WO2013020177A1 - System and method for accessing securely stored data - Google Patents

System and method for accessing securely stored data Download PDF

Info

Publication number
WO2013020177A1
WO2013020177A1 PCT/AU2012/000943 AU2012000943W WO2013020177A1 WO 2013020177 A1 WO2013020177 A1 WO 2013020177A1 AU 2012000943 W AU2012000943 W AU 2012000943W WO 2013020177 A1 WO2013020177 A1 WO 2013020177A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
storage array
identifier
processor
per
Prior art date
Application number
PCT/AU2012/000943
Other languages
French (fr)
Inventor
Lawrence Edward Nussbaum
Stephen Thompson
Original Assignee
Cocoon Data Holdings Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2011903220A external-priority patent/AU2011903220A0/en
Application filed by Cocoon Data Holdings Limited filed Critical Cocoon Data Holdings Limited
Publication of WO2013020177A1 publication Critical patent/WO2013020177A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks

Definitions

  • the present invention relates to a system and method for storing and accessing securely stored data, and particularly, although not exclusively to system and method for storing and accessing secured data objects which are encrypted.
  • encryption software such as "Zip" programs which offer an encryption routine to encrypt the data before it is transmitted over the public network.
  • Other systems allow a user to select the data object and then by operation of a client encrypt the data object with a password or other types of keys, such as a PIN (personal identification number) or bio-marker, bio-metric information marker, etc.
  • encryption and decryption of data objects usually require the use of software which must be installed and verified on a user's computer.
  • a further problem can be transmitting large files over networks . This often cannot be done due to bandwidth restrictions and data size restrictions in data transfer protocols. Data often needs to be transmitted by hand using CD's or USB devices. This is often too inefficient and time consuming.
  • the invention can be broadly said to consist in a method of accessing securely stored data comprising the steps of:
  • the invention can be broadly said to consist of a system for accessing securely stored data comprising:
  • a processor arranged to receive a request from a data recipient
  • the processor arranged to send the data recipient a one time identifier defining the location of stored data, a storage array storing the data, the identifier defining the location of the storage array such that the data recipient can access the storage array using the identifier.
  • the invention can be broadly said to consist of a method for accessing securely stored data comprising the steps of:
  • the invention can be broadly said to consist of a system for accessing securely stored data, the system comprising:
  • a processor arranged to receive a request from a data recipient and authenticate a user
  • a vault server arranged to communicate with a storage array and processor
  • the vault server further arranged to send the data recipient a one time identifier defining the location of stored data
  • a storage array storing the data, the identifier defining the location of the storage array such that the data recipient can access the storage array using the identifier.
  • the invention can be said to broadly consist of a method for uploading data securely onto a system comprising the steps of:
  • the invention can be said to broadly consist of a method for accessing securely stored data comprising the steps of:
  • Figure 1 shows a schematic diagram of general computing system that can used as or as part of a system for accessing securely stored data.
  • Figure 2 shows a block diagram of a system for encrypting data and accessing encrypted data.
  • Figure 3 shows a schematic diagram of a system for uploading and accessing securely stored data in accordance with the present invention.
  • Figure 4 shows a flow diagram for accessing securely data using the system in accordance with Figure 3.
  • Figure 5 shows a flow diagram for uploading and storing data using the system in accordance with Figure 3.
  • Figure 6 shows a schematic diagram of an alternate form a system for uploading and accessing securely stored data in accordance with the present invention.
  • Figure 7 shows a flow diagram for uploading and storing data using the system in accordance with Figure 6.
  • Figure 8 shows a flow diagram for accessing securely stored data in accordance with Figure 6. Detailed Description of the Preferred Embodiment.
  • the present invention is related to a system and method for accessing securely stored data, and for securely storing data, in particular large sized data.
  • the system comprises a module arranged to receive a request from a data recipient, a processor arranged to send the data recipient a one time identifier defining the location of stored data, a storage array storing the data, the identifier defining the location of the storage array such that the data recipient can access the storage array using the identifier.
  • the processor and storage array can be implemented on servers.
  • the processor is located at a first location and the storage array is located at a second location, the first and second location being remote from each other.
  • the module In this example embodiment, the module,
  • decrypting processor may be implemented by one or more electronics circuits, computers or computing devices having an appropriate logic,
  • the computer may be implemented by any computing architecture, including stand-alone PC, client/server architecture, "dumb" terminal/mainframe architecture, or any other appropriate architecture.
  • the computing device may also be appropriately programmed to implement the invention.
  • FIG. 1 there is a shown a schematic diagram of a general computing system comprising a server 100.
  • the server 100 comprises suitable components
  • the components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106, and input/output devices such as disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc.
  • Display 112 such as a liquid crystal display, a light emitting display or any other suitable display and communications links 114.
  • the server 100 includes instructions that may be included in ROM 104, RAM 106 or disk drives 108 and may be executed by the processing unit 102.
  • There may be provided a plurality of communication links 114 which may variously connect to one or more computing devices such as a server, personal computers, terminals, wireless or handheld computing devices. At least one of a plurality of communications link may be connected to an external computing network through a telephone line, optical fibre, wireless
  • connection or other type of communications link.
  • the server 100 may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives.
  • the server 100 may also use a single disk drive or multiple disk drives.
  • the server 100 may also have a suitable operating system 116 which resides on the disk drive or in the ROM of the server 100.
  • the system may be implemented with a server 200 arranged to be connected to a communication network such as the Internet, Intranet, VPN etc wherein the server 200 is arranged to communicate with other computing or communication devices 204, 206 via the communication network.
  • a communication network such as the Internet, Intranet, VPN etc
  • this embodiment comprises a server 200 which is arranged to receive an encryption request 202 from a sender computing device 204 operated by a user, data sender, processor or controller wanting to encrypt a data object for transmission to another recipient user 206, computer, processor or controller.
  • the encryption request 202 may contain information relating to the data object that is to be encrypted by the sending computing device 204. This information may include, but not limited to:
  • the server 200 is arranged to generate a key which can be used to encrypt the data object.
  • the key 208 may then be sent to the sender computing device 204 which has sent the encryption request 202 to the server 200. Once received, the key 208 is then used by the computing device 204 to encrypt the data object such that an encrypted data object 210 is generated.
  • the encryption process on the computing device operates by encrypting the data object 210 such that the key 208 is not in any way integrated into the encrypted data object 210.
  • the encrypted data object 210 cannot be decrypted by a hacker or malicious party who is able to obtain an authorized copy of the encrypted data object 210 since the encrypted data object 210 itself is unable to provide the necessary information (e.g. the key 208) for the hacker to decrypt the file.
  • This embodiment is advantageous in that the encrypted data object 210 is highly secured since the key 210 needed to decrypt the file is not incorporated within the object 210 itself.
  • the sender computing device 204 may then be operated by its user, processor or controller to send the encrypted data object 210 to a recipient 206.
  • the encrypted data object 210 may be. sent through a computer network email, virtual storage servers or provided to the
  • the recipient user 206 may then contact the server 200 with a request to retrieve the necessary keys to decrypt the data object 210.
  • the server 200 may enforce an authentication process (212) on the ⁇ recipient 206 by checking and validating the identity of the recipient 206 prior to providing a key 214 to the recipient.
  • the authentication process (212) may include a login/password check, a biometric check, a time delayed validation process, a telephone code check, a pass key check, an IP address check or a combination of one or more of the systems described thereof.
  • a key 214 may be provided to the recipient user 206 to decrypt the file.
  • the recipient user 206 may be given a key 214 which only decrypts certain portions of the encrypted data object 210 such that only portions of the data may be released to the recipient user 206.
  • the decryption of the data is restrictive such that certain usage permissions are enforced on the recipient 206.
  • the server 200 is arranged to provide dummy keys to the sender computing device 204 and the recipient computing device 206.
  • hackers or other malicious parties listening to the transmissions from the server 200 may receive a plurality of keys without any reference or knowledge as to which of the dummy keys can in fact be used to decrypt the data object.
  • the dummy keys may also be integrated with the genuine key such that the permutations between the dummy keys and the genuine keys render it completely unfeasible or
  • the system 300 includes a communication device 301 (i.e. a computing device 301) , a processor 302, a data storage array 303 and a communication device 301 (i.e. a computing device 301) , a processor 302, a data storage array 303 and a communication device 301 (i.e. a computing device 301) , a processor 302, a data storage array 303 and a communication device 301 (i.e. a computing device 301) , a processor 302, a data storage array 303 and a
  • the communication network can be any suitable network such as the internet, intranet, VPN etc.
  • the communication device 301, the processor 302 and data storage array 303 can all communicate with each other via the communications network 304. It should be understood that secure connections are established between a recipient device 301 and any of the components of the system.
  • the user device i.e. recipient device
  • the client application may include gatekeeper or firewall services which allow connections to the processor 302 and/or the storage array 303.
  • system can include a further user device that is associated with a data sender.
  • the data sender device may also include a client
  • the sender can select data to be encrypted using the client application and requests the processor for a key for encryption. Alternatively the sender may self generated the key.
  • the key can be stored in the processor or a separate server arranged to store keys.
  • the data is encrypted and sent to the storage array for secure storage.
  • a storage array 303 is used because of the large size of the data.
  • the sender can establish permissions or rules that define or constrain access by recipient 301 to the encrypted data and also constrain the way a recipient 301 interacts with the data once received and/or once decrypted. These rules and permissions are described later.
  • the processor 302 is arranged to receive a request from a data recipient.
  • the data recipient can use a communication device 301 to send a request 305 to the processor 302 via the communication network 304.
  • the data recipient sends a request to access data that is securely stored.
  • the processor 302 is arranged to process the request 305 for accessing securely stored data from the storage array 303.
  • the processor 302 is arranged to authenticate the user using a suitable authentication process, which will be described later.
  • the authentication process identifies who a person is i.e. validates the identity of a user.
  • the authentication process validates the identity of the user.
  • the authentication may validate the identity of the user computing device 301.
  • the authentication process can validate the identity of the user, the user computing device and any other parameters established in the authentication process.
  • the processor 302 may possess a list of data
  • This list may be in the form of an access control list.
  • the access control list defines permissions and rules to describe the secured data or secured data object.
  • the access control list can ⁇ include the list of recipients allowed to access data.
  • the access control list further defines varying levels or authorisation for data recipients. Authorisation defines the entitlement a particular data recipient has to data stored in the storage array 303.
  • authorisations can be defined as rules or permissions.
  • the permissions i.e. authorisations
  • the permissions may demand that a
  • the permissions may demand that a particular piece of data (e.g. a data file or data object) can only be accessed by a specific recipient: In a further example the permissions may demand that a data recipient may only access a particular piece of data at a specified time of day. Many other such authorisations can be created and stored in the access control list.
  • rules or permissions may be defined by the data sender, i.e. person uploading the data into the data vault.
  • the rules and permissions constrain the manner in which at least one recipient can interact with the data.
