Securely Storing and Accessing Data

US 20080189297A1
Filed: 08/14/2006
Published: 08/07/2008
Est. Priority Date: 08/22/2005
Status: Abandoned Application

First Claim

Patent Images

1. A data storage server comprising:

a first memory for storing a plurality of data blocks, wherein each data block is associated with at least one member of a group, each of the group members having a shared secret;

a second memory for storing, in association with each data block, a tag, the tag having been generated using said shared secret and an identity of the member associated with the data block;

a receiver, for receiving a request sent from a group member to the data storage server, the request containing the tag of another group member;

a processor for, upon receipt of said request, identifying said tag; and

a transmitter for sending to the requesting member the data block associated with the tag.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of allowing members of a group to access a plurality of data blocks stored at one or more storage locations, where each data block is associated with at least one of the members. The method comprises providing each of the group members with a shared secret, storing at a storage location, in association with each data block, a tag, the tag having been generated using said shared secret and an identity of the member associated with the data block, sending a request from a group member to a storage location, the request containing the tag of another group member, and upon receipt of said request at the storage location, identifying said tag and sending to the requesting member the data block associated with the tag.

24 Citations

View as Search Results

19 Claims

1. A data storage server comprising:
- a first memory for storing a plurality of data blocks, wherein each data block is associated with at least one member of a group, each of the group members having a shared secret;
  
  a second memory for storing, in association with each data block, a tag, the tag having been generated using said shared secret and an identity of the member associated with the data block;
  
  a receiver, for receiving a request sent from a group member to the data storage server, the request containing the tag of another group member;
  
  a processor for, upon receipt of said request, identifying said tag; and
  
  a transmitter for sending to the requesting member the data block associated with the tag.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The data storage server according to claim 1, the data storage server being operable for storing the data blocks at the data storage server by the group members either directly or via a group manager, the group manager for distributing the shared secret over a secure communication channel.
  - 3. The data storage server according to claim 1, wherein the shared secret is not known to the data storage server.
  - 4. The data storage server according to claim 1, comprising means to encrypt the data block sent to the requesting member.
  - 5. The data storage server according to claim 1, wherein the first and second memories are embodied in a common memory.

6. A user terminal for use by a user who is a member of a group, the terminal comprising:
- a memory for storing the identities of other group members, and a shared secret; and
  
  processing and transceiver means for generating and sending a request to a data storage server, the request containing the tag of another group member and the tag being generated or identified using the identity of the another group member and the shared secret, and for receiving from the data storage server data associated with the other member.
- View Dependent Claims (7)
- - 7. The user terminal according to claim 6, comprising means to encrypt messages sent to the data storage server.

8. A method of allowing members of a group to access a plurality of data blocks stored at one or more storage locations, where each data block is associated with at least one of the members, the method comprising;
- providing each of the group members with a shared secret;
  
  storing at a storage location, in association with each data block, a tag, the tag having been generated using said shared secret and an identity of the member associated with the data block;
  
  sending a request from a group member to a storage location, the request containing the tag of another group member; and
  
  upon receipt of said request at the storage location, identifying said tag and sending to the requesting member the data block associated with the tag.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The method according to claim 8, wherein said shared secret is distributed to the group members by a group manager over a secure communication channel.
  - 10. The method according to claim 9, wherein the data blocks are stored by the group members at a storage location either directly, or via the group manager.
  - 11. The method according to claim 8 wherein the shared secret is not known to each storage location.
  - 12. The method according to claim 8 wherein the group members and each storage location are provided with keys of an asymmetrical key pair, and data sent between the group members and the storage location(s) in one direction is encrypted with a first of the keys, whilst a second of the keys is used to encrypt data sent in the other direction.
  - 13. The method according to claim 8 wherein group members are provided with a public key and a storage location for each of the other group members, and the data blocks stored at the storage location(s) are encrypted with the private key of the owning group member.
  - 14. The method according to claim 8 wherein a group member'"'"'s tag is generated by applying a one-way function to the member'"'"'s identity concatenated with the shared secret.
  - 15. The method according to claim 14, wherein the one way function is a hash function.
  - 16. The method according to claim 8 wherein the message exchange between the member and the storage location is encrypted.
  - 17. The method according to claim 8 wherein a group manager is provided that is able to authenticate and authorize each of the group members.

18. An Apparatus for allowing members of a group to access a plurality of data blocks, where each data block is associated with at least one of the members, the apparatus comprising:
- a user terminal associated with each group member, each user terminal comprising a memory for storing the identities of other group members, and a shared secret; and
  
  one or more data storage servers, the o each data storage server comprising a memory for storing a data block for each of one or more of the group members, and a tag for each data block, the tag having been generated using said shared secret and an identity of the member associated with the data block,wherein each user terminal comprises processing and transceiver means for generating and sending a request to a data storage server, the request containing the tag of another group member, and the each data storage server comprises processing and transceiver means for receiving said request, identifying said tag, and sending to the requesting terminal the data block associated with that tag.
- View Dependent Claims (19)
- - 19. The Apparatus according to claim 18, further comprising a group manager, the group manager comprising means to distribute the shared secret to the group members.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Schultz, Carl Goran

Application Number

US12/064,261
Publication Number

US 20080189297A1
Time in Patent Office

Days
Field of Search
US Class Current

707/10
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

H04L 63/0442   wherein the sending and rec...

H04L 63/065   for group communications cr...

H04L 9/0833   involving conference or gro...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3234   involving additional secure...

Securely Storing and Accessing Data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Securely Storing and Accessing Data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links