WO2008065351A1 - Self encryption - Google Patents
Self encryption Download PDFInfo
- Publication number
- WO2008065351A1 WO2008065351A1 PCT/GB2007/004440 GB2007004440W WO2008065351A1 WO 2008065351 A1 WO2008065351 A1 WO 2008065351A1 GB 2007004440 W GB2007004440 W GB 2007004440W WO 2008065351 A1 WO2008065351 A1 WO 2008065351A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- encryption
- chunking
- network
- identify
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/30—Compression, e.g. Merkle-Damgard construction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Definitions
- This present invention overcomes these issues by first obfuscating the data, by splitting it into smaller elements, then swapping parts of that data around in a manner to make every element useless on its own, and preferably using known information from the preferably smaller elements or chunks as encryption data that will allow the other elements to be encrypted. This allows data to be hidden and encrypted in such a way, that any attacker would require to obtain all data elements and know the manner in which they connect together and also then crack the encryption used. Even if the data chunks were not encrypted and their encryption was broken, they are useless on their own.
- WO2005093582 discloses method of encryption where data is secured in the receiving node via private tag for anonymous network browsing.
- other numerous encryption methods are also available such as (i) implantation of Reed Solomon algorithm (WO02052787), which ensures data is coded in parabolic fashion for self-repairing and storage, (ii) storage involves incremental backup (WO02052787), (ii) uses stenographic (US2006177094), (iv) use cipher keys (CN1620005), encryption for non text (US2006107048) and US2005108240 discloses user keys and randomly generated leaf node keys.
- the present invention uses none of these methods of encryption and in particular ensures all chunks are unique and do not point to another for security (an issue with Reed Solomon and N + K implementations of parabolic coding)
- US2003053053625 discloses limitation of asymmetrical and symmetrical encryption algorithms, and particularly not requiring generation of a key stream from symmetric keys, nor requiring any time synchronizing, with minimal computational complexity and capable of operating at high speed.
- a serial data stream to be securely transmitted is first demultiplexed into a plurality N of encryptor input data stream.
- the input data slices are created which have a cascade of stages, include mapping & delay functions to generate output slices. These are transmitted though a transmission channel.
- Decryptor applies inverse step of cascade of stages, equalizing delay function and mapping to generate output data slices.
- the output data streams are multiplexed.
- the encryptor and decryptor require no synchronizing or timing and operate in simple stream fashion.
- N:N mapping does not require expensive arithmetic and implemented in table lookup. This provides robust security and efficiency.
- a significant difference between this approach and prior cipher method is that the session key is used to derive processing parameters (tables and delays) of the encryptor and decryptor in advance of data transmission. Instead of being used to generate a key stream at real-time rates. Algorithm for generating parameters from a session key is disclosed. This is a data communications network and not related to current invention.
- US2002184485 addresses secure communication, by encryption of message (SSDO-self signing document objects), such that only known recipient in possession of a secret key can read the message and verification of message, such that text and origin of message can be verified. Both capabilities are built into message that can be transmitted over internet and decrypted or verified by computer implementing a document representation language that supports dynamic content e.g. any standard web browser, such that elaborate procedures to ensure transmitting and receiving computers have same software are no longer necessary. Encrypted message or one encoded for verification can carry within itself all information needed to specify the algorithm needed . for decryption.
- a system of self encryption which has the functional elements of:
- a system to provide self-encryption in a distributed network which is made of inter linkage all or some of the following elements;
- a product for self-encryption in a distributed network which is made of inter linkage all or some of the following elements;
- a product for self-encryption in a distributed network which is made of inter linkage all or some of the following elements and sub-elements;
- a content swapping such as byte swapping
- MID - this is the base ID and is mainly used to store and forget files. Each of these operations will require a signed request. Restoring may simply require a request with an ID attached.
- PMID - This is the proxy mid which is used to manage the receiving of instructions to the node from any network node such as get/ put / forget etc.
- TMID - This is today's ID a one time ID as opposed to a one time password. This is to further disguise users and also ensure that their MID stays as secret as possible.
- MAID - this is basically the hash of and actual public key of the MID. This ID is used to identify the user actions such as put / forget / get on the maidsafe.net network. This allows a distributed PKI infrastructure to exist and be automatically checked.
