WO2016100404A1 - Systems and methods for diffracted data retrieval - Google Patents
Systems and methods for diffracted data retrieval Download PDFInfo
- Publication number
- WO2016100404A1 WO2016100404A1 PCT/US2015/065911 US2015065911W WO2016100404A1 WO 2016100404 A1 WO2016100404 A1 WO 2016100404A1 US 2015065911 W US2015065911 W US 2015065911W WO 2016100404 A1 WO2016100404 A1 WO 2016100404A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- client device
- data object
- retrieve
- request
- initiation server
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 58
- 230000000977 initiatory effect Effects 0.000 claims abstract description 156
- 238000012163 sequencing technique Methods 0.000 claims abstract description 100
- 230000004044 response Effects 0.000 claims abstract description 44
- 238000012795 verification Methods 0.000 claims description 24
- 238000004891 communication Methods 0.000 description 41
- 230000008569 process Effects 0.000 description 22
- 230000005540 biological transmission Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 5
- 230000005236 sound signal Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 101150012579 ADSL gene Proteins 0.000 description 1
- 102100020775 Adenylosuccinate lyase Human genes 0.000 description 1
- 108700040193 Adenylosuccinate lyases Proteins 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 150000003839 salts Chemical class 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Definitions
- Various embodiments described herein relate generally to the field of electronic data security and more particularly to diffracted retrieval of data from multiple storage locations.
- DDR may eliminate a mass security breach as a client device is unable to retrieve a data object in its entirety through a single request and from a single storage location. Instead, the client device is required to execute multiple, separately validated requests across multiple storage locations in order to retrieve a single data object.
- a method for retrieving a data object includes: transmitting from a client device to an initiation server a request to retrieve the data object, wherein the data object comprises a plurality of segments stored across a plurality of storage locations; receiving, at the client device, a sequencing key from the initiation server in response to the request to retrieve the data object, wherein the sequencing key comprises an ordered list of the plurality of storage locations; and retrieving, by the client device, the plurality of segments of the data object from the plurality of storage locations based at least in part on an order indicated by the sequencing key.
- a method for providing a data object includes: transmitting from a client device to an initiation server a request to retrieve the data object, wherein the data object comprises a plurality of segments stored across a plurality of storage locations; receiving, at the client device, a sequencing key from the initiation server in response to the request to retrieve the data object, wherein the sequencing key comprises an ordered list of the plurality of storage locations; and retrieving, by the client device, the plurality of segments of
- the method includes: receiving, at an initiation server, a request from a client device to retrieve a data object; generating a sequencing key in response to the request from the client device to retrieve the data object, wherein the sequencing key comprises an ordered list of the plurality of storage locations; transmitting the sequencing key to the client device; receiving a notification from a first of the plurality of storage locations of an attempt by the client device to retrieve a first segment of the data object; determining whether the request to retrieve the first segment of the data object from the first storage location is in the order indicated by the sequencing key; and invalidating a session with the client device in response to determining that the request to retrieve the first segment of the data object from the first storage location is not in the order indicated by the sequencing key.
- the method includes: receiving, at a first of a plurality of storage locations, a request from a client device to retrieve a first of a plurality of segments of a data object, wherein the data object comprises the plurality of segments stored across the plurality of storage locations; transmitting, to an initiation server, a notification of the attempt by the client device to retrieve the first segment of the data object; determining whether a verification of the request is received from the initiation server; and in response to determining that a verification of the request is received from the initiation server: verifying an access key provided by the client device; and providing the first segment of the data object to the client device in response to successfully verifying the access key provided by the client device.
- a system for DDR may include plurality of storage locations, a client device, and an initiation server.
- the client device may be configured to: transmit a request to retrieve a data object, wherein the data object comprises a plurality of segments stored across the plurality of storage locations; receive a sequencing key in response to the request to retrieve the data object, wherein the sequencing key comprises an ordered list of the plurality of storage locations; and retrieve the plurality of segments of the data object from the plurality of storage locations based at least in part on an order indicated by the sequencing key.
