×

Data repository and method for promoting network storage of data

  • US 9,177,175 B2
  • Filed: 03/30/2010
  • Issued: 11/03/2015
  • Est. Priority Date: 02/18/2000
  • Status: Expired due to Term
First Claim
Patent Images

1. A method for client programs, communicating over a network with a data repository, to store encrypted data items in the data repository, wherein the client programs do not retain information needed to decrypt the data items, the method comprising:

  • generating a public key and a private key;

    transmitting only the public key to a first client program running on a first client machine;

    creating a data key, by the first client program;

    encrypting a data item, by the first client program, using the data key as the encryption key;

    depositing the encrypted data item in the data repository, in response to a request by the first client program;

    encrypting the data key, by the first client program, using the public key;

    storing the encrypted data key in the data repository in association with the encrypted data item, in response to a request by the first client program;

    erasing the data key from storage on the first client machine;

    erasing the data item from storage on the first client machine;

    retrieving the encrypted data key from the data repository, in response to a request by a second client program running on a second client machine that is different than the first client machine and that has access to the private key;

    andretrieving the encrypted data item and decrypting it;

    wherein the private key is needed to decrypt data encoded using the public key;

    wherein once both erasing steps have been completed, there is no information stored on the first client machine that would enable the data item to be recovered from the data repository;

    wherein the erasing steps guarantee that the data item is no longer accessible using information stored at a site where the first client machine is located;

    wherein the retrieving steps occur after the erasing steps have been completed;

    wherein the data key erasing step occurs after the encrypted data key is stored in the data repository;

    wherein there is no predetermined time limit on when the second client may access the private key;

    wherein the storing step associates a repository user with the encrypted data item deposited within the data repository;

    wherein the erasing steps guarantee that, using only information present at the site where the first client machine is located and information stored in the data repository, the association of the encrypted data item with the repository user cannot be discovered;

    wherein the first client program communicates with the data repository, using hashes of data items to identify their content and determine whether they have content distinct from data items already stored in the data repository, or identical content;

    wherein the first client program stores in the data repository data items that have content distinct from data items already stored in the data repository and, for storage of data items that have content identical with data items already stored in the data repository, relies on the data items already stored rather than storing the content again; and

    wherein to enable a future retrieval of a data item already stored in the data repository, the first client program communicates to the data repository a proof that it has a data item with identical content and not just a hash used to identify the content, and does this without communicating the full content.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×