- KID - Kademlia ID this can be randomly generated or derived from known and preferably anonymous information such as an anonymous public key hash as with the MAID.. In this case we use kademlia as the example overlay network although this can be almost any network environment at all.
- MSID - maidsafe.net Share ID an ID and key pair specifically created for each share to allow users to interact with shares using a unique key not related to their MID which should always be anonymous and separate.
- the Self Encryption invention consists of 4 key functional elements, with a further 5 functional elements being linked with.
- the key functional elements are:
- the linked functional elements are:
- the self-encryption (PT2) itself is made up from linkage of elements, storing file (P6), duplicate removal (P5), chunking (P7) and encryption / decryption (P8) which allows a self-encryption process to provide security and global duplicate data removal.
- storing file element is preferably dependent upon sub-elements storage and retrieval (P4) and sub-element identify chunks (P9) and generate sub-element self-healing (P2)
- duplicate removal element is preferably dependent on sub- element identify chunks (P9)
- chunking element generate sub- element identify chunks (P9)
- encryption / decryption element can be provided by sub-element provision of keys (P13) to ensure validity of generating or requesting nodes anonymous identity (e.g. we don't know who it is but we know it was the node that put the chunk there) thereby ensuring security availability (P3).
- files are split preferably using an algorithm to work out the chunk size into several component parts.
- the size of the parts is preferably worked out from known information about the file as a whole, preferably the hash of the complete file. This information is run through an algorithm such as adding together the first x bits of the known information and using modulo division to give a chunk size that allows the file to preferably split into at least three parts.
- Preferably known information from each chunk is used as an encryption key. This is preferably done by taking a hash of each chunk and using this as the input to an encryption algorithm to encrypt another chunk in the file. Preferably this is a symmetrical algorithm such as AES256.
- this key is input into a password creating algorithm such as pbkdf and an initial vector and key calculated from that.
- a password creating algorithm such as pbkdf
- an initial vector and key calculated from that.
- the iteration count for the pbkdf is calculated from another piece of known information, preferably the sum of bits of another chunk or similar.
- each initial chunk hash and the final hash after encryption are stored somewhere for later decryption.
- chunk 1 byte 1 swapped with bytei of chunk 2 b. chunk 2 byte 2 swapped with byte 1 chunk 3 c. chunk 3 byte 2 swapped with byte 2 of chunk 1 d. This repeats until all bytes swapped and then repeats the same number of times as there are chunks with each iteration making next chunk first one e. - i.e. second time round chunk 2 is starting position
- the file is marked as backed up.
- data chunked and ready for storing can be stored on a distributed network but a search should preferably be carried out for the existence of all associated chunks created.
- the locations of the chunks Preferably have the same ranking (From earlier ranking system) as user or better, otherwise the existing chunks on the net are promoted to a location of equivalent rank at least. If all chunks exist then the file is considered as already backed up. If less than all chunks exist then this will preferably be considered as a collision (after a time period) and the file will be re chunked using the secondary algorithms (preferably just adjusted file sizes). This allows duplicate files on any 2 or more machines to be only backed up once, although through perpetual data several copies will exist of each file, this is limited to an amount that will maintain perpetual data.
- the actual encrypting and decrypting is carried out via knowledge of the file's content and this is somehow maintained (see next).
- Keys will be generated and preferably stored for decrypting.
- Actually encrypting the file will preferably include a compression process and further obfuscation methods.
- the chunk will be stored with a known hash preferably based on the contents of that chunk.
- Decrypting the file will preferably require the collation of all chunks and rebuilding of the file itself.
- the file may preferably have its content mixed up by an obfuscation technique rendering each chunk useless on its own.
- every file will go through a process of byte (or preferably bit) swapping between its chunks to ensure the original file is rendered useless without all chunks.
- This process will preferably involve running an algorithm which preferably takes the chunk size and then distributes the bytes in a pseudo random manner preferably taking the number of chunks and using this as an iteration count for the process. This will preferably protect data even in event of somebody getting hold of the encryption keys - as the chunks data is rendered useless even if transmitted in the open without encryption.
- each file is split into small chunks and encrypted to provide security for the data. Only the person or the group, to whom the overall data belongs, will know the location of the other related but dissimilar chunks of data.
