GB2444343A - Encryption system for peer-to-peer networks in which data is divided into chunks and self-encryption is applied - Google Patents

Encryption system for peer-to-peer networks in which data is divided into chunks and self-encryption is applied Download PDF

Info

Publication number
GB2444343A
GB2444343A GB0709761A GB0709761A GB2444343A GB 2444343 A GB2444343 A GB 2444343A GB 0709761 A GB0709761 A GB 0709761A GB 0709761 A GB0709761 A GB 0709761A GB 2444343 A GB2444343 A GB 2444343A
Authority
GB
United Kingdom
Prior art keywords
encryption
data
chunking
chunks
self
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0709761A
Other versions
GB0709761D0 (en
GB2444343B (en
Inventor
David Irvine
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of GB0709761D0 publication Critical patent/GB0709761D0/en
Priority to PCT/GB2007/004440 priority Critical patent/WO2008065351A1/en
Publication of GB2444343A publication Critical patent/GB2444343A/en
Application granted granted Critical
Publication of GB2444343B publication Critical patent/GB2444343B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • H04L67/1078Resource delivery mechanisms
    • H04L67/108Resource delivery mechanisms characterised by resources being split in blocks or fragments
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • H04L29/06659
    • H04L29/06687
    • H04L29/08306
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A file is divided into chunks 2 and small data elements, such as bytes, are permuted between the chunks 3. Each chunk is hashed 4 to form a chunk hash, and each chunk hash is encrypted using one or more other chunk hashes 5 in a self-encryption process. Self-encryption involves obfuscation using algorithms seeded by elements preferably derived from the data itself so that the data holds the key to reversing the processes. The chunk hashes and the encrypted chunk hashes are constituents of a mapping function. The chunks are distributed across various nodes of a peer-to-peer network. The permutation of the chunks contributes towards the effective encryption of the file. The file can be recovered using the mapping function. Also disclosed is "duplicate removal" and "storing files".