  • the system is advantageous because access to the data is controlled by the rules or permissions.
  • the rules and permissions are also enforced once the decryption key . is passed to the recipient and after the recipient has received the data.
  • the rules control the type of interaction the recipient has with the data.
  • Securely in this specification can mean either the data is encrypted or the data is securely stored because the storage array cannot be readily accessed by any person.
  • the processor 302 sends that data recipient a one time identifier defining the location of the stored data (i.e. the location of the- storage array 303) .
  • the processor 302 also sends a message to the storage array 303 of successful authentication of a data recipient.
  • the data recipient can use the one time identifier 306 to access the storage array 303, as shown by feature 307.
  • the data recipient can access or extract stored data from the storage array 303, as shown by feature 308.
  • the processor 302 may send a message 309 to the storage array to expect a data access request using the one time identifier.
  • the processor 302 may send the particular data recipient details to the storage array 303.
  • the storage array 303 may require the data recipient to further authenticate with the storage array 303 to access data securely stored within the storage array 303.
  • Each data recipient is authenticated to access authorised data. This way data relating to another data recipient is not accessed by an unauthorised party. This is advantageous since several pieces of data relating to several data recipients or users can be stored on the storage array, without unauthorised access.
  • processor 302 is in a first location and the storage array 303 is in a second
  • the first location and "second location are physically remote from each other.
  • the processor 302 and storage array 303 may be in the same physical location such as on a single device, but being electronically isolated from each other.
  • the processor 302 and array 303 may be isolated by various tools such as fire walls, implemented on separate processing units and the like.
  • the storage array 303 is in an unknown location to the data recipient.
  • the one time identifier 306 is the only information that points to the location of. the data storage array 303 .
  • the processor 302 and storage arra 303 can be implemented on a server or a computer. In this embodiment the processor 302 is implemented on a separate server to the storage array 303 . The components of the system 300 can be implemented on individual servers to provide additional security.
  • the processor 302 can be any suitable processing unit arranged to process requests and arranged to execute stored instructions.
  • the processor 302 may additionally in some embodiments include a screen to display information.
  • the processor 302 may further include an interface to allow a user to input commands and or any other inputs into the processor.
  • the processor can be computer or a device similar to server 100 .
  • the storage array 303 is any suitable storage device such as a ROM, RAM, a hard drive, a computer network, a network of disk drives, flash memory, a database, a USB or any other such suitable storage device.
  • the communication device 301 can be similar to the server 100 as described.
  • the processor 302 and storage array 303 can also take the form of the server 100 described. In an alternate
  • the storage array 303 may also have a
  • the one time identifier 306 is sent as an electronic message, such as email, sms, multi media message (mms) , html text or any other suitable electronic message.
  • the electronic message can be encrypted or unencrypted.
  • a substantially secure electronic message protocol such as email is used to transmit the identifier 306 to the data recipient.
  • the one time identifier 306 points to the data storage array. This identifier is unique to every
  • the identifier 306 is a resource locator, such as a URL or URI or URN.
  • the URL can be used by the data recipient's communication device 301 to access the storage array 303 via the communications network 304 .
  • the identifier 306 is only valid for a pre-determined time. Once the pre-determined time expires the identifier is deemed useless and the recipient needs to acquire a new identifier 306 .
  • the processor 302 preferably generates a new identifier when the time expires i.e. the identifier "times out".
  • the pre-determined time can be any suitable duration such as 2 minutes, 10 minutes, 30 minutes, 10 seconds or any other suitable duration.
  • the recipient may need to re-authenticate in order to obtain a new
  • the time out function is a safety feature which stops a hacker from accessing the data because during the hacking process, the identifier expires.
  • the one time identifier is limited for a one time use. This is advantageous because it prevents hackers from accessing secured data, since the identifier is only valid for one use. Even if the hacker acquires the identifier it would be useless to a hacker.
  • the rules or permissions in the access control list may define conditions for supply of the one time identifier.
  • the processor 302 may only provide the identifier if a specific rule is satisfied by the recipient e.g. the recipient is only supplied the one time identifier if the recipient is at a specific geographic location or if the recipient is operating a desk top computer or any other defined rule.
  • the identifier 306 points to memory locations of stored data, within the storage array 303.
  • the data recipient is presented with data that- the data recipient is authorised to view.
  • the processor 302 can hold a directory of data stored within the storage array 303.
  • the directory is a listing of all data stored in the storage array 303.
  • a particular data recipient can only view the pieces of data or instances of data that the recipient is authorised to view.
  • the recipient can select the particular data instances the recipient wants to access. Based on the recipient's selection the processor issues a unique identifier for the location of the data within the storage array 303.
  • the identifier can include the virtual location of the storage array 303 as well as the memory location of the data.
  • the URL points only to the virtual identifier of the storage array 303.
  • the recipient uses the URL to access the storage array 303.
  • identifier 306 preferably also limits the recipient to the memory locations of authorised data, within the array 303.
  • the storage array 303 may present the user with a directory of various data the user is authorised to access.
  • the user can extract the data the user desires from the storage array 303, as indicated by feature 308.
  • the data is required to be downloaded and saved onto the data recipient's device.
  • the recipient is presented with a web plug in module that allows the recipient to access the data.
  • the web plug in module allows the recipient to view and modify the data without having to download the data onto the recipient computing device 201.
  • the sender can create rules and limit the recipient's ability to amend or modify the stored data, for example the recipient may only have view only
  • the system as per Figure 3 preferably includes a plurality of data storage arrays 303a, 303b, in addition to 303.
  • These additional storage arrays preferably include the same data ' as the storage array 303.
  • These additional storage arrays 303a, 303b serve as back up or redundancy.
  • These additional storage arrays are present in case one storage array fails, the others can be used to access stored data.
  • the identifier 306 issued can be to any one of the storage array's 303, 303a, 303b. If new identifier is issued because a previous identifier "timed out", the new identifier can correspond to any one of the storage arrays.
  • the processor 302 can communicate 309 with the storage arrays.
  • the processor 302 can send a message to the storage array to inform the storage arrays of a successful authentication by a user.
  • the processor 302 may send the recipient's details such that the storage array can identify the recipient.
  • the processor 302 may simply inform the storage array 303 to expect a request for data from a recipient.
  • the system described in Figure 3 can be used with the system described in Figure 2.
  • the data to be stored by the sender is encrypted by using the encryption system described.
  • the encrypted data is stored on the storage array 303
  • the processor 302 can be same as the server 200, wherein the sender uses the processor 302 to encrypt the data.
  • the data recipient may authenticate with the processor 302 or server 200.
  • the data recipient authenticates with the processor 302 and is presented with a one time identifier pointing to the storage array location as well as a decryption key.
  • the key is preferably stored in remote location to the storage array 303.
  • the decryption key may be stored on the processor 302 and provided to a recipient.
  • the data recipient uses the one time identifier to access the data and uses the key to decrypt the accessed data.
  • the processor 302 can be implemented based on a System for securing data as described with reference to WO
  • FIG. 4 shows a flow diagram of the system of the present invention.
  • the system for accessing securely stored data firstly involves receiving a request from a data recipient at step 401.
  • the processor 302 receives the request from the data recipient's computing device 301.
  • the processor authenticates the user (data recipient) . Authentication can be done in any suitable way, such as an email address or another unique user identifier and a password, or PIN or other such tool. If authentication fails, the request is terminated, as per step 403. If authentication is successful the processor 302 sends an electronic message with the location of the storage array 303, at step 404.
  • the location can be in any suitable form as described.
  • the user uses, the location identifier to access the storage array 303.
  • the user accesses the data the user is authorised to access.
  • the user can process the data in any means the user to authorised to do so.
  • the method may include the further step of receiving a decryption key 407.
  • the recipient can receive the key either after the recipient is authenticated or once the user has accessed the data from the storage array 303.
  • the key is used to decrypt the stored encrypted data, at step 408.
  • the process is complete once the user accesses the data.
  • the method may include a further step 408 of authenticating the user at once the user has access the storage array 303.
  • the processor 303 may further authenticate the user (data recipient) to allow the user to access desired data from the array 303, at step 409. If the authentication fails the method is ended, step 410. -If the authentication is successful the user is allowed access to the storage array 303, at step 411. Steps 409-411 are optional and only in the diagram as optional steps.
  • This system presents a safer system and method of accessing securely stored data.
  • the system is a more secure to attack from hackers because the data is stored in a remote location to the processor.
  • the processor requires authentication from the data recipient and then sending an identifier identifying the location of the storage array.
  • the remoteness of the processor and storage array provides security.
  • the authentication step provides a further layer of security.
  • the data stored in the storage array is preferably encrypted.
  • the key is stored in a further remote location to the processor and storage array.
  • the recipient receives the key and an identifier pointing the location of the data once authenticated.
  • the key and data being stored in separate locations provides further security against a hacker, because in order to access the data the hacker needs to hack the processor to access the identifier, then the hacker needs to further locate the key and only then can a hacker gain access to the data.
  • the one time identifier expires after a predetermined time period. This provides for a further layer of security. This as the hacker is trying hacking the recipients device or the processor, the identifier expires so even if the hacker access the identifier that
  • the storage array 303 is in an unknown location to the data recipient.
  • the unique identifier is the only information that points, to the location of the storage array. This adds another layer of security because a potential hacker would not know the location of storage array.
  • the system separates the locations of the decryption key, the processor and the storage array so that a hacker never has all the information required to access secure data.
  • Figure 5 shows a flow diagram for uploading data onto the storage array 303.
  • the process includes the step 501 of authenticating a data creator.
  • the data creator can be authenticated by a suitable authentication process such a password, biometric data or any other suitable process.
  • the data creator creates a local copy of the data on the data creator's device.
  • the data can be encrypted using the process described earlier with reference to Figure 2 or any other suitable
  • the data creator requests the server 302 for permission to store the data on the storage array 303.
  • the user also requests the location of the storage array.
  • the data creator sends metadata to the storage array 303 so the array can confirm the data as being a correct format.
  • the server 302 sends the data creator a one-time URL for a one-time use to upload data.
  • the user uploads the data or sends the data to the storage array 303 using the one-time identifier i.e. the URL or any other resource locator.
  • the storage array compares the uploaded file with the metadata sent to the storage array and sends a status to the data creator.
  • the status of successful uploads is either sent by the storage array 303 to the data creator directly or the status of successful upload is sent to the server 302 by the storage array 303, the server 302 in turn sending the status of successful upload to the data creator.
  • the uploaded data is marked as available.
  • a message or indicator can be sent to the user by either the storage array 303 or sent by the server 302 to the data sender to show the data being available for download. This is an optional extra feature of the system
  • API application programming interface
  • program modules include routines, programs, objects, components and data files assisting in the performance of particular