- each of the above chunks does not contain location information for any other dissimilar chunks; which provides for security of data content, a basis for integrity checking and redundancy.
- the method further comprises the step of only allowing the person (or group) to whom the data belongs to have access to it, preferably via a shared encryption technique which allows persistence of data.
- the checking of data or chunks of data between machines is carried out via any presence type protocol such as a distributed hash table network.
- a redirection record is created and stored in the super node network, (a three copy process - similar to data) therefore when a user requests a check, the redirection record is given to the user to update their database, which provides efficiency that in turn allows data resilience in cases where network churn is a problem as in peer to peer or distributed networks.
- This system message can be preferably passed via the messenger system described herein.
- the system may simply allow a user to search for his chunks and through a challenge response mechanism, locate and authenticate himself to have authority to get/forget this chunk.
Abstract
This present invention provides a method for data to be obfuscated in several ways preferably including self encryption and decryption. The data is preferably chunked, renamed, byte or bit swapped, encrypted and compressed through algorithms seeded by elements preferably derived from the data itself so that data holds the key to reversing the processes used and preferably these keys may be recorded for later use.
Description
Self Encryption
STATEMENT OF INVENTION:
An issue with today's encryption techniques is that a user's key, biometric data or passphrase is used to encrypt every data element, thereby exposing the key on every data element encrypted. Another issue is that eventually all encryption is broken given enough resources, so it is therefore safe to assume that today's strong encryption methods will not suffice in years to come. This implies that storing encrypted data now, will not necessarily protect against that data being unencrypted through some discovered process in the future.
This present invention overcomes these issues by first obfuscating the data, by splitting it into smaller elements, then swapping parts of that data around in a manner to make every element useless on its own, and preferably using known information from the preferably smaller elements or chunks as encryption data that will allow the other elements to be encrypted. This allows data to be hidden and encrypted in such a way, that any attacker would require to obtain all data elements and know the manner in which they connect together and also then crack the encryption used. Even if the data chunks were not encrypted and their encryption was broken, they are useless on their own.
BACKGROUND:
Self-encryption is only possible with combination of number of elements. Described below is prior art for each element.
ENCRYPTION
WO2005093582 discloses method of encryption where data is secured in the receiving node via private tag for anonymous network browsing. However, other numerous encryption methods are also available such as (i) implantation of Reed Solomon algorithm (WO02052787), which ensures data is coded in parabolic fashion for self-repairing and storage, (ii) storage involves incremental backup (WO02052787), (ii) uses stenographic (US2006177094), (iv) use cipher keys (CN1620005), encryption for non text (US2006107048) and US2005108240 discloses user keys and randomly generated leaf node keys. The present invention uses none of these methods of encryption and in particular ensures all chunks are unique and do not point to another for security (an issue with Reed Solomon and N + K implementations of parabolic coding)
SELF-ENCRYPTION
Attempts to moving towards attaining some limited aspects of self- encryption are demonstrated by:
(a) US2003053053625 discloses limitation of asymmetrical and symmetrical encryption algorithms, and particularly not requiring generation of a key stream from symmetric keys, nor requiring any time synchronizing, with minimal computational complexity and capable of operating at high speed. A serial data stream to be securely transmitted is first demultiplexed into a plurality N of encryptor input data stream. The input data slices are created which have a cascade of stages, include mapping & delay functions to generate output slices. These are transmitted though a transmission channel. Decryptor applies inverse step of cascade of stages, equalizing delay function and mapping to generate output data slices. The output data streams are multiplexed. The encryptor and decryptor require no synchronizing or timing and operate in simple stream fashion. N:N mapping does not require expensive arithmetic and implemented in table lookup. This provides
robust security and efficiency. A significant difference between this approach and prior cipher method is that the session key is used to derive processing parameters (tables and delays) of the encryptor and decryptor in advance of data transmission. Instead of being used to generate a key stream at real-time rates. Algorithm for generating parameters from a session key is disclosed. This is a data communications network and not related to current invention.