Description

STATEMENT OF INVENTION:
8 An issue with today's encryption techniques is that a user's key, 9 biometric data or passphrase is used to encrypt every data element, thereby exposing the key on every data element encrypted. Another 11 issue is that eventually all encryption is broken given enough resources, 12 so it is therefore safe to assume that today's strong encryption methods 13 will not suffice in years to come. This implies that storing encrypted data 14 now, will not necessarily protect against that data being unencrypted through some discovered process in the future.
16 This present invention overcomes these issues by first obfuscating the 17 data, by splitting it into smaller elements, then swapping parts of that 18 data around in a manner to make every element useless on its own, 19 and preferably using known information from the preferably smaller elements or chunks as encryption data that will allow the other elements 21 to be encrypted. This allows data to be hidden and encrypted in such a 22 way, that any attacker would require to obtain all data elements and 23 know the manner in which they connect together and also then crack 24 the encryption used. Even if the data chunks were not encrypted and their encryption was broken, they are useless on their own.
BACKGROUND.
26 Selfencryption is only possible with combination of number of 27 elements. Described below is prior art for each element.
28 ENCRYPTION 29 W02005093582 discloses method of encryption where data is secured in the receiving node via private tag for anonymous network browsing.
31 However, other numerous encryption methods are also available such 32 as (I) implantation of Reed Solomon algorithm (W002052787), which 33 ensures data is coded in parabolic fashion for self-repairing and 34 storage1 (ii) storage involves incremental backup (W002052787), (ii) uses stenographic (US2006177094), (iv) use cipher keys (CN1620005), 36 encryption for non text (US20061 07048) and US20051 08240 discloses 37 user keys and randomly generated leaf node keys. The present 38 invention uses none of these methods of encryption and in particular 39 ensures all chunks are unique and do not point to another for security (an issue with Reed Solomon and N + K implementations of parabolic 41 coding) 43 SELF-ENcRYPTION 44 Attempts to moving towards attaining some limited aspects of self-encryption are demonstrated by: 46 (a) US2003053053625 discloses limitation of asymmetrical and 47 symmetrical encryption algorithms, and particularly not requiring 48 generation of a key stream from symmetric keys, nor requiring any time 49 synchronizing, with minimal computational complexity and capable of operating at high speed. A serial data stream to be securely transmitted 51 is first demultiplexed into a plurality N of encryptor input data stream.
52 The input data slices are created which have a cascade of stages, 53 include mapping & delay functions to generate output slices. These are 54 transmitted though a transmission channel. Decryptor applies inverse step of cascade of stages, equalizing delay function and mapping to 56 generate output data slices. The output data streams are multiplexed.
57 The encryptor and decryptor require no synchronizing or timing and 58 operate in simple stream fashion. N:N mapping does not require 59 expensive arithmetic and implemented in table lookup. This provides robust security and efficiency. A significant difference between this 61 approach and prior cipher method is that the session key is used to 62 derive processing parameters (tables and delays) of the encryptor and 63 decryptor in advance of data transmission. Instead of being used to 64 generate a key stream at real-time rates. Algorithm for generating parameters from a session key is disclosed. This is a data 66 communications network and not related to current invention.
67 (b) US2002184485 addresses secure communication, by encryption of 68 message (SSDO-self signing document objects), such that only known 69 recipient in possession of a secret key can read the message and verification of message, such that text and origin of message can be 71 verified. Both capabilities are built into message that can be transmitted 72 over internet and decrypted or verified by computer implementing a 73 document representation language that supports dynamic content e.g. 74 any standard web browser, such that elaborate procedures to ensure transmitting and receiving computers have same software are no longer 76 necessary. Encrypted message or one encoded for verification can 77 carry within itself all information needed to specify the algorithm needed 78 for decryption.
Summary of Invention
79 The main embodiments of this invention are as follows: A system of self encryption which has the functional elements of: 81 1. Duplicate Removal 82 2. Storing Files 83 3. Chunking 84 4. Encryption / Decryption 85... with the additionally linked functional elements of: 86 1. Identify Chunks 87 2. Self Healing 88 3. Storage and Retrieval 89 4. Security Availability 5. Provision of Key Pairs 91 A system of self-encryption of data in a distributed and peer to peer 92 network 93 A product for self-encryption of data in a distributed and peer to peer 94 network A system to provide self-encryption in a distributed network which is 96 made of inter linkage all or some of the following elements; 97 a. encryption / decryption 98 b. chunking 99 c. duplicate removal d. storing files 101 A system to provide self-encryption in a distributed network which is 102 made of inter linkage all or some of the following elements and sub- 103 elements; 104 a. encryption / decryption i. key pair 106 ii. security 107 b chunking 108 i. identify chunking 109 c. duplicate removal i. identify chunking 111 ii. storage & retrieval 112 iii. self healing 113 d. storing fUes 114 i. identify chunking ii. storage & retrieval 116 iii. self healing 117 A product for self-encryption in a distributed network which is made of 118 inter linkage all or some of the following elements; 119 a, encryption / decryption b. chunking 121 c. duplicate removal 122 d. storing files 123 A product for self-encryption in a distributed network which is made of 124 inter linkage all or some of the following elements and sub-elements; a encryption / decryption 126 i. key pair 127 ii. security 128 b. chunkirig (p - 129 i. identify chunking c. duplicate removal 131 i. identify chunking 132 ii. storage & retrieval 133 iii self healing 134 d. storing files i. identify chunking 136 ii. storage & retrieval 137 iii. self healing 138 A method of system and product for self-encryption of data in a 139 distributed and peer to peer network A method of above of securely protecting data in a distributed network, 141 suitable for a self repairing process by chunking the data into many 142 pieces.