  • FIG. 6 shows a further embodiment of a system for storing and accessing securely stored data.
  • the system comprises a user device 601, a processor 602, vault server 603 and a storage array 604. It should be understood that secure connections are established between a user device 601 and any of the components of the system.
  • the user device i.e. recipient device
  • the client application may include gatekeeper or firewall services which allow ' connections to the processor 602 or the storage array 604 or the vault server 603.
  • the user device 601 is a suitable computing device. In one form the user device is a computer. In another form the user device 601 may be a server such as the server 100 described earlier. The user device 601 allows a user to communicate with other elements of the system, create data, upload data, store data, encrypt data and access stored data.
  • the processor 602 in one form includes a processing unit and memory units.
  • the processor 602 may include a user interface such as a keyboard to allow a person to communicate with the processor 602.
  • the processor 602 can be and has the parts described with respect to Figure 1.
  • the . processor 602 includes a communication module that allows the processor 602 to communicate with the user device 601 and the vault server 603.
  • the processor 602 can be an individual Server arranged to perform various functions.
  • the processor can include similar hardware components as server 100.
  • the processor 602 is arranged to authenticate a user. using a suitable authentication process.
  • the processor may incorporate or include a list of data recipients as sent to it from a user who has uploaded data onto the storage array.
  • the list includes a list of authorised data recipients who may download data from the storage array.
  • the list can be in the form of an access control list as described earlier, that defines various rules or permissions with respect to access of data, functions that can be performed with the data, as well as providing the one time identifier.
  • the vault server 603 in one form can be a server such as the server 100 described with respect to Figure 1.
  • the vault server 603 includes a communication module.
  • the vault server 603 is adapted to communicate with the processor 602 and user device 601.
  • the vault server 603 further is adapted and arranged to communicate with and send data to and from the storage array 604.
  • the vault server 603 is adapted to communicate with the processor 602 and the user device 601.
  • the vault server 603 is arranged to receive a request for
  • the vault server is arranged to determine the location of the data and provide information to the processor 602.
  • the processor 602 utilises this information and generates and sends an identifier relating to the. location of the storage array to the user.
  • the vault server 603 is adapted to communicate with the storage array and only the vault server can download and upload date onto the storage array 604.
  • the vault sever 603 may generate and transmit the identifier to a user.
  • the storage array 604 is any suitable memory device ⁇ that can receive and store data.
  • the storage array can be any suitable memory device such as ROM, RAM, hard disk drive, flash memory.
  • the storage array 604 may be formed from a collection of linked computers, such as a computer form or a cloud computing system.
  • the storage array 604 may be arranged as a database .
  • the processor 602, the vault server 603 and storage array are isolated with each other.
  • the storage array 604 may be incorporated into or with the vault server 603 and may be part of the vault server 603.
  • the processor 602 the vault server 603 and the storage array 604 being physically isolated from one another.
  • vault server 603 and storage array may be in three separate locations.
  • the vault server 603 and storage array 604 may be electronically isolated. This means the vault server 603 and the storage array 604 may be in the same physical location, for example in the same casing, but are electronically isolated from each other.
  • the storage array 603 and storage array 604 may be wired or configured in a suitable way to isolate the storage array 604 and vault server 603 for example with the use of fire walls, implementation on isolated processors and so on.
  • system may include a plurality of storage arrays 604a - 604c.
  • the storage arrays are all linked to and can communicate with the vault server.
  • the vault server.603 stores the locations and addresses of all storage arrays 604, 604a, 604b.
  • the vault server 603 may store a list of all memory locations in the form of a directory.
  • the processor 602, vault server 603 and storage arrays are remote and isolated from each other.
  • the vault server 603 transmits the location information to the processor 602 when the vault server receives a request for the location of stored data.
  • the processor 602 uses this location information to generate the one time identifier.
  • the user device 601 may have installed on it a program that allows the user device 601 to be compatible and communicate with the processor 602 and the vault server 603. This program may be called Secure Store.
  • This program may be software application or a web plug in that allows the user device to establish a communication link with the other components of the system 300.
  • the stored program preferably formats the commands of the user into the correct format to allow a user to communicate with the processor 602, vault server 603 and storage array 604.
  • the processor 602 or the vault server 603 are adapted to process requests from a user. These requests may be a request to upload or download data onto the storage location.
  • the processor 602 or the vault server 603 are arranged to process requests and arranged to execute stored instructions.
  • the processor 602 or the vault server 603 may have a. screen to display information.
  • processor 602 or vault server 603 may further include a user interface to allow a user to input commands.
  • processor 602 is adapted to create and transmit a one time identifier to the user once the user is authenticated and authorised.
  • vault server 603 is adapted to generate and transmit a one time identifier to the user is authenticated and
  • The. identifier 605 is created and sent as an electronic message, such email, sms, multi media message (rams) , html text or any other suitable electronic message.
  • the electronic message is preferably encrypted but may be unencrypted. Any suitable protocol is used to transmit the identifier 605.
  • the identifier 605 points to the location of the storage array to allow a user to upload or download data from storage array 604.
  • the identifier 605 is a resource locator such as a URL, URN or URI .
  • a URL is used as the identifier 605, but other suitable resource locators can be used.
  • the identifier 605 is only valid for a pre-determined time. Once the pre-determined time expires the identifier is deemed useless and the recipient will be needed to acquire a new identifier 605.
  • the predetermined time can be any suitable time duration for example 2 minutes, 30 seconds, 4 minutes or any other suitable duration.
  • This pre-determined or time out function of the identifier adds to the security of the system, which stops a hacker from accessing the stored data since the identifier is likely to time out before a hacking process is .complete. Once the pre-determined time expires the identifier is useless and cannot be used to access the location of the storage array 604 .
  • the user 601 can use the one time identifier to access the storage array 604 , via a communications network 606 .
  • the user 601 communicates with the vault server 603 and access the storage array using the one time
  • the identifier 605 may be transmitted via the communications network.
  • the communications network allows communication between all the parts of the system and can be any suitable network.
  • the identifier 605 may be similar to the identifier 306 as described earlier.
  • An identifier similar to 306 may be used with the system described in relation to Figure 6 .
  • system may include a further decryption server that provides the user with a decryption key once the user downloads the data from the storage array.
  • the decryption server is remote from the other system components in order to increase security of data and make the key difficult to access for a hacker.
  • the use of a storage array ( 303 or 604 ) is
  • a sender can upload large sized data files or data objects into the storage array.
  • the sender can secure the data by encrypting the data and establishing various rules or permissions defining access conditions of the data, the functions a recipient can perform, the way a user can interact with the data, and rules for providing the one time identifier. These rules can be applied at any time throughout the process of retrieving data from the storage array.
  • Figure 7 shows a flow diagram for storing data securely on the storage array 604.
  • the user is authenticated by the processor 602.
  • the user can access the server 602 using the user computing device 601.
  • the user can be authenticated using any suitable
  • authentication process such as passwords, biometric markers and so on.
  • the user may
  • the user can create a local copy of the data that requires storing on the user device 601.
  • the data is stored on the memory of the user device 601.
  • the user sends a request to upload or store data, to the processor 602.
  • the processor receives the request to upload data from the user, at step 703.
  • the processor 602 sends a request to the vault server 603 for location information related to an empty location within the storage array. This is only done once the use is authenticated.
  • the user may also need to be authorised and adhere to a rule or permission that can be stored on the processor 602..
  • the identifier is preferably a URL but can be any other suitable identifier.
  • the processor 602 sends a metadata to the vault server 603 so that the vault server can confirm the contents received are original and authenticated data from an authenticated user.
  • the processor 602 sends the identifier to the user device 601 and hence to the user.
  • the vault server may send the one time identifier to the processor 602, the processor in turn sends the identifier to the user device 601.
  • the vault server 603 may generate and send the one time identifier directly to the user.
  • the user can upload data to the storage array 604 using the one-time identifier.
  • the data can be uploaded onto the vault server 603, the vault server 603 then sends the data to the storage array 604 stores the data in a memory location in the storage array 604.
  • the vault server 603 compares the data received by user device 601 with the metadata- to ensure the data being loaded is original data received from an authenticated user.
  • the vault server sends a status of successful upload to the processor 602.
  • the vault server 603 sends a status of successful upload directly to the user 601.
  • the processor receives a message of successful upload
  • the processor 602 sends a status of successful upload to the user.
  • the vault server 603 sends the message of successful upload to the user.
  • FIG 8 shows flow diagram of the process of accessing securely stored data.
  • a user wanting to access securely stored data is authenticated and authorised using a suitable authentication and authorisation process.
  • the user can request a directory of available data for access in a storage array 604.
  • the vault server 603 or the processor 602 may store a list of all data stored on the storage array along with a directory list of the memory locations of where the data is stored.
  • the user requests permission to download data from the storage array.
  • the processor 602 confirms authorisation and authentication of the user and sends a one-time identifier. In another form the vault server 603 sends a one-time identifier to the user once the user is authorised and authenticated.
  • the one-time identifier can be any suitable identifier identifying the location of the storage array.
  • the identifier is preferably a URL but can be a URI URN or any other suitable identifier pointing to the location of the storage array.
  • the one-time identifier is
  • the identifier may also point to the specific memory location of the data in the storage array.
  • the user downloads the data directly from the vault server 603 using the one time identifier that includes the location of the storage array.
  • the vault server 603 fetches data from the storage array 604 for the user, and transmits- it to the user at step 805.
  • the vault server 603 sends a message of successful download to the processor 602.
  • the processor adds download information to a download log.
  • the log may be stored on the processor, or the vault server or on the user device.
  • the user can decrypt . data if the data is encrypted using the decryption process discussed . in Figure 2 and Patent
  • the decryption server sends the user a decryption key to decrypt the encrypted data.
  • the components of system 300 i.e. 302, 303, 303a, 303b
  • the components of system 600 i.e. 602, 603, 604, 604a, 604b
  • a single machine e.g. a PC or laptop or server
  • the components of system 300 or system 600 may be implemented on a single machine and may not be electronically isolated. This is because the single machine may be trusted machine that is secure.
  • the identifier 605 may be generated by the vault server 603, after the processor 602 has authenticated a user as an authorised user.
  • the vault server 603 may communicate directly with the user device 601. It will also be appreciated that where the methods and systems of the present invention are either wholly implemented by computing system or partly implemented by computing systems then any appropriate computing system architecture may be utilised. This will include stand alone computers, network computers and dedicated /hardware devices. Where the terms "computing system" and
  • computing device are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a system and method for storing and accessing securely stored data, the method comprising the steps of receiving a request from a data recipient to access stored data; sending to the data recipient a one time identifier defining the location of the stored data and utilising the one time identifier to access data from a storage location, the one time identifier pointing to the location of the data.