(b) US2002184485 addresses secure communication, by encryption of message (SSDO-self signing document objects), such that only known recipient in possession of a secret key can read the message and verification of message, such that text and origin of message can be verified. Both capabilities are built into message that can be transmitted over internet and decrypted or verified by computer implementing a document representation language that supports dynamic content e.g. any standard web browser, such that elaborate procedures to ensure transmitting and receiving computers have same software are no longer necessary. Encrypted message or one encoded for verification can carry within itself all information needed to specify the algorithm needed . for decryption.
Summary of Invention
The main embodiments of this invention are as follows:
A system of self encryption which has the functional elements of:
1. Duplicate Removal
2. Storing Files
3. Chunking
4. Encryption / Decryption
... with the additionally linked functional elements of:
1. Identify Chunks
2. Self Healing
3. Storage and Retrieval
4. Security Availability
5. Provision of Key Pairs
A system of self-encryption of data in a distributed and peer to peer network
A product for self-encryption of data in a distributed and peer to peer network
A system to provide self-encryption in a distributed network which is made of inter linkage all or some of the following elements;
a. encryption / decryption b. chunking c. duplicate removal d. storing files
A system to provide self-encryption in a distributed network which is made of inter linkage all or some of the following elements and sub- elements;
a. encryption / decryption i. key pair ii. security b. chunking i. identify chunking c. duplicate removal i. identify chunking ii. storage & retrieval iii. self healing d. storing files i. identify chunking ii. storage & retrieval iii. self healing
A product for self-encryption in a distributed network which is made of inter linkage all or some of the following elements;
a. encryption / decryption b. chunking c. duplicate removal d. storing files
A product for self-encryption in a distributed network which is made of inter linkage all or some of the following elements and sub-elements;
a. encryption / decryption i. key pair ii. security b. chunking
i. identify chunking c. duplicate removal i. identify chunking ii. storage & retrieval iii. self healing d. storing files i. identify chunking ii. storage & retrieval iii. self healing
A method of system and product for self-encryption of data in a distributed and peer to peer network
A method of above of securely protecting data in a distributed network, suitable for a self repairing process by chunking the data into many pieces.
A method of above where data privacy by byte or bit exchange and encryption is based on content derived from the data itself.
A method of above where data reconstitution capability is provided only for individuals who know of and/or have the original data elements.
A method of maximising disk space in a worldwide network by aiding the removal of duplicate files, as each data element will always produce the exact same chunks and names regardless of the actual file name itself.
A method of data encryption using only calculable elements from the file contents and not user keys or user passwords.
A method of above where the actual file is first passed though a content swapping (such as byte swapping)algorithm to completely dilute the
contents across the data element(s), thereby rendering each chunk useless even if the encryption key is known.
DESCRIPTION
Detailed Description:
(References to IDs used in descriptions of the system's functionality)
MID - this is the base ID and is mainly used to store and forget files. Each of these operations will require a signed request. Restoring may simply require a request with an ID attached.
PMID - This is the proxy mid which is used to manage the receiving of instructions to the node from any network node such as get/ put / forget etc. This is a key pair which is stored on the node - if stolen the key pair can be regenerated simply disabling the thief s stolen PMID - although there's not much can be done with a PMID key pair.
CID - Chunk Identifier, this is simply the chunkid.KID message on the net.
TMID - This is today's ID a one time ID as opposed to a one time password. This is to further disguise users and also ensure that their MID stays as secret as possible.
MPID - The maidsafe.net public ID. This is the ID to which users can add their own name and actual data if required. This is the ID for messenger, sharing, non anonymous voting and any other method that requires we know the user.
MAID - this is basically the hash of and actual public key of the MID. this ID is used to identify the user actions such as put / forget / get on the maidsafe.net network. This allows a distributed PKI infrastructure to exist and be automatically checked.
KID - Kademlia ID this can be randomly generated or derived from known and preferably anonymous information such as an anonymous public key hash as with the MAID.. In this case we use kademlia as the example overlay network although this can be almost any network environment at all.
MSID - maidsafe.net Share ID, an ID and key pair specifically created for each share to allow users to interact with shares using a unique key not related to their MID which should always be anonymous and separate.
Linked elements for Self Encryption (Figure 1 - PT2)
The Self Encryption invention consists of 4 key functional elements, with a further 5 functional elements being linked with.