143 A method of above where data privacy by byte or bit exchange and 144 encryption is based on content derived from the data itself.
A method of above where data reconstitution capability is provided only 146 for individuals who know of and/or have the original data elements.
147 A method of maximising disk space in a worldwide network by aiding 148 the removal of duplicate files, as each data element will always produce 149 the exact same chunks and names regardless of the actual file name itself.
151 A method of data encryption using only calculable elements from the file 152 contents and not user keys or user passwords.
153 A method of above where the actual file is first passed though a content 154 swapping (such as byte swapping)algorithm to completely dilute the contents across the data element(s), thereby rendering each chunk 156 useless even if the encryption key is known.
DESCRIPTION
Detailed Description:
157 (References to I Os used in descriptions of the system's functionality) 158 MID -this is the base ID and is mainly used to store and forget files.
159 Each of these operations will require a signed request. Restoring may simply require a request with an ID attached.
161 PMID -This is the proxy mid which is used to manage the receiving of 162 instructions to the node from any network node such as get/ put / forget 163 etc This is a key pair which is stored on the node -if stolen the key pair 164 can be regenerated simply disabling the thief's stolen PMID -although there's not much can be done with a PMID key pair.
166 CID -Chunk Identifier, this is simply the chunkid.KID message on the 167 net.
168 TMID -This is today's ID a one time ID as opposed to a one time 169 password. This is to further disguise users and also ensure that their MID stays as secret as possible.
171 MPID -The maidsafe.net public ID. This is the IDto which users can 172 add their own name and actual data if required. This is the ID for 173 messenger, sharing, non anonymous voting and any other method that 174 requires we know the user.
MAID -this is basically the hash of and actual public key of the MID.
176 this ID is used to identify the user actions such as put / forget / get on 177 the maidsafe.net network. This allows a distributed PKI infrastructure to 178 exist and be automatically checked.
179 KID -Kademlia ID this can be randomly generated or derived from known and preferably anonymous information such as an anonymous 181 public key hash as with the MAID.. In this case we use kademlia as the 182 example overlay network although this can be almost any network 183 environment at all.
184 MSID -maidsafe.net Share ID, an ID and key pair specifically created for each share to allow users to interact with shares using a unique key 186 not related to their MID which should always be anonymous and 187 separate Linked elements for Self Encryption (Figure 1 -PT2) 188 The Self Encryption invention consists of 4 key functional elements, with 189 a further 5 functional elements being linked with The key functional elements are 191 P5-Duplicate Removal 192 P6 -Storing Files 193 P7 -Chunking 194 P8 -Encryption I Decryption The linked functional elements are: 196 P9 -Identify Chunks 197 P2 -Self Healing 198 P4 -Storage and Retrieval 199 P3 -Security Availability P13 -Provision of Key Pairs 202 The self-encryption (PT2) itself is made up from linkage of elements, 203 storing file (P6), duplicate removal (P5), chunking (P7) and encryption I 204 decryption (P8) which allows a self-encryption process to provide security to 205 and global duplicate data removal. In addition, storing file element (P6) is 206 preferably dependent upon sub-elements storage and retrieval (P4) and 207 sub-element identify chunks (P9) and generate sub-element self-healing 208 (P2), duplicate removal element (P5) is preferably dependent on sub- 209 element identify chunks (P9), chunking element (P7) generate sub- 210 element identify chunks (P9) and encryption / decryption element (P8) 211 can be provided by sub-element provision of keys (P 13) to ensure validity 212 of generating or requesting nodes anonymous identity (e.g. we don't 213 know who it is but we know it was the node that put the chunk there) 214 thereby ensuring security availability (P3).
Chunking (Figure 1-P7) 215 According to a related aspect of this invention, files are split 216 preferably using an algorithm to work out the chunk size into several 217 component parts. The size of the parts is preferably worked out from 218 known information about the file as a whole, preferably the hash of the 219 complete file. This information is run through an algorithm such as 220 adding together the first x bits of the known information and using 221 modulo division to give a chunk size that allows the file to preferably 222 split into at least three parts.
223 Preferably known information from each chunk is used as an encryption 224 key. This is preferably done by taking a hash of each chunk and using 225 this as the input to an encryption algorithm to encrypt another chunk in 226 the file. Preferably this is a symmetrical algorithm such as AES256.
227 Preferably this key is input into a password creating algorithm such as 228 pbkdf and an initial vector and key calculated from that. Preferably the 229 iteration count for the pbkdf is calculated from another piece of known 230 information, preferably the sum of bits of another chunk or similar.
231 Preferably each initial chunk hash and the final hash after encryption 232 are stored somewhere for later decryption.
Self Enctypting Files (Figure 2a/b) 233 1. Take a content hash of a file or data element 234 2. Chunk a file with preferably a random calculable size i.e. based on an 235 algorithm of the content hash (to allow recovery of file). Also obfuscate 236 thefilesuchasin3 237 3. Obfuscate the chunks to ensure safety even if encryption is eventually 238 broken (as with all encryption if given enough processing power and time) 239 a. chunk 1 byte 1 swapped with bytel of chunk 2 240 b. chunk 2 byte 2 swapped with byte I chunk 3 241 c. chunk 3 byte 2 swapped with byte 2 of chunk 1 242 d. This repeats until all bytes swapped and then repeats the same 243 number of times as there are chunks with each iteration making next 244 chunk first one 245 e. -i.e. second time round chunk 2 is starting position 246 4. Take hash of each chunk and rename chunk with its hash.
247 5. Take h2 and first x bytes of h3 (6 in our example case) and either use 248 modulo division or similar to get a random number between 2 fixed 249 parameter (in our case 1000) to get a variable number. Use the above 250 random number and h2 as the encryption key to encrypt hi or use h2 and 251 the random number as inputs to another algorithm (pdbfk2 in our case) to 252 create a key and iv.(initialisation vector) 2.
