Secure data storage

US 9,104,888 B2
Filed: 12/04/2013
Issued: 08/11/2015
Est. Priority Date: 04/28/2011
Status: Active Grant

First Claim

Patent Images

1. A method for storing files, comprising:

receiving by a first client application at least a first identifier;

receiving by the first client application a third identifier;

providing the first identifier and the third identifier to a hash algorithm, wherein the hash algorithm produces a first output using the first and third identifiers;

using the first output to determine a first system file location;

storing a first system file in data storage at the first system file location, wherein the first system file stored in the data storage at the first system file location is a first index file;

assigning a first file name to a first data file;

receiving by the first client application a second identifier;

providing the first file name as the second identifier to the hash algorithm;

providing the second identifier to the hash algorithm, wherein the hash algorithm produces a second output;

using the second output to determine a first data file location;

storing the first data file in the data storage at the first data file location;

storing the first data file location in the first index file;

determining a size of the first data file, wherein in response to the size of the first data file having less than a first predetermined size the first data file is padded to have a first normalized size, and wherein the padded first data file is stored;

assigning a second file name to a second data file, wherein the first file name has a first character length, and wherein the second file name has the first character length;

providing the second file name as a fourth identifier to the hash algorithm, wherein the hash algorithm produces a third output;

using the third output to determine a second data file location;

storing the second data file in the data storage at the second data file location;

storing the second data file location in the first index file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for obscuring the location of critical system files are provided. In particular, the locations of files stored within a file system are selected by applying various inputs to a hash algorithm. For system files, the inputs applied to the hash algorithm can include a user name and password. For data files, the information provided to the hash algorithm can include the file name. In addition to providing random file locations, a file system in accordance with embodiments of the present invention can homogenize other information, including file names, sizes and creation dates.

Citations

14 Claims

1. A method for storing files, comprising:
- receiving by a first client application at least a first identifier;
  
  receiving by the first client application a third identifier;
  
  providing the first identifier and the third identifier to a hash algorithm, wherein the hash algorithm produces a first output using the first and third identifiers;
  
  using the first output to determine a first system file location;
  
  storing a first system file in data storage at the first system file location, wherein the first system file stored in the data storage at the first system file location is a first index file;
  
  assigning a first file name to a first data file;
  
  receiving by the first client application a second identifier;
  
  providing the first file name as the second identifier to the hash algorithm;
  
  providing the second identifier to the hash algorithm, wherein the hash algorithm produces a second output;
  
  using the second output to determine a first data file location;
  
  storing the first data file in the data storage at the first data file location;
  
  storing the first data file location in the first index file;
  
  determining a size of the first data file, wherein in response to the size of the first data file having less than a first predetermined size the first data file is padded to have a first normalized size, and wherein the padded first data file is stored;
  
  assigning a second file name to a second data file, wherein the first file name has a first character length, and wherein the second file name has the first character length;
  
  providing the second file name as a fourth identifier to the hash algorithm, wherein the hash algorithm produces a third output;
  
  using the third output to determine a second data file location;
  
  storing the second data file in the data storage at the second data file location;
  
  storing the second data file location in the first index file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - receiving at the first client application a request to access the first data file;
      
      prompting by the first client application entry by a user of at least one of the first and third identifiers;
      
      receiving by the client application the first and third identifiers, wherein the first and third identifiers are provided to the hash algorithm to reproduce the first output and to determine the first system file location;
      
      accessing the first index file stored in the data storage at the first system file location and retrieving the first data file location from the first index file.
  - 3. The method of claim 1, wherein the first identifier is a user name and wherein the third identifier is a password.
  - 4. The method of claim 1, further comprising:
    - a first salt, wherein the first salt is input to the hash algorithm with the first identifier and the third identifier to produce the first output that is used to determine the first system file location.
  - 5. The method of claim 4, further comprising:
    - a second salt, wherein the second salt is input to the hash algorithm with the first file name, wherein the hash algorithm produces the second output;
      
      using the second output to determine the first data file location.
  - 6. The method of claim 4, further comprising:
    - a second salt, wherein the second salt is input to the hash algorithm with the first identifier and the second identifier, wherein the hash algorithm produces the second output used to determine the first data file location.
  - 7. The method of claim 6, wherein the first data file is a key store.
  - 8. The method of claim 1, further comprising:
    - receiving by the first client application a fourth identifier;
      
      providing the first identifier and the fourth identifier to the hash algorithm to produce the second output used to determine the second file system location.
  - 9. The method of claim 1, further comprising:
    - receiving by the first client application a fourth identifier;
      
      providing the first identifier and the fourth identifier to the hash algorithm to produce the second output;
      
      using the second output to determine the first data file location;
      
      accessing the data file stored on the data storage at the first data file location.
  - 10. The method of claim 1,wherein the second data file stored in the data storage at the second data file location is a second system file.
  - 11. The method of claim 10, wherein the first index file stored in the first system file location is associated with a first data set, and wherein the second system file stored in the second data file location is a second index file associated with a second data set.