Description

SYSTEM AND METHOD FOR ACCESSING SECURELY STORED DATA
Field of the invention The present invention relates to a system and method for storing and accessing securely stored data, and particularly, although not exclusively to system and method for storing and accessing secured data objects which are encrypted.
.
Background of the Invention
In an online environment, electronic data is often distributed from one point to another.
Where there is necessity to secure the data from unauthorized usage or access, particularly in the
situations where the data is confidential or requires protection. Users can utilise the system to encrypt the data prior to sending the data over an unsecured network.
To identify these security concerns users may choose to encrypt the data objects before transmitting the data objects over a public network. Systems and methods for encrypting data are known. One approach is to use
encryption software, such as "Zip" programs which offer an encryption routine to encrypt the data before it is transmitted over the public network. Other systems, allow a user to select the data object and then by operation of a client encrypt the data object with a password or other types of keys, such as a PIN (personal identification number) or bio-marker, bio-metric information marker, etc.
Although these encryption softwares are effective, they have a flaw in that the encryption process embeds the decryption key within the encrypt data objects itself. As such, it is possible for a hacker to use brute force or other suitable methods to decrypt the file since the necessary components to decrypt the file are all
integrated within the encrypted object.
In addition, encryption and decryption of data objects usually require the use of software which must be installed and verified on a user's computer. This
increases the cost of purchase and maintenance from the user's point of view and thereby reduces the market uptake of using these encryption and decryption technologies
A further problem can be transmitting large files over networks . This often cannot be done due to bandwidth restrictions and data size restrictions in data transfer protocols. Data often needs to be transmitted by hand using CD's or USB devices. This is often too inefficient and time consuming.
Summary of the Invention
In one aspect the invention can be broadly said to consist in a method of accessing securely stored data comprising the steps of:
receiving a request from a data recipient to access stored data,
sending to the data recipient a one time identifier defining the location of the stored data.
In another aspect the invention can be broadly said to consist of a system for accessing securely stored data comprising:
a processor arranged to receive a request from a data recipient,
the processor arranged to send the data recipient a one time identifier defining the location of stored data, a storage array storing the data, the identifier defining the location of the storage array such that the data recipient can access the storage array using the identifier.
In a further aspect the invention can be broadly said to consist of a method for accessing securely stored data comprising the steps of:
sending a request for to access stored data,
receiving a one time identifier defining the location of the stored data.
In yet another aspect the invention can be broadly said to consist of a system for accessing securely stored data, the system comprising:
a processor arranged to receive a request from a data recipient and authenticate a user,
a vault server arranged to communicate with a storage array and processor,
the vault server further arranged to send the data recipient a one time identifier defining the location of stored data, and
a storage array storing the data, the identifier defining the location of the storage array such that the data recipient can access the storage array using the identifier.
In a further aspect the invention can be said to broadly consist of a method for uploading data securely onto a system comprising the steps of:
receiving a request to upload from a user
creating and sending a one time identifier to the user
receiving data from the user, and
storing data onto a storage array
In another aspect the invention can be said to broadly consist of a method for accessing securely stored data comprising the steps of:
receiving a request from a user to access stored data, and
creating and sending a one time identifier to the user .
Brief Description of the Drawings Figure 1 shows a schematic diagram of general computing system that can used as or as part of a system for accessing securely stored data.
Figure 2 shows a block diagram of a system for encrypting data and accessing encrypted data.
Figure 3 shows a schematic diagram of a system for uploading and accessing securely stored data in accordance with the present invention.
Figure 4 shows a flow diagram for accessing securely data using the system in accordance with Figure 3.
Figure 5 shows a flow diagram for uploading and storing data using the system in accordance with Figure 3.
Figure 6 shows a schematic diagram of an alternate form a system for uploading and accessing securely stored data in accordance with the present invention.
Figure 7 shows a flow diagram for uploading and storing data using the system in accordance with Figure 6.
Figure 8 shows a flow diagram for accessing securely stored data in accordance with Figure 6. Detailed Description of the Preferred Embodiment.
The present invention is related to a system and method for accessing securely stored data, and for securely storing data, in particular large sized data. The system comprises a module arranged to receive a request from a data recipient, a processor arranged to send the data recipient a one time identifier defining the location of stored data, a storage array storing the data, the identifier defining the location of the storage array such that the data recipient can access the storage array using the identifier. The processor and storage array can be implemented on servers. The processor is located at a first location and the storage array is located at a second location, the first and second location being remote from each other.
In this example embodiment, the module,
authentication routine, decrypting processor may be implemented by one or more electronics circuits, computers or computing devices having an appropriate logic,
software, hardware or any combination thereof programmed to operate with the computing devices. The computer may be implemented by any computing architecture, including stand-alone PC, client/server architecture, "dumb" terminal/mainframe architecture, or any other appropriate architecture. In some embodiments,, the computing device may also be appropriately programmed to implement the invention.
'
Referring to Figure 1 there is a shown a schematic diagram of a general computing system comprising a server 100. The server 100 comprises suitable components
necessary to receive, store and execute appropriate computer instructions. The components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106, and input/output devices such as disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc. Display 112 such as a liquid crystal display, a light emitting display or any other suitable display and communications links 114. The server 100 includes instructions that may be included in ROM 104, RAM 106 or disk drives 108 and may be executed by the processing unit 102. There may be provided a plurality of communication links 114 which may variously connect to one or more computing devices such as a server, personal computers, terminals, wireless or handheld computing devices. At least one of a plurality of communications link may be connected to an external computing network through a telephone line, optical fibre, wireless
connection or other type of communications link.
The server 100 may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives. The server 100 may also use a single disk drive or multiple disk drives. The server 100 may also have a suitable operating system 116 which resides on the disk drive or in the ROM of the server 100.
Referring to Figure 2, there is illustrated a block diagram of an embodiment of a system for securing data. In this embodiment, the system may be implemented with a server 200 arranged to be connected to a communication network such as the Internet, Intranet, VPN etc wherein the server 200 is arranged to communicate with other computing or communication devices 204, 206 via the communication network.
As shown, this embodiment comprises a server 200 which is arranged to receive an encryption request 202 from a sender computing device 204 operated by a user, data sender, processor or controller wanting to encrypt a data object for transmission to another recipient user 206, computer, processor or controller. In this example embodiment, the encryption request 202 may contain information relating to the data object that is to be encrypted by the sending computing device 204. This information may include, but not limited to:
1- Filenames of any files to be encrypted;
2- File size, dates, properties, permissions
settings and other attributes;
3- The identification of the recipient 206 of the file;
4- The access permissions of the recipient 206;
5- The address or reference of the recipient 206; and
6- Any other information relating to the security settings or the data object that is to be encrypted which may be required to encrypt the file.
Once the encryption request 202 is received by the server 200, the server 200 is arranged to generate a key which can be used to encrypt the data object. The key 208 may then be sent to the sender computing device 204 which has sent the encryption request 202 to the server 200. Once received, the key 208 is then used by the computing device 204 to encrypt the data object such that an encrypted data object 210 is generated.
Preferably, the encryption process on the computing device operates by encrypting the data object 210 such that the key 208 is not in any way integrated into the encrypted data object 210. As a result, the encrypted data object 210 cannot be decrypted by a hacker or malicious party who is able to obtain an authorized copy of the encrypted data object 210 since the encrypted data object 210 itself is unable to provide the necessary information (e.g. the key 208) for the hacker to decrypt the file. This embodiment is advantageous in that the encrypted data object 210 is highly secured since the key 210 needed to decrypt the file is not incorporated within the object 210 itself. After the data object is encrypted, the sender computing device 204 may then be operated by its user, processor or controller to send the encrypted data object 210 to a recipient 206. As the encrypted data object 210 is now secured, it may be. sent through a computer network email, virtual storage servers or provided to the
recipient in the form of digital media such as CDs, DVDs, Blu-Rays, USB storage or the like. Preferably, in some situations, some form of security consideration is still put into practice with the transmission of the encrypted data object 210 for best practice.
Once the recipient user 206 receives the encrypted data object 210, the recipient user 206 may then contact the server 200 with a request to retrieve the necessary keys to decrypt the data object 210. In one embodiment, the server 200 may enforce an authentication process (212) on the^ recipient 206 by checking and validating the identity of the recipient 206 prior to providing a key 214 to the recipient. The authentication process (212) may include a login/password check, a biometric check, a time delayed validation process, a telephone code check, a pass key check, an IP address check or a combination of one or more of the systems described thereof. After the recipient user 206 is authenticated by the server 200 and is authorized to decrypt the data object 210, a key 214 may be provided to the recipient user 206 to decrypt the file. In one example embodiment, the recipient user 206 may be given a key 214 which only decrypts certain portions of the encrypted data object 210 such that only portions of the data may be released to the recipient user 206. In another embodiment, the decryption of the data is restrictive such that certain usage permissions are enforced on the recipient 206. In these examples, it may be necessary to encrypt the data object with necessary information for third party software to control and enforce these permission settings. Examples of these third party software includes Microsoft Word or Adobe Acrobat Reader which have permission controls capable of limited the manipulation of a data file. Alternative embodiments of a system for securing data are also described in WO/2009/079708 which is incorporated ' herein by reference. These embodiments are advantageous in that the encryption key 208 which can be used to decrypt an encrypted object is removed from the encrypted data object 210. As such the encrypted data object may be transmitted in a less secure, whilst more convenient channel since even in the event that the encrypted data object 210 is copied by an unauthorised user, the object cannot be easily decrypted with known methods of