The key functional elements are:
P5 - Duplicate Removal
P6 - Storing Files
P7 - Chunking
P8 - Encryption / Decryption
The linked functional elements are:
P9 - Identify Chunks
P2 - Self Healing
P4 - Storage and Retrieval
P3 - Security Availability
P13 - Provision of Key Pairs
The self-encryption (PT2) itself is made up from linkage of elements, storing file (P6), duplicate removal (P5), chunking (P7) and encryption / decryption (P8) which allows a self-encryption process to provide security
and global duplicate data removal. In addition, storing file element (P6) is preferably dependent upon sub-elements storage and retrieval (P4) and sub-element identify chunks (P9) and generate sub-element self-healing (P2), duplicate removal element (P5) is preferably dependent on sub- element identify chunks (P9), chunking element (P7) generate sub- element identify chunks (P9) and encryption / decryption element (P8) can be provided by sub-element provision of keys (P13) to ensure validity of generating or requesting nodes anonymous identity (e.g. we don't know who it is but we know it was the node that put the chunk there) thereby ensuring security availability (P3).
Chunking (Figure 1 - Pl)
According to a related aspect of this invention, files are split preferably using an algorithm to work out the chunk size into several component parts. The size of the parts is preferably worked out from known information about the file as a whole, preferably the hash of the complete file. This information is run through an algorithm such as adding together the first x bits of the known information and using modulo division to give a chunk size that allows the file to preferably split into at least three parts.
Preferably known information from each chunk is used as an encryption key. This is preferably done by taking a hash of each chunk and using this as the input to an encryption algorithm to encrypt another chunk in the file. Preferably this is a symmetrical algorithm such as AES256.
Preferably this key is input into a password creating algorithm such as pbkdf and an initial vector and key calculated from that. Preferably the iteration count for the pbkdf is calculated from another piece of known information, preferably the sum of bits of another chunk or similar.
Preferably each initial chunk hash and the final hash after encryption are stored somewhere for later decryption.
Self Encrypting Files (Figure 2a/b)
1. Take a content hash of a file or data element
2. Chunk a file with preferably a random calculable size i.e. based on an algorithm of the content hash (to allow recovery of file). Also obfuscate the file such as in 3
3. Obfuscate the chunks to ensure safety even if encryption is eventually broken (as with all encryption if given enough processing power and time)
a. chunk 1 byte 1 swapped with bytei of chunk 2 b. chunk 2 byte 2 swapped with byte 1 chunk 3 c. chunk 3 byte 2 swapped with byte 2 of chunk 1 d. This repeats until all bytes swapped and then repeats the same number of times as there are chunks with each iteration making next chunk first one e. - i.e. second time round chunk 2 is starting position
4. Take hash of each chunk and rename chunk with its hash.
5. Take h2 and first x bytes of h3 (6 in our example case) and either use modulo division or similar to get a random number between 2 fixed parameter (in our case 1000) to get a variable number. Use the above random number and h2 as the encryption key to encrypt hi or use h2 and the random number as inputs to another algorithm (pdbfk2 in our case) to create a key and ^.(initialisation vector)
6. This process may be repeated multiple times to dilute any keys throughout a series of chunks.
7. Chunk name i.e. hi (unencrypted) and Mc (and likewise for each chunk) written to a location for later recovery of the data. Added to this we can simply update such a location with new chunks if a file has been altered, thereby creating a revision control system where each file can be rebuilt to any previous state.
8. The existence of the chunk will be checked on the net to ensure it is not already backed up. All chunks may be checked at this time.
9. If a chunk exists all chunks must be checked for existence.
10. The chunk is saved
11. The file is marked as backed up.
12. If a collision is detected the process is redone altering the original size algorithm (2) to create a new chunk set, each system will be aware of this technique and will do the exact same process till a series of chunks do not collide. There will be a back off period here to ensure the chunks are not completed due to the fact another system is backing up the same file. The original chunk set will be checked frequently in case there are false chunks or ones that have been forgotten. If the original names become available the file is reworked using these parameters.