- the initiation server may be configured to: receive the request from the client device to retrieve the data object; generate the sequencing key in response to the request from the client device to retrieve the data object; transmit the sequencing key to the client device; and monitor a progress of the retrieval of the data object by the client device.
- FIG. 1 is a network diagram illustrating a network environment according to various embodiments
- FIG. 2A illustrates a sequencing key according to various embodiments
- FIG. 2B illustrates a diffraction table according to various embodiments
- FIG. 3 is a flowchart illustrating a process for retrieving a data object according to various embodiments
- FIG. 4 is a flowchart illustrating a process for providing a data object according to various embodiments
- FIG. 5 is a flowchart illustrating a process for providing a data object according to various embodiments
- FIG. 6 is a flowchart illustrating a process for providing a data object according to various embodiments.
- FIG. 7 is a block diagram illustrating wired or wireless system according to various embodiments.
- FIG. 1 is a network diagram illustrating a network environment 100 according to various embodiments.
- a client device 110 communicates with an initiation server 120.
- the client device 1 10 can be any device that is capable of communication with or causing communication with the initiation server 120 through a wired or a wireless connection.
- the client device 1 10 may be a wired or wireless communication device including, for example, but not limited to, a smartphone, a wearable device, a tablet personal computer (PC), a laptop, a desktop PC, a personal entertainment system, and an embedded processing system.
- the client device 110 may communicate with the initiation server 120 via a communication network 130.
- the communication network 130 represents one or more wired and/or wireless connections.
- the communication network 130 may include, for example, but not limited to, a wired and/or wireless local area network (LAN), a wired and/or wireless wide area network (WAN), and any combinations thereof.
- LAN local area network
- WAN wide area network
- One or more features and functionalities of the initiation server 120 can be exposed via a user interface (UI).
- UI user interface
- one or more features and functionalities of the initiation server 120 may be accessed on the client device 1 10 via a mobile and/or web application.
- the client device 110 may transmit a request to retrieve a data object to the initiation server 120 by inputting, selecting, or otherwise invoking a getData() command through the UI provided via the client device 110.
- references to the data object throughout the present disclosure extends to any metadata that is associated with the data object.
- any operation that is performed with respect to the data object e.g., retrieving the data obj ect
- the initiation server 120 is configured to receive and process the request to retrieve the data object.
- the data object may have been decomposed into a plurality of segments and stored across a plurality of storage locations including, for example, but not limited to, a first data store 140, a second data store 150, a third data store 160, and a fourth data store 170.
- the initiation server 120 may decompose the data obj ect and distribute segments of the data obj ect across the plurality of storage locations when the request to retrieve the data object is received at the initiation server 120. Storage and retrieval of data obj ects that are decomposed into a plurality of segments and distributed across multiple storage locations are described in U.S. Patent Application No. 14/863,294, the disclosure of which is incorporated herein by reference in its entirety.
- segments of the data object may be stored in a different number of storage locations without departing from the scope of the present inventive concept.
- the number of storage locations used to store segments of the data object may vary based on one or more factors including, for example, but not limited to, a size of the data object, a complexity of the data object, and a number of segments associated with the data object.
- segments of the data object may have been stored across multiple local and/or remote storage locations.
- the initiation server 120 may decompose the data object and distribute segments of the data object for storage across a plurality of local and/or remote storage locations upon receiving the request to retrieve the data object from the client device 1 10.
- the first data store 140 may be a local data store with respect to the client device 110 including, for example, but not limited to, an internal hard drive, a portal storage device (e.g., a universal serial bus (USB) flash drive, external hard drive), and any combination thereof.
- USB universal serial bus
- the second data store 150, the third data store 160, and the fourth data store 170 may be each be a remote data store (i.e., with respect to the client device 1 10) including, for example, but not limited to, one or more databases (e.g., MongoDB®), cloud storage, and any combination thereof.
- the second data store 150, the third data store 160, and the fourth data store 170 can each be a proprietary data store (i.e., directly associated with the initiation server 120), or be associated with one or more third-party file hosting services (e.g., Amazon® Simple Storage Service (S3), Dropbox®) and/or storage as a service (STaaS) providers.