decryption since the key is not within the encrypted • object.
In another embodiment, the server 200 is arranged to provide dummy keys to the sender computing device 204 and the recipient computing device 206. By transmitting and utilising dummy keys in the encryption process, hackers or other malicious parties listening to the transmissions from the server 200 may receive a plurality of keys without any reference or knowledge as to which of the dummy keys can in fact be used to decrypt the data object. The dummy keys may also be integrated with the genuine key such that the permutations between the dummy keys and the genuine keys render it completely unfeasible or
impractical for a hacker to use the data for any
meaningful purpose.
Referring to Figure 3, there is illustrated a schematic diagram of an embodiment of a system for accessing securely stored data. The system 300 includes a communication device 301 (i.e. a computing device 301) , a processor 302, a data storage array 303 and a
communications network 304. The communication network can be any suitable network such as the internet, intranet, VPN etc. The communication device 301, the processor 302 and data storage array 303 can all communicate with each other via the communications network 304. It should be understood that secure connections are established between a recipient device 301 and any of the components of the system. The user device (i.e. recipient device) may include a client application that is a software
application that facilitates a secure connection. The client application may include gatekeeper or firewall services which allow connections to the processor 302 and/or the storage array 303.
Although not illustrated the system can include a further user device that is associated with a data sender. The data sender device may also include a client
application that facilitates a connection with the processor. The sender can select data to be encrypted using the client application and requests the processor for a key for encryption. Alternatively the sender may self generated the key. The key can be stored in the processor or a separate server arranged to store keys. The data is encrypted and sent to the storage array for secure storage. A storage array 303 is used because of the large size of the data. The sender can establish permissions or rules that define or constrain access by recipient 301 to the encrypted data and also constrain the way a recipient 301 interacts with the data once received and/or once decrypted. These rules and permissions are described later.
The processor 302 is arranged to receive a request from a data recipient. The data recipient can use a communication device 301 to send a request 305 to the processor 302 via the communication network 304. The data recipient sends a request to access data that is securely stored. The processor 302 is arranged to process the request 305 for accessing securely stored data from the storage array 303.
The processor 302 is arranged to authenticate the user using a suitable authentication process, which will be described later. The authentication process identifies who a person is i.e. validates the identity of a user. In this example the authentication process validates the identity of the user. Alternatively the authentication may validate the identity of the user computing device 301. As a further alternative the authentication process can validate the identity of the user, the user computing device and any other parameters established in the authentication process.
The processor 302 may possess a list of data
recipients as sent to it or stored on by the sender, after the sender securely stores data on the storage array 303. The sender is a person who uploads data onto the storage array 303 to securely store the data. This list may be in the form of an access control list. The access control list defines permissions and rules to describe the secured data or secured data object. The access control list can include the list of recipients allowed to access data. The access control list further defines varying levels or authorisation for data recipients. Authorisation defines the entitlement a particular data recipient has to data stored in the storage array 303. The various
authorisations can be defined as rules or permissions. In. one. example the permissions (i.e. authorisations) may demand that a particular data file or data object within the storage array 303 is read only or print only. In another example the permissions may demand that a
particular data object can only be accessed by a
particular recipient if that recipient is at a specific geographic location and the data is inaccessible if the recipient is not at that location.
In yet another example the permissions may demand that a particular piece of data (e.g. a data file or data object) can only be accessed by a specific recipient: In a further example the permissions may demand that a data recipient may only access a particular piece of data at a specified time of day. Many other such authorisations can be created and stored in the access control list.
These rules or permissions may be defined by the data sender, i.e. person uploading the data into the data vault. The rules and permissions constrain the manner in which at least one recipient can interact with the data. These rules are enforced by the processor 302 or
alternatively by a client application operating on the user's computing device. The system is advantageous because access to the data is controlled by the rules or permissions. The rules and permissions are also enforced once the decryption key . is passed to the recipient and after the recipient has received the data. The rules control the type of interaction the recipient has with the data.
The uploading process will be described later.
Securely in this specification can mean either the data is encrypted or the data is securely stored because the storage array cannot be readily accessed by any person.
Once the data recipient is authorised the data recipient is presented stored data that can be accessed from the storage array 303. The authorisation process limits the data that the data recipient can access from the storage array. The processor 302 sends that data recipient a one time identifier defining the location of the stored data (i.e. the location of the- storage array 303) . The processor 302 also sends a message to the storage array 303 of successful authentication of a data recipient. The data recipient can use the one time identifier 306 to access the storage array 303, as shown by feature 307. The data recipient can access or extract stored data from the storage array 303, as shown by feature 308.
In one embodiment the processor 302 may send a message 309 to the storage array to expect a data access request using the one time identifier. In an alternate embodiment the processor 302 may send the particular data recipient details to the storage array 303. In this alternate embodiment the storage array 303 may require the data recipient to further authenticate with the storage array 303 to access data securely stored within the storage array 303.·
Each data recipient is authenticated to access authorised data. This way data relating to another data recipient is not accessed by an unauthorised party. This is advantageous since several pieces of data relating to several data recipients or users can be stored on the storage array, without unauthorised access.
In one embodiment the processor 302 is in a first location and the storage array 303 is in a second
location. The first location and "second location are physically remote from each other. In another embodiment the processor 302 and storage array 303 may be in the same physical location such as on a single device, but being electronically isolated from each other. In this alternate embodiment the processor 302 and array 303 may be isolated by various tools such as fire walls, implemented on separate processing units and the like. In one embodiment the storage array 303 is in an unknown location to the data recipient. The one time identifier 306 is the only information that points to the location of. the data storage array 303 .
The processor 302 and storage arra 303 can be implemented on a server or a computer. In this embodiment the processor 302 is implemented on a separate server to the storage array 303 . The components of the system 300 can be implemented on individual servers to provide additional security. The processor 302 can be any suitable processing unit arranged to process requests and arranged to execute stored instructions. The processor 302 may additionally in some embodiments include a screen to display information. The processor 302 may further include an interface to allow a user to input commands and or any other inputs into the processor. The processor can be computer or a device similar to server 100 .
The storage array 303 is any suitable storage device such as a ROM, RAM, a hard drive, a computer network, a network of disk drives, flash memory, a database, a USB or any other such suitable storage device. The communication device 301 can be similar to the server 100 as described. The processor 302 and storage array 303 can also take the form of the server 100 described. In an alternate
embodiment the storage array 303 may also have a
processing unit or device associated with the storage array 303 .
The one time identifier 306 is sent as an electronic message, such as email, sms, multi media message (mms) , html text or any other suitable electronic message. The electronic message can be encrypted or unencrypted.
Preferably a substantially secure electronic message protocol such as email is used to transmit the identifier 306 to the data recipient.
The one time identifier 306 points to the data storage array. This identifier is unique to every
recipient and points to the data that the recipient is authorised to view. The identifier 306 is a resource locator, such as a URL or URI or URN. The URL can be used by the data recipient's communication device 301 to access the storage array 303 via the communications network 304 . The identifier 306 is only valid for a pre-determined time. Once the pre-determined time expires the identifier is deemed useless and the recipient needs to acquire a new identifier 306 . The processor 302 preferably generates a new identifier when the time expires i.e. the identifier "times out". The pre-determined time can be any suitable duration such as 2 minutes, 10 minutes, 30 minutes, 10 seconds or any other suitable duration. The recipient may need to re-authenticate in order to obtain a new
identifier 306 . The time out function is a safety feature which stops a hacker from accessing the data because during the hacking process, the identifier expires.
In another embodiment the one time identifier is limited for a one time use. This is advantageous because it prevents hackers from accessing secured data, since the identifier is only valid for one use. Even if the hacker acquires the identifier it would be useless to a hacker.
In one embodiment the rules or permissions in the access control list may define conditions for supply of the one time identifier. In one example the processor 302 may only provide the identifier if a specific rule is satisfied by the recipient e.g. the recipient is only supplied the one time identifier if the recipient is at a specific geographic location or if the recipient is operating a desk top computer or any other defined rule. These authorisation rules or permissions are advantageous as they limit the way in which a data recipient can receive the identifier, reducing the possibility of a hacker obtaining the identifier.
Preferably the identifier 306 points to memory locations of stored data, within the storage array 303. The data recipient is presented with data that- the data recipient is authorised to view. The processor 302 can hold a directory of data stored within the storage array 303. The directory is a listing of all data stored in the storage array 303. A particular data recipient can only view the pieces of data or instances of data that the recipient is authorised to view. The recipient can select the particular data instances the recipient wants to access. Based on the recipient's selection the processor issues a unique identifier for the location of the data within the storage array 303. In one form the identifier can include the virtual location of the storage array 303 as well as the memory location of the data.
