Compromise free cloud data encryption and security

US 9,607,170 B2
Filed: 09/16/2014
Issued: 03/28/2017
Est. Priority Date: 05/02/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a central computing authority; and

a network of computing devices, at least some of the computing devices being pod computing devices physically hosted by an operator, wherein the pod computing devices include a first pod computing device comprising;

a central processing unit;

computer readable storage media in data communication with the central processing unit and storing data instructions therein executable by the central processing unit, the computer readable storage media comprising;

volatile memory;

non-volatile memory in data communication with the central processing unit;

a data communication device configured to securely communicate, using encrypted communications, across a data communication network with a first user computing device, the central computing authority, and other computing devices in the network;

wherein the data instructions are executable by the central processing unit to cause the central processing unit to;

receive a first user identifier, a first password, and a private key from the first user assigned to the first pod computing device using the data communication device;

store the first user identifier and the password in the computer readable storage media to identify the first user as an owner of the first pod computing device; and

store the private key in the volatile memory, such that the private key is erased from the computer readable storage media when the volatile memory loses power;

a database storing first user data in the non-volatile memory, wherein the first user data is encrypted in the database using the private key of the first user, such that the first user data is not accessible to the operator hosting the first pod computing device;

wherein the data instructions are further executable by the central processing unit to cause the central processing unit to;

write user data to the database;

read encrypted user data from the database;

decrypt, using the private key, the encrypted user data and store unencrypted user data in the volatile memory;

index at least some of the user data to perform searching or sorting of the user data; and

execute an interface engine for communication with the first user computing device, the interface engine comprising one of;

an application programming interface, and an application configured to generate a user interface to interact with the first user through the first computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud data encryption and security system includes a central computing authority and a network of computing devices. At least some of the computing devices are pod computing devices physically hosted by an operator. The pod computing devices include a central processing unit and a computer readable storage media in data communication with the central processing unit. Data is encrypted in the computer readable storage media so that the owner can access the data but the operator cannot access the data.

5 Citations

28 Claims

1. A system comprising:
- a central computing authority; and
  
  a network of computing devices, at least some of the computing devices being pod computing devices physically hosted by an operator, wherein the pod computing devices include a first pod computing device comprising;
  
  a central processing unit;
  
  computer readable storage media in data communication with the central processing unit and storing data instructions therein executable by the central processing unit, the computer readable storage media comprising;
  
  volatile memory;
  
  non-volatile memory in data communication with the central processing unit;
  
  a data communication device configured to securely communicate, using encrypted communications, across a data communication network with a first user computing device, the central computing authority, and other computing devices in the network;
  
  wherein the data instructions are executable by the central processing unit to cause the central processing unit to;
  
  receive a first user identifier, a first password, and a private key from the first user assigned to the first pod computing device using the data communication device;
  
  store the first user identifier and the password in the computer readable storage media to identify the first user as an owner of the first pod computing device; and
  
  store the private key in the volatile memory, such that the private key is erased from the computer readable storage media when the volatile memory loses power;
  
  a database storing first user data in the non-volatile memory, wherein the first user data is encrypted in the database using the private key of the first user, such that the first user data is not accessible to the operator hosting the first pod computing device;
  
  wherein the data instructions are further executable by the central processing unit to cause the central processing unit to;
  
  write user data to the database;
  
  read encrypted user data from the database;
  
  decrypt, using the private key, the encrypted user data and store unencrypted user data in the volatile memory;
  
  index at least some of the user data to perform searching or sorting of the user data; and
  
  execute an interface engine for communication with the first user computing device, the interface engine comprising one of;
  
  an application programming interface, and an application configured to generate a user interface to interact with the first user through the first computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, wherein the non-volatile memory is accessible by the central processing unit via the data communication network or locally on the first pod computing device.
  - 3. The system of claim 1, wherein at least some of the pod computing devices are awaiting an assignment from the central computing authority.
  - 4. The system of claim 1, wherein the encrypted communication comprises secure sockets layer protocol.
  - 5. The system of claim 1, wherein receiving the first user identifier, the first password, and the private key from the first user computing device occurs through the interface engine.
  - 6. The system of claim 1, wherein the first pod computing device comprises a persistent storage interface configured to communicate with the database.
  - 7. The system of claim 6, wherein the persistent storage interface utilizes a network file system (NFS) protocol.
  - 8. The system of claim 1, wherein the first pod computing device is configured to generate a public key that is used to encrypt shared data.
  - 9. The system of claim 1, wherein the central computing authority further comprises a directory storing an association between a unique identification of each pod computing device and the user computing device to which it is allocated.
  - 10. The system of claim 1, wherein the first user data further comprises:
    - at least two records, each record corresponding to data; and
      