- the client device 110 can communicate with the second data store 150, the third data store 160, and the fourth data store 170 (e.g., to retrieve segments of the data object) via the communication network 130.
- the initiation server 120 In response to the request from the client device 110, the initiation server 120 generates a sequencing key that includes an ordered list of individual identifiers corresponding to each of the storage location at which segments of the data object are stored.
- the initiation server 120 stores the sequencing key or a copy of the sequencing key (e.g., in the completion table 125 or in the fourth data store 170).
- the initiation server 120 further transmits the sequencing key or a copy of the sequencing key to the client device 110.
- the client device 110 retrieves the segments of the data object from each storage location based on the sequencing key and a diffraction table. According to one exemplary embodiment, in order to successfully retrieve the data object, the client device 110 is required to retrieve segments of the data object from each storage location in the order indicated by the sequencing key.
- the initiation server 120 is further configured to monitor the progress of the data retrieval by the client device 110.
- each storage location is configured to verify requests from the client device 110 to retrieve one or more segments of the data object.
- the second data store 150 may transmit a notification to the initiation server 120.
- the initiation server 120 determines whether the request to the second data store 150 is in the correct order indicated by the sequencing key.
- the initiation server 120 is configured to invalidate the current session with the client device 110 in response to determining that the request to retrieve data from the second data store 150 is not in the correct order indicated by the sequencing key.
- the client device 110 is further configured to provide a correct access key associated with the storage location.
- the client device 110 may provide the access key associated with the second data store 150 when requesting to retrieve one or more segments of the data object from the second data store 150.
- the second data store 150 verifies the access key provided by the client device 110. In the event that the access key provided by the client device 110 is incorrect, the second data store 150 can alert the initiation server 120. As a result, the initiation server 120 can invalidate the current session with the client device 110.
- the client device 110 may retrieve one or more segments of the data object directly from a storage location. Alternately or in addition, the client device 110 may retrieve one or more segments of the data object via a delivery server. For example, the client device 110 may retrieve one or more segments of the data object directly from the second data store 150 by transmitting a request to the second data store 150. Alternately, a delivery server 180 may intercept the request from the client device 110. The delivery server 180 may retrieve the segments of the data object from the second data store 150 and provide the segments of the data object to the client device 110. According to one exemplary embodiment, the operations of a delivery server (e.g., the delivery server 180) as an intermediary are transparent to the client device 110.
- a delivery server e.g., the delivery server 180
- FIG. 2A illustrates a sequencing key 200 according to various embodiments.
- the sequencing key 200 may include a plurality of data store identifiers including, for example, but not limited to, a first data store identifier 210, a second data store identifier 220, a third data store identifier 230, and a fourth data store identifier 240.
- Each of the data store identifiers can be associated with a corresponding data store.
- the first data store identifier 210 may be associated with the first data store 140
- the second data store identifier 220 may be associated with the second data store 150
- the third data store identifier 230 may be associated with the third data store 160
- the fourth data store identifier 240 may be associated with the fourth data store 170.
- the sequencing key 200 includes the plurality of data store identifiers in a specific order. For example, as shown in FIG. 2A, the sequencing key 200 indicates the following order: the first data store identifier 210, the second data store identifier 220, the third data store identifier 230, the second data store identifier 220, and the fourth data store identifier 240.
- the client device 1 10 is required to retrieve segments of the data object from each storage location according to the order indicated by the sequencing key 200. For example, the client device 110 may retrieve one or more segments of the data object first from the first data store 140 associated with the first data store identifier 210 that appears first in the sequencing key 200. Next, the client device 110 may retrieve one or more segments of the data object from the second data store 150 associated with the second data store identifier 220 appearing next in the sequencing key 200. The client device 110 may subsequently retrieve one or more segments of the data object from the third data store 160, the second data store 150, and the fourth data store 170 as indicated by the order that the corresponding data store identifiers appears in the sequencing key 200.
- the client device 110 may retrieve any number of segments of the data object each time the client device 110 retrieves segments of the data object from a storage location. For example, a same or different number of segments of the data object may be stored at each storage location. A person having ordinary skill in the art can appreciate that the client device 110 may retrieve a fixed or a variable number of segments from each storage location without departing from the scope of the present disclosure.