12. A method for storing files, comprising:
- providing data storage;
  
  providing a processor;
  
  providing a client application that is executable by the processor, wherein the client application includes a file system module;
  
  prompting a user for a password;
  
  receiving a first password at the client application;
  
  providing at least the received first password and a first salt as a first input to a hash algorithm;
  
  in response to the first input, generating by the hash algorithm a first output;
  
  transforming the first output to a first file system location;
  
  storing a first index file at the first file system location in the data storage;
  
  providing at least the received first password and a second salt as a second input to the hash algorithm;
  
  in response to the second input, generating by the hash algorithm a second output;
  
  transforming the second output to a second file system location;
  
  storing a first key store file at the second file system location in the data storage;
  
  receiving a first data file, wherein the first data file is associated with a first name, wherein the first name has a first character length;
  
  providing at least the first name and a third salt as a third input to the hash algorithm;
  
  in response to the third input, generating by the hash algorithm a third output;
  
  transforming the third output to a third file system location;
  
  determining a size of the first data file, wherein in response to the size of the first data file having less than a first predetermined size the first data file is padded to have a first normalized size;
  
  storing the first data file at the third file system location;
  
  storing a record of the third file system location in the first index file;
  
  placing a key associated with the first data file in the first key store file;
  
  receiving a second data file, wherein the second data file is associated with a second name, wherein the second name has the first character length;
  
  providing at least the second name and a fourth salt as a fourth input to the hash algorithm;
  
  in response to the fourth input, generating by the hash algorithm a fourth output;
  
  transforming the fourth output to a fourth file system location;
  
  storing the second data file at the fourth file system location;
  
  storing a record of the fourth file system location in the first index file;
  
  placing a key associated with the second data file in the first key store file.
- View Dependent Claims (13)
- - 13. The method of claim 12, further comprising:
    - receiving a third password at the client application;
      
      providing at least the received second password and a fifth salt as a fifth input to the hash algorithm;
      
      in response to the fifth input, generating by the hash algorithm a fifth output;
      
      transforming the fifth output to a fifth file system location;
      
      storing a second index file at the fifth file system location in the data storage.

14. A system, comprising:
- data storage;
  
  a client application, wherein the client application is stored in the data storage, and wherein the client application includes a hash algorithm;
  
  a user input, wherein in response to receiving at least a first input at the user input the client application is operable to generate a first value using the hash algorithm, wherein the first value is used to determine a first location in the data storage for storing a system index file, wherein the system index file is stored at the first location in the data storage, wherein a record of the first location is not stored in data storage, and wherein in response to the client application receiving a request to store a first data file in the data storage the client application is operable to generate a second value using the name of the first data file as an input to the hash algorithm, wherein the second value is used to determine a second location in the data storage for storing the first data file, wherein the first data file is placed in the data storage at the second location, determining a size of the first data file, wherein in response to the size of the first data file having less than a first predetermined size the first data file is padded to have a first normalized size, and wherein the padded first data file is placed in the data storage, wherein a second file name is assigned to a second data file, wherein the first file name has a first character length, and the second file name has the first character length, wherein the second file name is provided to the hash algorithm in response to which the hash algorithm generates a third value, wherein the third value is used to determine a third location in the data storage for storing the second data file, and wherein the second location and the third location are stored in the system index file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Absio Corp.
Original Assignee
Absio Corp.
Inventors
Oltmans, James Robert, Zweber, Benjamin E.
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
LANE, GREGORY A

Application Number

US14/096,997
Publication Number

US 20140095869A1
Time in Patent Office

615 Days
Field of Search

713/189
US Class Current

1/1
CPC Class Codes

G06F 16/13   File access structures, e.g...

G06F 16/137   Hash-based content-based in...

G06F 21/6218   to a system of files or obj...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

Secure data storage

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data storage

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links