253 6. This process may be repeated multiple times to dilute any keys 254 throughout a series of chunks.
255 7. Chunk name i.e. hi (unencrypted) and hic (and likewise for each chunk) 256 written to a location for later recovery of the data. Added to this we can 257 simply update such a location with new chunks if a file has been altered, 258 thereby creating a revision control system where each file can be rebuilt 259 to any previous state.
260 8. The existence of the chunk will be checked on the net to ensure it is not 261 already backed up. All chunks may be checked at this time.
262 9. If a chunk exists all chunks must be checked for existence.
263 10. Thechunk is saved 264 11. The file is marked as backed up.
265 12. If a collision is detected the process is redone altering the original size 266 algorithm (2) to create a new chunk set, each system will be aware of this 267 technique and will do the exact same process till a series of chunks do 268 not collide. There will be a back off period here to ensure the chunks are 269 not completed due to the fact another system is backing up the same file.
270 The original chunk set will be checked frequently in case there are false 271 chunks or ones that have been forgotten. if the original names become 272 available the file is reworked using these parameters.
Duplicate Removal (Figure 1 -P5) 273 According to a related aspect of this invention, data chunked and 274 ready for storing can be stored on a distributed network but a search 275 should preferably be carried out for the existence of all associated 276 chunks created. Preferably the locations of the chunks have the same 277 ranking (From earlier ranking system) as user or better, otherwise the 278 existing chunks on the net are promoted to a location of equivalent rank 279 at least. If all chunks exist then the file is considered as already backed 280 up. If less than all chunks exist then this will preferably be considered 281 as a collision (after a time period) and the file will be re chunked using 282 the secondary algorithms (preferably just adjusted file sizes). This 283 allows duplicate files on any 2 or more machines to be only backed up 284 once, although through perpetual data several copies will exist of each 285 file, this is limited to an amount that will maintain perpetual data.
Enciypt -Deci'ypt (Figure 1 -PS) 286 According to a related aspect of this invention, the actual encrypting 287 and decrypting is carried out via knowledge of the file's content and this 288 is somehow maintained (see next). Keys will be generated and 289 preferably stored for decrypting. Actually encrypting the file will 290 preferably include a compression process and further obfuscation 291 methods. Preferably the chunk will be stored with a known hash 292 preferably based on the contents of that chunk.
293 Decrypting the file will preferably require the collation of all chunks and 294 rebuilding of the file itself. The file may preferably have its content 295 mixed up by an obfuscation technique rendering each chunk useless on 296 its own 297 Preferably every file will go through a process of byte (or preferably bit) 298 swapping between its chunks to ensure the original file is rendered 299 useless without all chunks.
300 This process will preferably involve running an algorithm which 301 preferably takes the chunk size and then distributes the bytes in a g4 302 pseudo random manner preferably taking the number of chunks and 303 using this as an iteration count for the process. This will preferably 304 protect data even in event of somebody getting hold of the encryption 305 keys -as the chunks data is rendered useless even if transmitted in the 306 open without encryption.
307 This defends against somebody copying all data and storing for many 308 years until decryption of today's algorithms is possible, although this is 309 many years away.
310 This also defends against somebody; instead of attempting to decrypt a 311 chunk by creating the enormous amount of keys possible, (in the region 312 of 2A54) rather instead creating the keys and presenting chunks to all 313 keys -if this were possible (which is unlikely) a chunk would decrypt.
314 The process defined here makes this attempt useless.
315 All data will now be considered to be diluted throughout the original 316 chunks and preferably additions to this algorithm will only strengthen 317 the process.
Security (Figure 1 -P3) 318 According to a related aspect of this invention, each file is split into 319 small chunks and encrypted to provide security for the data. Only the 320 person or the group, to whom the overall data belongs, will know the 321 location of the other related but dissimilar chunks of data.
322 Preferably, each of the above chunks does not contain location 323 information for any other dissimilar chunks; which provides for security 324 of data content, a basis for integrity checking and redundancy.
325 Preferably, the method further comprises the step of only allowing the 326 person (or group) to whom the data belongs to have access to it, 327 preferably via a shared encryption technique which allows persistence 328 of data.
329 Preferably, the checking of data or chunks of data between machines is 330 carried out via any presence type protocol such as a distributed hash
331 table network.
332 Preferably, on the occasion when all data chunks have been relocated, 333 i.e. the user has not logged on for a while, a redirection record is 334 created and stored in the super node network, (a three copy process - 335 similar to data) therefore when a user requests a check, the redirection 336 record is given to the user to update their database, which provides 337 efficiency that in turn allows data resilience in cases where network 338 churn is a problem as in peer to peer or distributed networks. This 339 system message can be preferably passed via the messenger system 340 described herein.
341 Preferably the system may simply allow a user to search for his chunks 342 and through a challenge response mechanism, locate and authenticate 343 himself to have authority to getiforget this chunk.
344 Further users can decide on various modes of operation preferably 345 such as maintain a local copy of all files on their local machine, 346 unencrypted or chunked or chunk and encrypt even local files to secure 347 machine (preferably referred to as off line mode operation) or indeed 348 users may decide to remove all local data and rely completely on 349 preferably maidsafe.net or similar system to secure their data.