In. another embodiment the URL points only to the virtual identifier of the storage array 303. The recipient uses the URL to access the storage array 303. The
identifier 306 preferably also limits the recipient to the memory locations of authorised data, within the array 303. In this alternate embodiment the storage array 303 may present the user with a directory of various data the user is authorised to access.
Once the recipient uses the identifier 306 and access the storage array 307, the user can extract the data the user desires from the storage array 303, as indicated by feature 308. The data is required to be downloaded and saved onto the data recipient's device.
In a further alternate embodiment the recipient is presented with a web plug in module that allows the recipient to access the data. The web plug in module allows the recipient to view and modify the data without having to download the data onto the recipient computing device 201. The sender can create rules and limit the recipient's ability to amend or modify the stored data, for example the recipient may only have view only
privileges.
The system as per Figure 3 preferably includes a plurality of data storage arrays 303a, 303b, in addition to 303. There can be any number of additional storage arrays n the system. We have illustrated 2 additional arrays as an example. These additional storage arrays preferably include the same data' as the storage array 303. These additional storage arrays 303a, 303b serve as back up or redundancy. These additional storage arrays are present in case one storage array fails, the others can be used to access stored data. The identifier 306 issued can be to any one of the storage array's 303, 303a, 303b. If new identifier is issued because a previous identifier "timed out", the new identifier can correspond to any one of the storage arrays. The processor 302 can communicate 309 with the storage arrays. The processor 302 can send a message to the storage array to inform the storage arrays of a successful authentication by a user. The processor 302 may send the recipient's details such that the storage array can identify the recipient. In another embodiment the processor 302 may simply inform the storage array 303 to expect a request for data from a recipient.
The system described in Figure 3 can be used with the system described in Figure 2. The data to be stored by the sender is encrypted by using the encryption system described. The encrypted data is stored on the storage array 303, In another embodiment the processor 302 can be same as the server 200, wherein the sender uses the processor 302 to encrypt the data. The data recipient may authenticate with the processor 302 or server 200. In one embodiment the data recipient authenticates with the processor 302 and is presented with a one time identifier pointing to the storage array location as well as a decryption key. The key is preferably stored in remote location to the storage array 303. In one form the decryption key may be stored on the processor 302 and provided to a recipient. The data recipient uses the one time identifier to access the data and uses the key to decrypt the accessed data. In another embodiment the processor 302 can be implemented based on a System for securing data as described with reference to WO
2009/079708. Figure 4 shows a flow diagram of the system of the present invention. The system for accessing securely stored data firstly involves receiving a request from a data recipient at step 401. The processor 302 receives the request from the data recipient's computing device 301. At step 402 the processor authenticates the user (data recipient) . Authentication can be done in any suitable way, such as an email address or another unique user identifier and a password, or PIN or other such tool. If authentication fails, the request is terminated, as per step 403. If authentication is successful the processor 302 sends an electronic message with the location of the storage array 303, at step 404. The location can be in any suitable form as described. At step 405 the user (data recipient) uses, the location identifier to access the storage array 303. At step 406 the user accesses the data the user is authorised to access. The user can process the data in any means the user to authorised to do so. The method may include the further step of receiving a decryption key 407. The recipient can receive the key either after the recipient is authenticated or once the user has accessed the data from the storage array 303. The key is used to decrypt the stored encrypted data, at step 408. The process is complete once the user accesses the data. In a further embodiment the method may include a further step 408 of authenticating the user at once the user has access the storage array 303. The processor 303 may further authenticate the user (data recipient) to allow the user to access desired data from the array 303, at step 409. If the authentication fails the method is ended, step 410. -If the authentication is successful the user is allowed access to the storage array 303, at step 411. Steps 409-411 are optional and only in the diagram as optional steps.
This system presents a safer system and method of accessing securely stored data. The system is a more secure to attack from hackers because the data is stored in a remote location to the processor. The processor requires authentication from the data recipient and then sending an identifier identifying the location of the storage array. The remoteness of the processor and storage array provides security. The authentication step provides a further layer of security. The data stored in the storage array is preferably encrypted. The key is stored in a further remote location to the processor and storage array. The recipient receives the key and an identifier pointing the location of the data once authenticated. The key and data being stored in separate locations provides further security against a hacker, because in order to access the data the hacker needs to hack the processor to access the identifier, then the hacker needs to further locate the key and only then can a hacker gain access to the data. The one time identifier expires after a predetermined time period. This provides for a further layer of security. This as the hacker is trying hacking the recipients device or the processor, the identifier expires so even if the hacker access the identifier that
identifier does not point to the storage array. The storage array 303 is in an unknown location to the data recipient. The unique identifier is the only information that points, to the location of the storage array. This adds another layer of security because a potential hacker would not know the location of storage array. The system separates the locations of the decryption key, the processor and the storage array so that a hacker never has all the information required to access secure data.
Figure 5 shows a flow diagram for uploading data onto the storage array 303.
The process includes the step 501 of authenticating a data creator. The data creator can be authenticated by a suitable authentication process such a password, biometric data or any other suitable process.
At step 502 the data creator creates a local copy of the data on the data creator's device. At step 503 the data can be encrypted using the process described earlier with reference to Figure 2 or any other suitable
encryption process.
At step 504 the data creator requests the server 302 for permission to store the data on the storage array 303. As part of this request the user also requests the location of the storage array. As part of this request the data creator sends metadata to the storage array 303 so the array can confirm the data as being a correct format. At step 505 the server 302 sends the data creator a one-time URL for a one-time use to upload data. At step 506 the user uploads the data or sends the data to the storage array 303 using the one-time identifier i.e. the URL or any other resource locator. At step 507 the storage array compares the uploaded file with the metadata sent to the storage array and sends a status to the data creator. The status of successful uploads is either sent by the storage array 303 to the data creator directly or the status of successful upload is sent to the server 302 by the storage array 303, the server 302 in turn sending the status of successful upload to the data creator. At step 508 the uploaded data is marked as available.
A message or indicator can be sent to the user by either the storage array 303 or sent by the server 302 to the data sender to show the data being available for download. This is an optional extra feature of the system
implementation
Although not required, the embodiments described with reference to the Figures can be implemented as an
application programming interface (API) or as a series of libraries for use by a developer or can be included within another software application, such as a terminal or personal computer operating system or a portable computing device operating system. Generally, as program modules include routines, programs, objects, components and data files assisting in the performance of particular
functions, the skilled person will understand that the functionality of the software application may be
distributed across a number . of routines, objects or components to achieve the same functionality desired herein.
Figure 6 shows a further embodiment of a system for storing and accessing securely stored data. ' The system comprises a user device 601, a processor 602, vault server 603 and a storage array 604. It should be understood that secure connections are established between a user device 601 and any of the components of the system. The user device (i.e. recipient device) may include a client application that is a software application that
facilitates a secure connection. The client application may include gatekeeper or firewall services which allow' connections to the processor 602 or the storage array 604 or the vault server 603.
The user device 601 is a suitable computing device. In one form the user device is a computer. In another form the user device 601 may be a server such as the server 100 described earlier. The user device 601 allows a user to communicate with other elements of the system, create data, upload data, store data, encrypt data and access stored data.
The processor 602 in one form includes a processing unit and memory units. The processor 602 may include a user interface such as a keyboard to allow a person to communicate with the processor 602. In another form the processor 602 can be and has the parts described with respect to Figure 1. The . processor 602 includes a communication module that allows the processor 602 to communicate with the user device 601 and the vault server 603. The processor 602 can be an individual Server arranged to perform various functions. The processor can include similar hardware components as server 100.
The processor 602 is arranged to authenticate a user. using a suitable authentication process. In one form the processor may incorporate or include a list of data recipients as sent to it from a user who has uploaded data onto the storage array. The list includes a list of authorised data recipients who may download data from the storage array. The list can be in the form of an access control list as described earlier, that defines various rules or permissions with respect to access of data, functions that can be performed with the data, as well as providing the one time identifier.
The vault server 603 in one form can be a server such as the server 100 described with respect to Figure 1. The vault server 603 includes a communication module. The vault server 603 is adapted to communicate with the processor 602 and user device 601. The vault server 603 further is adapted and arranged to communicate with and send data to and from the storage array 604. The vault server 603 is adapted to communicate with the processor 602 and the user device 601. In one embodiment the vault server 603 is arranged to receive a request for