      at least one edge corresponding to a relationship between two records;
      
      wherein each record and edge is owned by the first user; and
      
      wherein each record and edge is associated with a permission, the permission allowing the first user to access the at least two records and at least one edge.
  - 11. The system of claim 10, wherein the records further comprise a plurality of fields definable by the pod computing device using a template, wherein the template is shared among the pod computing devices.
  - 12. The system of claim 1, wherein the data instructions are further executable by the processing device to cause the processing device to:
    - send, to the central computing authority, an upgrade request for upgrading a system of the first pod computing device; and
      
      receive an upgrade to the system.
  - 13. The system of claim 1, wherein the data instructions are further executable by the central processing unit to cause the central processing unit to send, to the central computing authority, a backup request including the encrypted first user data.
  - 14. The system of claim 13, wherein the backup request occurs upon instructions received from the first user computing device.
  - 15. The system of claim 13, wherein the backup request occurs upon the step of writing user data to the database.

16. A pod computing device comprising:
- a processing device;
  
  a communication device configured to securely communicate, using encrypted communications, across a data communication network with a computing device of a remote user, a central computing authority, and other computing devices in a network;
  
  computer readable storage media comprising;
  
  a volatile storage device; and
  
  a non-volatile storage device in data communication with the processing device;
  
  the computer readable storage media storing data instructions, which when executed by the processing device cause the processing device to;
  
  receive a first user identifier, a first password, and a private key from the computing device of the remote user assigned to the pod computing device through the communication device;
  
  store the first user identifier and the password in the computer readable storage media to identify the remote user as an owner of the pod computing device;
  
  store the private key in the volatile storage device, such that the private key is erased from the computer readable storage media when the volatile memory loses power;
  
  a database storing data in the non-volatile memory, wherein the data is encrypted in the database using the private key, such that the data is not accessible to an operator hosting the pod computing device;
  
  wherein the data instructions are further executable by the processing device to cause the processing device to;
  
  write data to the database;
  
  read encrypted data from the database;
  
  decrypt the encrypted data using the private key, and store unencrypted data in the volatile memory;
  
  index at least some of the data to perform searching or sorting of the data; and
  
  execute an interface engine for communication with the computing device of the remote user, the interface engine comprising one of;
  
  an application programming interface, and an application configured to generate a user interface to interact with the remote user through the computing device of the remote user.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The pod computing device of claim 16, wherein the communication device is configured to communicate with the computing device of the remote user using secure data communication protocol.
  - 18. The pod computing device of claim 16, wherein the computer readable storage media storing data instructions, which when executed by the processing device cause the processing device to further generate a public key that is stored in memory of a remote central authority server.
  - 19. The pod computing device of claim 16, wherein the computer readable storage media storing data instructions, which when executed by the processing device cause the processing device to further request, from a remote central authority server, a public key of a second computer readable storage medium, wherein the public key is used to encrypt data distributed to the second computer readable storage medium.
  - 20. The pod computing device of claim 16, wherein the communication device is an Ethernet device.
  - 21. The pod computing device of claim 16, wherein a graph database is stored in the non-volatile storage device.
  - 22. The pod computing device of claim 21, wherein the data instructions further cause the processing device to:
    - use the private key to encrypt and store data in the non-volatile memory; and
      
      use the private key to decrypt and retrieve data from the non-volatile memory.