Duplicate Removal (Figure 1 - P5)
According to a related aspect of this invention, data chunked and ready for storing can be stored on a distributed network but a search should preferably be carried out for the existence of all associated
chunks created. Preferably the locations of the chunks have the same ranking (From earlier ranking system) as user or better, otherwise the existing chunks on the net are promoted to a location of equivalent rank at least. If all chunks exist then the file is considered as already backed up. If less than all chunks exist then this will preferably be considered as a collision (after a time period) and the file will be re chunked using the secondary algorithms (preferably just adjusted file sizes). This allows duplicate files on any 2 or more machines to be only backed up once, although through perpetual data several copies will exist of each file, this is limited to an amount that will maintain perpetual data.
Encrypt - Decrypt (Figure 1 - P8)
According to a related aspect of this invention, the actual encrypting and decrypting is carried out via knowledge of the file's content and this is somehow maintained (see next). Keys will be generated and preferably stored for decrypting. Actually encrypting the file will preferably include a compression process and further obfuscation methods. Preferably the chunk will be stored with a known hash preferably based on the contents of that chunk.
Decrypting the file will preferably require the collation of all chunks and rebuilding of the file itself. The file may preferably have its content mixed up by an obfuscation technique rendering each chunk useless on its own.
Preferably every file will go through a process of byte (or preferably bit) swapping between its chunks to ensure the original file is rendered useless without all chunks.
This process will preferably involve running an algorithm which preferably takes the chunk size and then distributes the bytes in a
pseudo random manner preferably taking the number of chunks and using this as an iteration count for the process. This will preferably protect data even in event of somebody getting hold of the encryption keys - as the chunks data is rendered useless even if transmitted in the open without encryption.
This defends against somebody copying all data and storing for many years until decryption of today's algorithms is possible, although this is many years away.
This also defends against somebody; instead of attempting to decrypt a chunk by creating the enormous amount of keys possible, (in the region of 2Λ54) rather instead creating the keys and presenting chunks to all keys - if this were possible (which is unlikely) a chunk would decrypt. The process defined here makes this attempt useless.
All data will now be considered to be diluted throughout the original chunks and preferably additions to this algorithm will only strengthen the process.
Security (Figure 1 - P3)
According to a related aspect of this invention, each file is split into small chunks and encrypted to provide security for the data. Only the person or the group, to whom the overall data belongs, will know the location of the other related but dissimilar chunks of data.
Preferably, each of the above chunks does not contain location information for any other dissimilar chunks; which provides for security of data content, a basis for integrity checking and redundancy.
Preferably, the method further comprises the step of only allowing the person (or group) to whom the data belongs to have access to it, preferably via a shared encryption technique which allows persistence of data.
Preferably, the checking of data or chunks of data between machines is carried out via any presence type protocol such as a distributed hash table network.
Preferably, on the occasion when all data chunks have been relocated, i.e. the user has not logged on for a while, a redirection record is created and stored in the super node network, (a three copy process - similar to data) therefore when a user requests a check, the redirection record is given to the user to update their database, which provides efficiency that in turn allows data resilience in cases where network churn is a problem as in peer to peer or distributed networks. This system message can be preferably passed via the messenger system described herein.
Preferably the system may simply allow a user to search for his chunks and through a challenge response mechanism, locate and authenticate himself to have authority to get/forget this chunk.
Further users can decide on various modes of operation preferably such as maintain a local copy of all files on their local machine, unencrypted or chunked or chunk and encrypt even local files to secure machine (preferably referred to as off line mode operation) or indeed users may decide to remove all local data and rely completely on preferably maidsafe.net or similar system to secure their data.
Claims
1. A system to provide self-encryption in a distributed network which allows the data to be chunked, renamed, byte or bit swapped, encrypted and compressed through algorithms seeded by elements derived from the data itself so that data holds the key to reversing the processes used and these are recorded for later use and aids security and duplicate removal on a network wide basis this system comprises of combination of following steps; a. encryption / decryption b. chunking c. duplicate removal d. storing files the above combination provides a unique system with cumulative and synergistic benefits to allow people to secure communications and secure data.
2. A system of claim 1 to provide self-encryption in a distributed network which allows the data to be chunked, renamed, byte or bit swapped, encrypted and compressed through algorithms seeded by elements derived from the data itself so that data holds the key to reversing the processes used and these are recorded for later use and aids security and duplicate removal on a network wide basis this system comprises of combination of following steps; a. encryption / decryption, which further comprises of key pair and security, b. chunking, which further comprises of identify chunking, c. duplicate removal, which further comprises of identify chunking, d. storing files, which further comprises of identify chunking, storage & retrieval and self healing the above combination provides a unique system with cumulative and synergistic benefits to allow people to secure communications and secure data.