information related to location of the stored data within a storage array. The vault server is arranged to determine the location of the data and provide information to the processor 602. The processor 602 utilises this information and generates and sends an identifier relating to the. location of the storage array to the user. In one form only the vault server 603 is adapted to communicate with the storage array and only the vault server can download and upload date onto the storage array 604. In an
alternate embodiment the vault sever 603 may generate and transmit the identifier to a user.
The storage array 604 is any suitable memory device that can receive and store data. The storage array can be any suitable memory device such as ROM, RAM, hard disk drive, flash memory. In some form the storage array 604 may be formed from a collection of linked computers, such as a computer form or a cloud computing system. In another form the storage array 604 may be arranged as a database . The processor 602, the vault server 603 and storage array are isolated with each other. In another embodiment the storage array 604 may be incorporated into or with the vault server 603 and may be part of the vault server 603. In one form the processor 602, the vault server 603 and the storage array 604 being physically isolated from one another. In this form the processor 602, vault server 603 and storage array may be in three separate locations.
These locations are unknown to user.
In another form the vault server 603 and storage array 604 may be electronically isolated. This means the vault server 603 and the storage array 604 may be in the same physical location, for example in the same casing, but are electronically isolated from each other. The storage array 603 and storage array 604 may be wired or configured in a suitable way to isolate the storage array 604 and vault server 603 for example with the use of fire walls, implementation on isolated processors and so on.
In an alternative embodiment the system may include a plurality of storage arrays 604a - 604c. The storage arrays are all linked to and can communicate with the vault server.
The vault server.603 stores the locations and addresses of all storage arrays 604, 604a, 604b. The vault server 603 may store a list of all memory locations in the form of a directory. In the preferred form the processor 602, vault server 603 and storage arrays are remote and isolated from each other. The vault server 603 transmits the location information to the processor 602 when the vault server receives a request for the location of stored data. The processor 602 uses this location information to generate the one time identifier. In a further embodiment the user device 601 may have installed on it a program that allows the user device 601 to be compatible and communicate with the processor 602 and the vault server 603. This program may be called Secure Store. This program may be software application or a web plug in that allows the user device to establish a communication link with the other components of the system 300. The stored program preferably formats the commands of the user into the correct format to allow a user to communicate with the processor 602, vault server 603 and storage array 604. The processor 602 or the vault server 603 are adapted to process requests from a user. These requests may be a request to upload or download data onto the storage location. The processor 602 or the vault server 603 are arranged to process requests and arranged to execute stored instructions. The processor 602 or the vault server 603 may have a. screen to display information. The
processor 602 or vault server 603 may further include a user interface to allow a user to input commands. In one form the processor 602 is adapted to create and transmit a one time identifier to the user once the user is authenticated and authorised. In another form the vault server 603 is adapted to generate and transmit a one time identifier to the user is authenticated and
authorised by the processor 602. The. identifier 605 is created and sent as an electronic message, such email, sms, multi media message (rams) , html text or any other suitable electronic message. The electronic message is preferably encrypted but may be unencrypted. Any suitable protocol is used to transmit the identifier 605.
The identifier 605 points to the location of the storage array to allow a user to upload or download data from storage array 604. The identifier 605 is a resource locator such as a URL, URN or URI . Preferably a URL is used as the identifier 605, but other suitable resource locators can be used. The identifier 605 is only valid for a pre-determined time. Once the pre-determined time expires the identifier is deemed useless and the recipient will be needed to acquire a new identifier 605. The predetermined time can be any suitable time duration for example 2 minutes, 30 seconds, 4 minutes or any other suitable duration. This pre-determined or time out function of the identifier adds to the security of the system, which stops a hacker from accessing the stored data since the identifier is likely to time out before a hacking process is .complete. Once the pre-determined time expires the identifier is useless and cannot be used to access the location of the storage array 604 .
The user 601 can use the one time identifier to access the storage array 604 , via a communications network 606 . The user 601 communicates with the vault server 603 and access the storage array using the one time
identifier. The identifier 605 may be transmitted via the communications network. The communications network allows communication between all the parts of the system and can be any suitable network.
In one form the identifier 605 may be similar to the identifier 306 as described earlier. An identifier similar to 306 may be used with the system described in relation to Figure 6 .
In a further embodiment the system may include a further decryption server that provides the user with a decryption key once the user downloads the data from the storage array. The decryption server is remote from the other system components in order to increase security of data and make the key difficult to access for a hacker. The use of a storage array ( 303 or 604 ) is
advantageous because it allows large sized data to be securely transferred to a recipient. A sender can upload large sized data files or data objects into the storage array. The sender can secure the data by encrypting the data and establishing various rules or permissions defining access conditions of the data, the functions a recipient can perform, the way a user can interact with the data, and rules for providing the one time identifier. These rules can be applied at any time throughout the process of retrieving data from the storage array. Figure 7 shows a flow diagram for storing data securely on the storage array 604. At step 701 the user is authenticated by the processor 602. The user can access the server 602 using the user computing device 601. The user can be authenticated using any suitable
authentication process such as passwords, biometric markers and so on. In another form the user may
authenticate itself as an authorised user with the vault server 603. At step 702 the user can create a local copy of the data that requires storing on the user device 601. The data is stored on the memory of the user device 601. At step 703 the user sends a request to upload or store data, to the processor 602. The processor receives the request to upload data from the user, at step 703. At step 704, the processor 602 sends a request to the vault server 603 for location information related to an empty location within the storage array. This is only done once the use is authenticated. The user may also need to be authorised and adhere to a rule or permission that can be stored on the processor 602.. The identifier is preferably a URL but can be any other suitable identifier.
At step 705 the processor 602 sends a metadata to the vault server 603 so that the vault server can confirm the contents received are original and authenticated data from an authenticated user. At step 706 the processor 602 sends the identifier to the user device 601 and hence to the user. In another form, at step 706, the vault server may send the one time identifier to the processor 602, the processor in turn sends the identifier to the user device 601. As a further alternative the vault server 603 may generate and send the one time identifier directly to the user.
At step 707 the user can upload data to the storage array 604 using the one-time identifier. In another form the data can be uploaded onto the vault server 603, the vault server 603 then sends the data to the storage array 604 stores the data in a memory location in the storage array 604.
At step 708 the vault server 603 compares the data received by user device 601 with the metadata- to ensure the data being loaded is original data received from an authenticated user. At step 709 the vault server sends a status of successful upload to the processor 602. In an alternate form the vault server 603 sends a status of successful upload directly to the user 601. In the alternate form once the processor receives a message of successful upload, the processor 602 sends a status of successful upload to the user. In another form the vault server 603 sends the message of successful upload to the user.
Figure 8 shows flow diagram of the process of accessing securely stored data. At step 801 a user wanting to access securely stored data, is authenticated and authorised using a suitable authentication and authorisation process. At optional step 802 the user can request a directory of available data for access in a storage array 604. The vault server 603 or the processor 602 may store a list of all data stored on the storage array along with a directory list of the memory locations of where the data is stored. At step 803 the user requests permission to download data from the storage array. At step 804 the processor 602 confirms authorisation and authentication of the user and sends a one-time identifier. In another form the vault server 603 sends a one-time identifier to the user once the user is authorised and authenticated. The one-time identifier can be any suitable identifier identifying the location of the storage array. The identifier is preferably a URL but can be a URI URN or any other suitable identifier pointing to the location of the storage array. The one-time identifier is
specifically created for the requested file. In one form · the identifier may also point to the specific memory location of the data in the storage array.
At step 805 the user downloads the data directly from the vault server 603 using the one time identifier that includes the location of the storage array. The vault server 603 fetches data from the storage array 604 for the user, and transmits- it to the user at step 805. At step 806 the vault server 603 sends a message of successful download to the processor 602. At optional step 807 the processor adds download information to a download log. The log may be stored on the processor, or the vault server or on the user device. At optional step 808 the user can decrypt . data if the data is encrypted using the decryption process discussed. in Figure 2 and Patent
Application WO/2009/079708. In an alternate form the decryption server sends the user a decryption key to decrypt the encrypted data.
In an alternate embodiment the components of system 300 (i.e. 302, 303, 303a, 303b) or the components of system 600 (i.e. 602, 603, 604, 604a, 604b) may be implemented on a single machine (e.g. a PC or laptop or server) and may be electronically isolated from each other. In another alternate embodiment the components of system 300 or system 600 may be implemented on a single machine and may not be electronically isolated. This is because the single machine may be trusted machine that is secure.
In an alternate embodiment the identifier 605 may be generated by the vault server 603, after the processor 602 has authenticated a user as an authorised user. The vault server 603 may communicate directly with the user device 601. It will also be appreciated that where the methods and systems of the present invention are either wholly implemented by computing system or partly implemented by computing systems then any appropriate computing system architecture may be utilised. This will include stand alone computers, network computers and dedicated /hardware devices. Where the terms "computing system" and
"computing device" are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described.
It will be appreciated 'by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the
invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.
Any reference to prior art contained herein is not to be taken as an admission that the information is common general knowledge, unless otherwise indicated.

