which is generated based on a data block list ID value key rule, said rule being managed by and only known to the user;
  
  encrypting the file key using the user key, which is generated based on a data block list ID value key rule, said rule being managed by and only known to the user;
  
  uploading the encrypted data block list and the encrypted data block list ID value as well as the encrypted file key from the client to the central server and assigning the encrypted file key to the encrypted data block ID value;
  
  the unencrypted data blocks, the unencrypted data block list, the unencrypted file key, the unencrypted ID value of the list of data blocks and the user key remaining exclusively on the client;
  
  and, in the data recovery step, the server sending the data which are stored on the server in their encrypted form, the server being not able to decrypt them, to the client, so that data recovery is only carried out on the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The process according to claim 1, wherein key basis information is generated based on the unencrypted file using an information generation rule and in that the file key is generated based exclusively on the key basis information, said information being encrypted and uploaded instead of the file key, requiring less storage space than the file key.
  - 3. The process according to claim 2, wherein said key basis information is a sufficiently long, predetermined portion of a hash value of the unencrypted file.
  - 4. The process according to claim 3, wherein the file key is generated based on the key basis information by obtaining the result of a predetermined number of consecutive one-way functions, using at least the key basis information as an input value for the first one-way function, at least one of the results of the previous one-way functions being used as an input value for the subsequent one-way function.
  - 5. The process according claim 1, wherein the data block sizes of one file are variable and are computed based on the file itself and are, thus, not predictable, but random for each file.
  - 6. The process according to claim 1, wherein a sufficiently long hash value is generated for computing the data block sizes based on the encrypted file and in that the data block sizes are each constituted by parts of said hash value.
  - 7. The process according to claim 1, wherein the list of data blocks is added to the last data block and in that the client saves the data block ID value of said last data block instead of the ID value of the list of data blocks.
  - 8. The process according to claim 1, wherein the data block ID value corresponds to the hash value of the encrypted data block.
  - 9. The process according to claim 1, wherein the client carries out the following steps for each data block:
    - determining the hash value of the unencrypted data block and comparing this hash value to one client data block hash information item,and wherein the steps of generating the data block ID value and of communicating said data block ID value are dropped, if the determined hash value is found among the new information on the client,and wherein the determined hash value is entered into the list for the respective data block ID value and the steps of generating the data block ID value and of communicating said data block ID value are carried out, if the determined hash value is not found among the new information on the client,the client data block hash information being neither communicated nor uploaded to the server.
  - 10. The process according to claim 1, wherein the server, if a data block that the client wants to upload to the server is already present on the server, requests from the server the hash of the encrypted data block in combination with an item of information which must only be known to the client and the server, in order to make verify that the client possesses the data block, without the data block being uploaded.
  - 11. The process according to claim 1, wherein the data block ID values, based on which it is determined whether the respective data blocks are already present on the server, are first generated on the client and then communicated to the server in a random sequence for the respective request.
  - 12. The process according to claim 1, wherein a constant number of bytes are removed from a constant position of each unencrypted data block and included in the data block list as an additional item of information for each data block.
  - 13. The process according to claim 1, wherein a variable number of bytes are removed from a variable position of each unencrypted data block and included in the data block list as an additional item of information for each data block in connection with the information from which position these bytes were removed.
  - 14. The process according to claim 1, wherein information assigned to the unencrypted data block, which may be publicly available, is used as a basis for calculating an initialization vector for a chaining process for encrypting the unencrypted data block and in that the initialization vector and a chaining process are applied.
  - 15. The process according to claim 1, wherein information assigned to the data block list, which may be publicly available, is used as a basis for calculating an initialization vector for a chaining process for encrypting the data block list and in that the initialization vector and a chaining process are applied.
  - 16. The process according claim 1, wherein the data block list is expanded by random, correspondingly marked, irrelevant data of variable lengths for each data block.
  - 17. The process according to claim 1, wherein a random key manipulation value, which changes the data block key, is determined for each unencrypted data block before encrypting the same and in that said random key manipulation value is stored in the data block list.
  - 18. The process according to claim 1, wherein the compressed data block is subdivided into data sub-blocks of a predetermined size, said data sub-blocks being assembled in a sorted order to form a sorted data block, said sorted data block being encrypted and, if necessary, uploaded to the server, and wherein the user stores a data block order value for each data block as an expansion of the data block list, said value containing the information concerning the order in which the data sub-blocks are to be reassembled to form a compressed data block.
  - 19. The process according to claim 1, wherein the unencrypted data block is pre-sorted by a reversible transformation and in that restoration information is obtained and in that said pre-sorted data block is compressed and encrypted and in that said restoration information, based on which the pre-sorted data block can be restored as an unencrypted data block, is added as additional information to the data block list for each data block, which means that the pre-sorted data block is not expanded by this information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seclous GmbH
Original Assignee
Wolfgang Raudaschl
Inventors
Raudaschl, Wolfgang
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US13/670,631
Publication Number

US 20140129830A1
Time in Patent Office

720 Days
Field of Search

713/165
US Class Current

713/165
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/6272   by registering files or doc...

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

Process for storing data on a central server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Process for storing data on a central server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links