3. A product to provide self-encryption in a distributed network which allows the data to be chunked, renamed, byte or bit swapped, encrypted and compressed through algorithms seeded by elements derived from the data itself so that data holds the key to reversing the processes used and these are recorded for later use and aids security and duplicate removal on a network wide basis this product comprises of combination of following steps; e. encryption / decryption f. chunking g. duplicate removal h. storing files the above combination provides a unique product with cumulative and synergistic benefits to allow people to secure communications and secure data.
4. A product of claim 3 to provide self-encryption in a distributed network which allows the data to be chunked, renamed, byte or bit swapped, encrypted and compressed through algorithms seeded by elements derived from the data itself so that data holds the key to reversing the processes used and these are recorded for later use and aids security and duplicate removal on a network wide basis this product comprises of combination of following steps; a. encryption / decryption, which further comprises of key pair and security, b. chunking, which further comprises of identify chunking, c. duplicate removal, which further comprises of identify chunking, d. storing files, which further comprises of identify chunking, storage & retrieval and self healing the above combination provides a unique system with cumulative and synergistic benefits to allow people to secure communications and secure data
5. A method of claim 1-4 where it is to identify data elements using a data map with only a sequence of content hashes for each chunk of data before and after encryption;
6. A method of claims 1-5 storing and retrieving these maps on an insecure network;
7. A method of claim 5 where each, new iteration of a data element is appended to the data map to create a strong revision control system;
8. A method of claim 5 where data elements are obfuscated by encryption or other obfuscation technique, or similar, can be reconstructed in conjunction with the data map;
9. A method of claim 5 where the maps can be stored in private or public locations and/or biometrically accessed;
10. A system of claims 1-2 which allows data to have multiple locations, revisions and encryption or other obfuscation techniques and for the pointer to the data to be a very small file containing the basic information to reconstitute a complete data element at any time from any location on the network;
11. A system of claims 1-2 which allows the identification of which chunks to make up which files;
12. A system of claims 1-2 which allows data maps which preferably become discreet data chunks on the network, just like any other associated data element and are therefore undetectable as data maps;
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0624058.4 | 2006-12-01 | ||
GB0624058A GB2446200A (en) | 2006-12-01 | 2006-12-01 | Encryption system for peer-to-peer networks which relies on hash based self-encryption and mapping |
GB0709761.1A GB2444343B (en) | 2006-12-01 | 2007-05-22 | Self encryption |
GB0709761.1 | 2007-05-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2008065351A1 true WO2008065351A1 (en) | 2008-06-05 |
Family
ID=39102993
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB2007/004440 WO2008065351A1 (en) | 2006-12-01 | 2007-11-21 | Self encryption |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2008065351A1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102402488A (en) * | 2010-09-16 | 2012-04-04 | 电子科技大学 | Encryption scheme for disk-based deduplication system (ESDS) |
US8238552B2 (en) | 2009-02-13 | 2012-08-07 | Guidance Software, Inc. | Password key derivation system and method |
EP2873187A1 (en) * | 2012-04-16 | 2015-05-20 | Maidsafe.net Limited | Method of encrypting data |
US10142397B2 (en) | 2016-04-05 | 2018-11-27 | International Business Machines Corporation | Network file transfer including file obfuscation |
US10216940B2 (en) * | 2015-03-27 | 2019-02-26 | Change Healthcare Holdings, Llc | Systems, methods, apparatuses, and computer program products for truncated, encrypted searching of encrypted identifiers |
WO2020036650A3 (en) * | 2018-04-25 | 2020-03-26 | The Regents Of The University Of California | Compact key encoding of data for public exposure such as cloud storage |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5727062A (en) * | 1995-07-06 | 1998-03-10 | Ritter; Terry F. | Variable size block ciphers |