Claims

CLAIMS:
1. A method of accessing securely stored data comprising the steps of:
receiving a request from a data recipient to access stored data
sending to the data recipient a one time identifier defining the location of the stored data.
2. The method as per claim 1 comprising the additional step of authenticating a data recipient as an authorised data recipient upon receiving a request to access stored data.
3. The method as per any one of the preceding claims
wherein the identifier defining the location of the stored data is only effective for a pre-determined time.
4. The method as claimed in any one of the preceding
claims wherein after a pre-determined time a hew identifier pointing to the data is created.
5. The method as per any one of the preceding claims
wherein the authentication of a data recipient is done at a processor at a first location and the data being stored in a storage array at a second location.
6. The method as per any one of the preceding claims further comprising the step of delivering stored data to the data recipient from the storage array.
7. The method as per any one of the preceding claims wherein the authentication is performed once the data recipient accesses the storage array.
8. The method as per any one of the preceding claims wherein a further authentication step occurs prior to sending the data recipient the identifier defining the location of the stored data.
9. The method as per any one of the preceding claims
comprising the additional step of sending a
decryption key to a data recipient.
10. The method as per any one of the preceding claims
wherein the decryption key is sent once a data recipient is authenticated.
11. The method as per any one of the preceding claims
comprising the additional step of:
providing a directory of stored data, to allow a data recipient to select data to be accessed.
12. The method as per any one of the preceding claims
wherein the data recipient receives the identifier in the form of an universal resource locator.
13. The method as per any one of the preceding claims
wherein the identifier is sent as an electronic mail message to the data recipient.
14. The method as per any one of the preceding claims
wherein the processor sends a message to the data storage array, once a data recipient has
authenticated and requested the data.
15. A system for accessing securely stored data
comprising:
a processor arranged to receive a request from a data recipient,
the processor arranged to send the data recipient a one time identifier defining the location of stored data, a storage array storing the data, the identifier defining the location of the storage array such that the data recipient can access the storage array using the identifier.
The system as per claim 15 wherein the processor is further arranged to authenticate the data recipient as an authorised data recipient.
The system as per any one of claims 15 to 16 wherein the processor is in a first location, the storage array is in a second location.
The system as per any one of claims 15 to 17 wherein the identifier defining the location of the stored data is only effective for a pre-determined time
The system as per any one of claims 15 to 18 wherein after the pre-determined time a new identifier pointing to the data is created.
The system as per any one of claims 15 to 19 wherein the system further includes a server to send the data recipient a decryption key to decrypt data accessed from the storage array.
The system as per any one of claims 15 to 20 wherein the decryption key is sent to the data recipient after the processor has authenticated the data recipient.
The system as per any one of claims 15 to 20 wherein the identifier is an universal resource locator
The. system as per any one of claims 15 to 21 wherein the processor sends the identifier to the data recipient as an electronic message.
The system. as per any one of claims 15 to 22 wherein the processor is implemented on a first server and the storage array implemented on a second server.
A method for accessing securely stored data
comprising the steps of:
sending a request for to access stored data, receiving a one time identifier defining the location of the stored data.
The method as claimed in claim 25 comprising the additional step of authenticating as an authorised data recipient.
The method as per any one of claims 25 to 26 wherein the identifier defining the location of the stored data is only effective for a pre-determined time.
The. method as claimed in any one of claims 25 to 27 wherein after a pre-determined time a new identifier pointing to the data is created.
The method as per any one of claims 25 to 28 wherein the authentication is done at a processor at a first location and the data being stored in a storage array at a second location.
The method as per any one of claims 25 to 29 further comprising the step of accessing data from the storage array using the identifier.
The method as per any one of claims 25 to 30
comprising the additional step of performing a further authentication once the storage array is accessed.
32 . The method as per any one of claims 25 to 31 wherein the authentication is performed prior to receiving the identifier defining the location of the stored data.
33 . The method as per any one of claims 25 to 32
comprising the additional step of receiving a
decryption key, the decryption key used to decrypt stored data.
34 . The method as per any one of claims 25 to 33 wherein the decryption key is received once authentication is complete.
35 . The method as per any one of claims 25 to 3
comprising the additional steps of:
accessing a directory of stored data
selecting data to be accessed from the directory.
36 . The method as per any one of claims 25 to 35
comprising the additional step of receiving the identifier in the form of an universal resource locator.
37 . The method as per any one of claims 25 to 36 wherein the identifier is received as an electronic mail message.
38 . The method as per any one of claims 25 to 37 wherein the processor sends a message to the data storage array, once a data recipient has authenticated.
39 . A system for accessing securely stored data, the
system comprising:
a processor arranged to receive a request frdm. a data recipient and authenticate a user,
a vault server arranged to communicate with a storage array and processor,
the vault server further arranged to send the data recipient a one time identifier defining the location of stored data, and
a storage array storing the data, the identifier defining the location of the storage array such that the data recipient can access the storage array using the identifier.
The system as claimed in claim 39 wherein the processor, storage array and the vault server are isolated from each other.
The system as claimed in claim 39 wherein the vault server is adapted to issue a one time identifier that points to the location of the storage array, wherein the user access the storage array by utilising on the one time identifier.
The system as claimed in claim 41 wherein the one time identifier is effective for a pre-determined time.
The system as claimed in any one of claims 39 to 42 wherein the processor is adapted to authenticate a user as being an authorised user.
The system as claimed in any one of claims 39 to 43 wherein the identifier is a resource locator.
The system as claimed in any one of claims 39 to 44 wherein processor is adapted to send a message to the vault server to issue an identifier once the user is authenticated.
The system as claimed in any one of claims 39 to 45 wherein vault server is adapted to maintain a directory .of data stored in the storage array.
47. The system as claimed in any one of claims 39 to 46 wherein identifier is sent as an electronic message to the user.
48. A method for uploading data securely onto a system comprising the steps of:
receiving a request to upload from a user.
creating and sending a one time identifier to the user
receiving data from the user, and
storing data onto a storage array
49. The method as claimed in claim 48 wherein the one
time identifier is valid for a pre-determined time period.
50. The method as claimed in any one of claims 48 or 49 wherein the one time identifier defines the location of a storage array.
51. The method as claimed in any one of claims 48 to 50 wherein the method comprises the additional step of authenticating a user at the processor.
52. The method as claimed in any one of claims 48 to 51 wherein the one time identifier is created and sent by a vault server, the one time identifier is sent when the user is authenticated at the processor.
53. The method as claimed in any one of claims 48 to 52 wherein the storage array, the vault server and the processor are isolated from each other.
54. The method as claimed in any one of claims 48 to 53 comprising the additional step of receiving metadata from the user.
55. The method as claimed in any one of claims 48 to 54 comprising the additional steps of comparing the received data and the metadata, and sending a status of successful upload of data onto the storage array.
56. A method for accessing securely stored data
comprising the steps of:
receiving a request from a user' to access stored data, and
creating and sending a one time identifier to the user.
57. The method as claimed in claim 56 wherein the one
time identifier defines the location of the storage array.
58. The method as claimed in any one of claims 56 or 57 wherein the one time identifier is effective for a pre determined period of time.
59. The method as claimed in any one of claims 56 to 58 wherein the method comprises the additional step of authenticating a user as an authorised user to receive data.
60. The method as claimed in any one of claims 56 to 59 wherein the method comprises the step of presenting the user with a directory of data available at the storage array.
61. The method as claimed in any one of claims 56 to 60 wherein the method comprises the additional step of sending the user a message of successful download.
62. The method as claimed in any one of claims 56 to 61 wherein authentication is done by a processor, a vault server creates and sends the one time
identifier, and wherein the storage array, the vault server and the processor are remote from each other.
63. The method as claimed in any one of claims 56 to 62 wherein a new one time identifier is issued once the pre-determined period of time is expired.
64. The. method as claimed in any one of claims 56 to 63 wherein the method comprises the additional step of adding each download to a download log maintained on the vault server.
65. A computer program comprising . at least one
instruction which, when implemented on a computer readable medium of a computer system, causes the computer to implement the method in accordance with any one of claims 1 to 14.
66. A computer readable medium providing a computer in accordance with claim 65.
67. A computer program comprising at least one
instruction which, when implemented on a computer readable medium of a computer system, causes the computer to implement the method in accordance with any one of claims.25 to 38.
68. A computer readable medium providing a computer in accordance with claim 67.
69. A computer program comprising at least one
instruction which,, when implemented on a computer readable medium of a computer system, causes the computer to implement the method in accordance with any one of claims 48 to 55. A computer readable medium providing a computer in accordance with claim 69.
A computer program comprising at least one
instruction which, when implemented on a computer readable medium of a computer system, causes the computer to implement the method in accordance with any one of claims 56 to 64.
A computer readable medium providing a computer in accordance with claim 71.
PCT/AU2012/000943 2011-08-11 2012-08-10 System and method for accessing securely stored data WO2013020177A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2011903220A AU2011903220A0 (en) 2011-08-11 System and method for accessing securely stored data
AU2011903220 2011-08-11

Publications (1)

Publication Number Publication Date
WO2013020177A1 true WO2013020177A1 (en) 2013-02-14

Family

ID=47667776

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2012/000943 WO2013020177A1 (en) 2011-08-11 2012-08-10 System and method for accessing securely stored data

Country Status (1)

Country Link
WO (1) WO2013020177A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017106938A1 (en) * 2015-12-24 2017-06-29 Haventec Pty Ltd Improved storage system
EP3413227A1 (en) * 2013-03-29 2018-12-12 Citrix Systems Inc. Providing a managed browser
US10284627B2 (en) 2013-03-29 2019-05-07 Citrix Systems, Inc. Data management for an application with multiple operation modes
US10402546B1 (en) 2011-10-11 2019-09-03 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US10476885B2 (en) 2013-03-29 2019-11-12 Citrix Systems, Inc. Application with multiple operation modes
US10545748B2 (en) 2012-10-16 2020-01-28 Citrix Systems, Inc. Wrapping unmanaged applications on a mobile device
US10908896B2 (en) 2012-10-16 2021-02-02 Citrix Systems, Inc. Application wrapping for application management framework

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070005963A1 (en) * 2005-06-29 2007-01-04 Intel Corporation Secured one time access code
EP2296337A1 (en) * 2009-09-11 2011-03-16 Gemalto SA Method of protecting access to data on a network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070005963A1 (en) * 2005-06-29 2007-01-04 Intel Corporation Secured one time access code
EP2296337A1 (en) * 2009-09-11 2011-03-16 Gemalto SA Method of protecting access to data on a network

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10402546B1 (en) 2011-10-11 2019-09-03 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US10469534B2 (en) 2011-10-11 2019-11-05 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US11134104B2 (en) 2011-10-11 2021-09-28 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US10545748B2 (en) 2012-10-16 2020-01-28 Citrix Systems, Inc. Wrapping unmanaged applications on a mobile device
US10908896B2 (en) 2012-10-16 2021-02-02 Citrix Systems, Inc. Application wrapping for application management framework
EP3413227A1 (en) * 2013-03-29 2018-12-12 Citrix Systems Inc. Providing a managed browser
US10284627B2 (en) 2013-03-29 2019-05-07 Citrix Systems, Inc. Data management for an application with multiple operation modes
US10476885B2 (en) 2013-03-29 2019-11-12 Citrix Systems, Inc. Application with multiple operation modes
US10701082B2 (en) 2013-03-29 2020-06-30 Citrix Systems, Inc. Application with multiple operation modes
US10965734B2 (en) 2013-03-29 2021-03-30 Citrix Systems, Inc. Data management for an application with multiple operation modes
WO2017106938A1 (en) * 2015-12-24 2017-06-29 Haventec Pty Ltd Improved storage system
US11314873B2 (en) 2015-12-24 2022-04-26 Haventec Pty Ltd Storage system

Similar Documents

Publication Publication Date Title
JP6941146B2 (en) Data security service
AU2008341026B2 (en) System and method for securing data
CN104662870B (en) Data safety management system
US9124641B2 (en) System and method for securing the data and information transmitted as email attachments
US10397008B2 (en) Management of secret data items used for server authentication
KR101076861B1 (en) Pre-licensing of rights management protected content
WO2013020177A1 (en) System and method for accessing securely stored data
CA2899027C (en) Data security service
US20030208681A1 (en) Enforcing file authorization access
US10579809B2 (en) National identification number based authentication and content delivery
WO2013020178A1 (en) A system and method for distributing secured data
KR20220039779A (en) Enhanced security encryption and decryption system
KR101996579B1 (en) Security broker system and method for securely sharing file stored in external storage device
WO2013006907A1 (en) A system and method for streaming secured data
WO2013044311A1 (en) A system and method for distributing secured data
KR20010095907A (en) A contents providing system and the providing method with new security technology
JP6885150B2 (en) File sharing system, file sharing device, file sharing method, and file sharing program
WO2013044312A1 (en) A system and method for distributing secured data
WO2013044302A2 (en) A system and method for distributing secured data
AU2013200771A1 (en) System and method for distributing secured data
WO2013044310A1 (en) A system and method for distributing secured data
WO2013044306A1 (en) A system and method for distributing secured data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12821691

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12821691

Country of ref document: EP

Kind code of ref document: A1