Claims (12)

  1. 350 1. A system to provide self-encryption in a distributed network which is 351 made of combination and inter linkage of all or some of the following 352 elements; 353 a. encryption I decryption 354 b. chunking 355 c. duplicate removal 356 d. storing files 357
  2. 2. A system of claim 1 to provide self-encryption in a distributed network 358 which is made of combination and inter linkage of all or some of the 359 following elements and sub-elements; 360 a. encryption / decryption 361 I. key pair 362 ii. security 363 b. chunking 364 i. identify chunking 365 c. duplicate removal 366 i. identify chunking 367 ii. storage & retrieval 368 iii. self healing 369 d. storing files 370 i. identify chunking 371 ii. storage & retrieval 372 iii. self healing 373
  3. 3. A product for self-encryption in a distributed network which is made of 374 combination and inter linkage of all or some of the following elements; 375 a. encryption I decryption 376 b. chunking 377 c. duplicate removal 378 d storing files 379
  4. 4. A product for self-encryption in a distributed network which is made of 380 combination and inter linkage of all or some of the following elements and 381 sub-elements; 382 a encryption I decryption 383 i. key pair 384 ii. security 385 b. chunking 386 i. identify churiking 387 c. duplicate removal 388 I. identify chunking 389 ii. storage & retrieval 390 iii. self healing 391 d. storing files 392 i. identify chunking 393 ii. storage & retrieval 394 iii. self healing 395
  5. 5. A method of claim 1-4 where it is to identify data elements using a data 396 map with only a sequence of content hashes for each chunk of data 397 before and after encryption; 398
  6. 6. A method of claims 1-5 storing and retrieving these maps on an insecure 399 network; 400
  7. 7. A method of claim 5 where each, new iteration of a data element is 401 appended to the data map to create a strong revision control system; 402
  8. 8. A method of claim 5 where data elements are obfuscated by encryption 403 or other obfuscation technique, or similar, can be reconstructed in 404 conjunction with the data map; 405
  9. 9. A method of claim 5 where the maps can be stored in private or public 406 locations and/or biometrically accessed: 407
  10. 10. A system of claims 1-2 which allows data to have multiple locations, 408 revisions and encryption or other obfuscation techniques and for the 409 pointer to the data to be a very small file containing the basic information 410 to reconstitute a complete data element at any time from any location on 411 the network; 412
  11. 11. A system of claims 1-2 which allows the identification of which chunks to 413 make up which files; 414
  12. 12. A system of claims 1-2 which allows data maps which preferably become 415 discreet data chunks on the network, just like any other associated data 416 element and are therefore undetectable as data maps;
GB0709761.1A 2006-12-01 2007-05-22 Self encryption Active GB2444343B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/GB2007/004440 WO2008065351A1 (en) 2006-12-01 2007-11-21 Self encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0624058A GB2446200A (en) 2006-12-01 2006-12-01 Encryption system for peer-to-peer networks which relies on hash based self-encryption and mapping