23. A rack mountable server computing device, comprising:
- a tray storing a plurality of pod computing devices, wherein each pod computing device comprises;
  
  a processing device;
  
  a communication device configured to securely communicate, using encrypted communications, across a data communication network with a computing device of a remote user, a central computing authority, and other computing devices in a network;
  
  non-transitory computer readable storage media comprising;
  
  a volatile storage device; and
  
  a non-volatile storage device in data communication with the processing device;
  
  the computer readable storage media storing data instructions, which when executed by the processing device cause the processing device to;
  
  receive a first user identifier, a first password, and a private key from the computing device of the remote user assigned to the pod computing device through the communication device;
  
  store the first user identifier and the password in the computer readable storage media to identify the remote user as an owner of the pod computing device;
  
  store the private key in the volatile storage device, such that the private key is erased from the computer readable storage media when the volatile memory loses power;
  
  a database storing data in the non-volatile memory, wherein the data is encrypted in the database using the private key, such that the data is not accessible to an operator hosting the pod computing device;
  
  wherein the data instructions are further executable by the processing device to cause the processing device to;
  
  write data to the database;
  
  read encrypted data from the database;
  
  decrypt the encrypted data using the private key, and store unencrypted data in the volatile memory;
  
  index at least some of the data to perform searching or sorting of the data; and
  
  execute an interface engine for communication with the computing device of the remote user, the interface engine comprising one of;
  
  an application programming interface, and an application configured to generate a user interface to interact with the remote user through the computing device of the remote user.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The rack mountable server computing device of claim 23, wherein the tray further comprises a power supply for providing power to the plurality of pod computing devices stored thereon.
  - 25. The rack mountable server computing device of claim 23, wherein the tray stores a range from 40 to 500 pod computing devices thereon.
  - 26. The rack mountable server computing device of claim 23, wherein the communication device is configured to communicate with the computing device of the remote user using a secure data communication protocol.
  - 27. The rack mountable server computing device of claim 23, wherein the communication device is configured to communicate with a central authority server using a secure data communication protocol, wherein the central authority server further comprises a storage device configured to:
    - store a public key directory having a plurality of public keys, each public key associated with one of the plurality of pod computing devices;
      
      store a directory having a plurality of unique identifications, each unique identification associated with one of the plurality of pod computing devices;
      
      store a system backup for each of the plurality of pod computing devices; and
      
      synchronize a network on which the plurality of pod computing devices operate, wherein the synchronization is configured to distribute data objects shared among the plurality of pod computing devices.

28. A method of operating a pod computing device, the pod computing device comprising:
- a processing device;
  
  a communication device configured to securely communicate, using encrypted communications, across a data communication network with a computing device of a remote user, a central computing authority, and other computing devices in a network;
  
  computer readable storage media comprising;
  
  a volatile storage device; and
  
  a non-volatile storage device in data communication with the processing device; and
  
  a database storing data in the non-volatile memory, wherein the data is encrypted in the database using a private key, such that the data is not accessible to an operator hosting the pod computing device;
  
  the method comprising;
  
  receiving at the pod computing device a first user identifier, a first password, and the private key from a computing device of the remote user assigned to the pod computing device through the communication device;
  
  storing the first user identifier and the password in the computer readable storage media to identify the remote user as an owner of the pod computing device;
  
  storing the private key in the volatile storage device, such that the private key is erased from the computer readable storage media when the volatile memory loses power;
  
  write data to the database;
  
  read encrypted data from the database;
  
  decrypt the encrypted data using the private key, and store unencrypted data in the volatile memory;
  
  index at least some of the data to perform at least one of searching and sorting of the data; and
  
  execute an interface engine for communication with the computing device of the remote user, the interface engine comprising at least one of;
  
  an application programming interface, and an application configured to generate a user interface to interact with the remote user through the computing device of the remote user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Edward Bialek, Mayida Zaal
Original Assignee
Edward Bialek, Mayida Zaal
Inventors
Williams, Henry R.
Primary Examiner(s)
Lagor, Alexander
Assistant Examiner(s)
BECHTEL, KEVIN M

Application Number

US14/487,259
Publication Number

US 20160364577A1
Time in Patent Office

924 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 21/86   Secure or tamper-resistant ...

G06F 2212/1052   Security improvement

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/083   using passwords cryptograph...

H04L 63/108   when the policy decisions a...

H04L 63/166   at the transport layer

Compromise free cloud data encryption and security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

5 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

Compromise free cloud data encryption and security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others