WO1999037054A1 (en) * | 1998-01-16 | 1999-07-22 | Kent Ridge Digital Labs | A method of data storage and apparatus therefor |
US20020038296A1 (en) * | 2000-02-18 | 2002-03-28 | Margolus Norman H. | Data repository and method for promoting network storage of data |
WO2003012666A1 (en) * | 2001-07-27 | 2003-02-13 | Digital Doors, Inc. | Computer software product for data security of sensitive words characters or icons |
-
2007
- 2007-11-21 WO PCT/GB2007/004440 patent/WO2008065351A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5727062A (en) * | 1995-07-06 | 1998-03-10 | Ritter; Terry F. | Variable size block ciphers |
WO1999037054A1 (en) * | 1998-01-16 | 1999-07-22 | Kent Ridge Digital Labs | A method of data storage and apparatus therefor |
US20020038296A1 (en) * | 2000-02-18 | 2002-03-28 | Margolus Norman H. | Data repository and method for promoting network storage of data |
WO2003012666A1 (en) * | 2001-07-27 | 2003-02-13 | Digital Doors, Inc. | Computer software product for data security of sensitive words characters or icons |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8238552B2 (en) | 2009-02-13 | 2012-08-07 | Guidance Software, Inc. | Password key derivation system and method |
CN102402488A (en) * | 2010-09-16 | 2012-04-04 | 电子科技大学 | Encryption scheme for disk-based deduplication system (ESDS) |
EP2873187A1 (en) * | 2012-04-16 | 2015-05-20 | Maidsafe.net Limited | Method of encrypting data |
US10216940B2 (en) * | 2015-03-27 | 2019-02-26 | Change Healthcare Holdings, Llc | Systems, methods, apparatuses, and computer program products for truncated, encrypted searching of encrypted identifiers |
US10142397B2 (en) | 2016-04-05 | 2018-11-27 | International Business Machines Corporation | Network file transfer including file obfuscation |
US10826969B2 (en) | 2016-04-05 | 2020-11-03 | International Business Machines Corporation | Network file transfer including file obfuscation |
WO2020036650A3 (en) * | 2018-04-25 | 2020-03-26 | The Regents Of The University Of California | Compact key encoding of data for public exposure such as cloud storage |
US11334676B2 (en) | 2018-04-25 | 2022-05-17 | The Regents Of The University Of California | Compact key encoding of data for public exposure such as cloud storage |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11108753B2 (en) | Securing files using per-file key encryption | |
CN108809652B (en) | Block chain encrypted account book based on secret sharing | |
US20030174840A1 (en) | Encryption method for preventing unauthorized dissemination of protected data | |
CN107453880B (en) | Cloud data secure storage method and system | |
WO2008065351A1 (en) | Self encryption | |
Kumar et al. | Efficient and secure cloud storage for handling big data | |
WO2017033843A1 (en) | Searchable cryptograph processing system | |
JPH11215117A (en) | Method and device for key encoding and recovery | |
Jeyaselvi et al. | Cyber security-based multikey management system in cloud environment | |
Mahalakshmi et al. | Effectuation of secure authorized deduplication in hybrid cloud | |
GB2444343A (en) | Encryption system for peer-to-peer networks in which data is divided into chunks and self-encryption is applied | |
Li et al. | A data assured deletion scheme in cloud storage | |
Abo-Alian et al. | Auditing-as-a-service for cloud storage | |
JP2021534443A (en) | Methods and systems for securing data | |
CN1558580B (en) | A network data safety protection method based on cryptography | |
CN116248289A (en) | Industrial Internet identification analysis access control method based on ciphertext attribute encryption | |
Senthil Kumari et al. | Key derivation policy for data security and data integrity in cloud computing | |
CN115412236A (en) | Method for key management and password calculation, encryption method and device | |
Ma et al. | A secure and efficient data deduplication scheme with dynamic ownership management in cloud computing | |
CN114036541A (en) | Application method for compositely encrypting and storing user private content | |
CN113656818A (en) | No-trusted third party cloud storage ciphertext duplication removing method and system meeting semantic security | |
Sri et al. | SECURE FILE STORAGE USING HYBRID CRYPTOGRAPHY | |
Sri et al. | Concealing the Data using Cryptography | |
Venkatesh et al. | Secure authorised deduplication by using hybrid cloud approach | |
Nandini et al. | Implementation of hybrid cloud approach for secure authorized deduplication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07824654 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07824654 Country of ref document: EP Kind code of ref document: A1 |