Publications (3)

Publication Number Publication Date
GB0709761D0 GB0709761D0 (en) 2007-06-27
GB2444343A true GB2444343A (en) 2008-06-04
GB2444343B GB2444343B (en) 2012-04-18

Family

ID=37671713

Family Applications (2)

Application Number Title Priority Date Filing Date
GB0624058A Withdrawn GB2446200A (en) 2006-12-01 2006-12-01 Encryption system for peer-to-peer networks which relies on hash based self-encryption and mapping
GB0709761.1A Active GB2444343B (en) 2006-12-01 2007-05-22 Self encryption

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB0624058A Withdrawn GB2446200A (en) 2006-12-01 2006-12-01 Encryption system for peer-to-peer networks which relies on hash based self-encryption and mapping

Country Status (1)

Country Link
GB (2) GB2446200A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150019673A1 (en) * 2013-07-12 2015-01-15 Adobe Systems Incorporated Distributed caching in a communication network
WO2016073148A1 (en) * 2014-11-07 2016-05-12 Qualcomm Incorporated Using a hash of a filename to control encoding/decoding of a digital file
US9621586B2 (en) 2014-02-08 2017-04-11 International Business Machines Corporation Methods and apparatus for enhancing business services resiliency using continuous fragmentation cell technology
US9634995B2 (en) 2010-12-22 2017-04-25 Mat Patents Ltd. System and method for routing-based internet security

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001061563A1 (en) * 2000-02-18 2001-08-23 Avamar Technologies, Inc. Hash file system and method for use in a commonality factoring system
WO2002052787A2 (en) * 2000-12-22 2002-07-04 The Charles Stark Draper Laboratory, Inc. Message splitting and spatially diversified message routing for increasing transmission assurance and data security over distributed networks
US20020194209A1 (en) * 2001-03-21 2002-12-19 Bolosky William J. On-disk file format for a serverless distributed file system
WO2007008567A1 (en) * 2005-07-08 2007-01-18 Matsushita Electric Industrial Co., Ltd. Secure peer to peer messaging service
WO2007025998A2 (en) * 2005-08-31 2007-03-08 Nokia Siemens Networks Gmbh & Co. Kg Method and system for resource encryption and decryption

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6807632B1 (en) * 1999-01-21 2004-10-19 Emc Corporation Content addressable information encapsulation, representation, and transfer
US7412462B2 (en) * 2000-02-18 2008-08-12 Burnside Acquisition, Llc Data repository and method for promoting network storage of data
US7418454B2 (en) * 2004-04-16 2008-08-26 Microsoft Corporation Data overlay, self-organized metadata overlay, and application level multicasting
WO2005120102A1 (en) * 2004-05-19 2005-12-15 Wurld Media, Inc. Dynamic connection structure topologies and methods for facilitating the peer-to-peer transfer of digital files
FR2878673B1 (en) * 2004-11-26 2007-02-09 Univ Picardie Jules Verne Etab PERENNE DISTRIBUTED BACKUP SYSTEM AND METHOD

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001061563A1 (en) * 2000-02-18 2001-08-23 Avamar Technologies, Inc. Hash file system and method for use in a commonality factoring system
WO2002052787A2 (en) * 2000-12-22 2002-07-04 The Charles Stark Draper Laboratory, Inc. Message splitting and spatially diversified message routing for increasing transmission assurance and data security over distributed networks
US20020194209A1 (en) * 2001-03-21 2002-12-19 Bolosky William J. On-disk file format for a serverless distributed file system
WO2007008567A1 (en) * 2005-07-08 2007-01-18 Matsushita Electric Industrial Co., Ltd. Secure peer to peer messaging service
WO2007025998A2 (en) * 2005-08-31 2007-03-08 Nokia Siemens Networks Gmbh & Co. Kg Method and system for resource encryption and decryption

