Secure Network Storage
Abstract
This invention includes apparatus, systems, and methods to secure data in a remote storage device where an end-point device does not have direct access to the storage device to secure the data, or the end-point device does not trust the storage device to adequately secure the data, comprising securing an authenticated communication between the end-point device and a synchronized storage server via a communication network. The synchronized storage server sends the end-point device a notification including the root folder list. The end-point device compares the sent root folder list to a previously stored root folder list in the end-point devices' memory. If the end-point device detects either a new root folder on the synchronized storage server, a change in an existing folder, or deleted content in a folder the end-point device will determine that a change is required to the stored data. Next the end-point device will synchronize with the synchronized storage server and create a new storage list. Finally, the synchronized storage server will send the end-point device a new encrypted folder encryption key which includes the encrypted file contents along with identifying information such as the server name and revision information.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A system for securing data comprising:
a first device with a data folder, wherein the first device is enabled to encrypt the data folder with a folder encryption key and send a resulting encrypted data folder and the folder encryption key to a server; an access control list used by the server to identify that a second device is authorized to access the encrypted data folder and the folder encryption key; the server enabled to encrypt the folder encryption key with a public key of the second device to produce an encrypted folder encryption key, and send the encrypted data folder, and the encrypted folder encryption key to the second device; and the second device enabled to decrypt the encrypted folder encryption key with a private key of the second device to produce the folder encryption key, and use the folder encryption key to decrypt the encrypted data folder to produce the data folder.
2 . The system of claim 1 , wherein the end-point device include smart phones, tablet PC's, notebook PC's, desktop PC's, remote monitoring devices, cameras, sensors, or any other device that transmits data via a network.
3 . The system of claim 1 , wherein the synchronized storage server comprises physical storage devices such as a hard drive, series of hard drives, SSD memory, SD Card, or any other type of local volatile or volatile memory.
4 . The system of claim 1 , wherein the synchronized storage server comprises a cloud storage device, such as Amazon Storage, Google Cloud Storage, or any other commercially available remote network storage service.
5 . The system of claim 1 , wherein the synchronized storage server uses cloud storage to store the data, but maintains metadata and folder encryption keys locally on the synchronized storage server.
6 . A method for securing data comprising:
a server receiving an encrypted folder and a first folder encryption key from a first device, wherein the encrypted folder is encrypted using the first folder encryption key; the server referring to an access control list to identify a second device that is authorized to access the encrypted folder; the server encrypting the first folder encryption key with a public key of the second device to produce an encrypted first folder encryption key; the server creating a root folder list; and the server sending the root folder list, encrypted folder, and encrypted first folder encryption key to the second device enabling the second device to decrypt the encrypted first folder encryption key to produce the first folder encryption key and use the first folder encryption key to decrypt the encrypted folder and produce a folder.
7 . The method of claim 6 , wherein the synchronized storage server encrypts each folder encryption key uniquely for each end-point device using the public keys for each end-point device.
8 . The method of claim 6 , wherein the access control list and folder encryption key apply to all files in a folder.
9 . The method of claim 6 , wherein new folders have the option to inherit the permissions and folder encryption key from a parent folder or get unique permissions and a unique folder encryption key.
10 . The method of claim 6 , wherein a change made to the folder originating at the first device, results in the first device uploading the latest encrypted folder to the server.
11 . The method of claim 6 , wherein a change made to the folder originating at the second device, results in the first device downloading the latest encrypted folder from the server.
12 . The method of claim 6 , wherein an unauthorized device is restricted from accessing an encrypted folder when the folder is encrypted with a new folder encryption key and the unauthorized device is not provided the second folder encryption key.
13 . A method for securing data comprising:
a device comparing an updated root folder list to a previously stored root folder list wherein a difference in the updated root folder list compared to the previously stored root folder list indicates a changed folder; the device receiving an encrypted changed folder and an encrypted folder encryption key from the server; the device decrypting the encrypted folder encryption key to produce a folder encryption key; the device using the folder encryption key to decrypt the encrypted changed folder to produce the changed folder.
14 . The method of claim 13 , wherein the folder includes management rules based on factors such as temporal, location, identity, and activity to prevent the folder from spreading to an unauthorized device, the temporal rules used to trigger the distribution of the root folder list and the synchronization process to revoke access to the folder.
15 . The method of claim 13 , wherein the folder includes a rule to revoke access to the folder when the folder has been inactive for a predetermined amount of time.
16 . The method of claim 13 , wherein the folder includes a temporal rule where access to the folder is revoked after a predetermined amount of time.
17 . The method of claim 13 , wherein the folder includes a rule where access to the folder is based on geospatial limitations including the device given access to the folder only when the device is within a geospatial boundary and access revoked when the device goes outside the geospatial boundary.
18 . The method of claim 13 , wherein an unauthorized device is restricted from accessing an encrypted folder when the folder is encrypted with a new folder encryption key and the unauthorized device is not sent the new folder encryption key.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.