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Hwang, K-F and Chang, C-C, "A Self-Encryption Mechanism for Authentication of Roaming and Teleconference Services", IEEE Transactions on Wireless Communications, Vol. 2. No. 2, March 2003. *
Smith, Richard E, "Internet Cryptography", Addison Wesley Longmon, Inc. October 1997, ISBN 0-201-92480-3, pp40-41. *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9634995B2 (en) 2010-12-22 2017-04-25 Mat Patents Ltd. System and method for routing-based internet security
US9762547B2 (en) 2010-12-22 2017-09-12 May Patents Ltd. System and method for routing-based internet security
US10652214B2 (en) 2010-12-22 2020-05-12 May Patents Ltd. System and method for routing-based internet security
US11303612B2 (en) 2010-12-22 2022-04-12 May Patents Ltd. System and method for routing-based internet security
US11876785B2 (en) 2010-12-22 2024-01-16 May Patents Ltd. System and method for routing-based internet security
US20150019673A1 (en) * 2013-07-12 2015-01-15 Adobe Systems Incorporated Distributed caching in a communication network
US9900384B2 (en) * 2013-07-12 2018-02-20 Adobe Systems Incorporated Distributed caching in a communication network
US9621586B2 (en) 2014-02-08 2017-04-11 International Business Machines Corporation Methods and apparatus for enhancing business services resiliency using continuous fragmentation cell technology
WO2016073148A1 (en) * 2014-11-07 2016-05-12 Qualcomm Incorporated Using a hash of a filename to control encoding/decoding of a digital file
US9521128B2 (en) 2014-11-07 2016-12-13 Qualcomm Incorporated Using a hash of a filename to control encoding/decoding of a digital file

Also Published As

Publication number Publication date
GB0624058D0 (en) 2007-01-10
GB2446200A (en) 2008-08-06
GB0709761D0 (en) 2007-06-27
GB2444343B (en) 2012-04-18

Similar Documents

Publication Publication Date Title
US11818262B2 (en) Method and system for one-to-many symmetric cryptography and a network employing the same
CN108259169B (en) File secure sharing method and system based on block chain cloud storage
EP3058678B1 (en) System and method for dynamic, non-interactive, and parallelizable searchable symmetric encryption
WO2017033843A1 (en) Searchable cryptograph processing system
WO2008065351A1 (en) Self encryption
Miguel et al. Hedup: Secure deduplication with homomorphic encryption
Jeyaselvi et al. Cyber security-based multikey management system in cloud environment
Li et al. A data assured deletion scheme in cloud storage
JP2021534443A (en) Methods and systems for securing data
GB2444343A (en) Encryption system for peer-to-peer networks in which data is divided into chunks and self-encryption is applied
CN1558580B (en) A network data safety protection method based on cryptography
CN116248289A (en) Industrial Internet identification analysis access control method based on ciphertext attribute encryption
CN113656818A (en) No-trusted third party cloud storage ciphertext duplication removing method and system meeting semantic security
Vignesh et al. Secure data deduplication system with efficient and reliable multi-key management in cloud storage
Khudaier et al. A Review of Assured Data Deletion Security Techniques in Cloud Storage
Srinadh et al. Data security and recovery approach using elliptic curve cryptography
Roshan et al. SECURE FILE STORAGE ON CLOUD USING HYBRID CRYPTOGRAPHY
Venkatesh et al. Secure authorised deduplication by using hybrid cloud approach
Walunj et al. Secured Authorized Deduplication Based Hybrid Cloud
Bhadrappa et al. Implementation of De-Duplication Algorithm
Karani et al. Secure File Storage Using Hybrid Cryptography
Jacob et al. Secured and reliable file sharing system with de-duplication using erasure correction code
Alsufaian et al. Secure File Storage On Cloud Using Hybrid Cryptography
Zhong et al. Proof of cipher text ownership based on convergence encryption
Debbarma et al. Encryption With Private KEY for Data Security and Deduplication

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20151029 AND 20151104

PCNP Patent ceased through non-payment of renewal fee

Effective date: 20200522

S28 Restoration of ceased patents (sect. 28/pat. act 1977)

Free format text: APPLICATION FILED

S28 Restoration of ceased patents (sect. 28/pat. act 1977)

Free format text: RESTORATION ALLOWED

Effective date: 20210820