- FIG. 2B illustrates a diffraction table 250 according to various embodiments.
- the diffraction table 250 includes connection information associated each storage location including, for example, but not limited to, a universal resource locator (URL), a port number, and an access key.
- a sequencing key e.g., the sequencing key 200
- the client device 110 can retrieve segments of the data object from the plurality of storage locations based on the diffraction table 250.
- the client device 110 may retrieve one or more segments of the data object from the first data store 140 based on the URL, the port number, and access key associated with the first data store identifier 210 of the first data store 140 as provided by the diffraction table 250.
- the client device may retrieve one or more segments of the data object from the second data store 150 based on the URL, the port number, and access key associated with the second data store identifier 220 of the second data store 150 as provided by the diffraction table 250.
- the client device 110 in order to retrieve one or more segments of the data object from a data store, the client device 110 is required to provide a correct access key to the data store.
- Each storage location can authenticate the client device 110 based on the access key provided by the client device 110 when the client device 110 attempts to retrieve one or more segments of the data object from the data store.
- the client device 1 10 is required to provide the access key associated with the first data store 140 in order to retrieve one or more segments of the data object from the first data store 140.
- the access key associated with each storage location may be specific to each session between the client device 1 10 and the initiation server 120.
- the access key associated with each storage location may be a hash key.
- the access key associated with each storage location may be a salted hash key.
- the access key associated with each storage location can be generated based on a credential token that is specific to each storage location.
- the access key associated with each storage location can be generated based on a separate credential token that is specific to the client device 110.
- the initiation server 120 can provide the client device 1 10 with the credential token.
- the credential token associated with the client device 1 10 may be generated based on an internet protocol (IP) address of the client device 110 and a salt value.
- IP internet protocol
- the initiation server 120 can generate a random value for the credential token associated with the client device 110.
- the diffraction table 250 can be generated and provided by the initiation server 120. According to one exemplary embodiment, at least a portion of the connection information included in diffraction table 250 can be rotated based on a fixed schedule (e.g., daily). Alternately or in addition, at least a portion of the connection information included in the diffraction table 250 may be rotated dynamically (e.g., upon each login and/or detection of security risks). For example, the initiation server 120 may change at least some of the access keys included in the diffraction table 250 for each session between the client device 1 10 and the initiation server 120.
- a fixed schedule e.g., daily
- at least a portion of the connection information included in the diffraction table 250 may be rotated dynamically (e.g., upon each login and/or detection of security risks).
- the initiation server 120 may change at least some of the access keys included in the diffraction table 250 for each session between the client device 1 10 and the initiation server 120.
- the initiation server 120 can rotate the diffraction table 250 in response to an elevated security risk (e.g., detection of a security breach).
- the diffraction table 250 can be specific to the client device 1 10.
- the initiation server 120 can implement load balancing and/or prioritized access.
- the initiation server 120 can impose one or more restrictions on the storage locations that may be accessed by the client device 1 10.
- the diffraction table 250 may selectively include (or omit) one or more storage locations such one or more segments of the data object retrieved by the client device 1 10 are stored in some but not all of the available storage locations.
- FIG. 3 is a flowchart illustrating a process 300 for retrieving a data object according to various embodiments. Referring to FIGS. 1 -3, the process 300 can be performed by the client device 1 10.
- the client device 1 10 receives the diffraction table 250 from the initiation server 120 (302).
- client device 1 10 may receive the diffraction table 250 from the initiation server 120 upon each successful login.
- the diffraction table 250 includes connection information for one or more storage locations including, for example, but not limited to, an URL, a port number, and an access key associated with each storage location.
- the initiation server 120 can implement load balancing and/or prioritized access by selecting including (or omitting) one or more available storage locations from the diffraction table 250.
- the client device 1 10 transmits to the initiation server 120 a request to retrieve a data object (304).
- the client device 1 10 transmits a request to retrieve a data object that is decomposed into a plurality of segments and stored across a plurality of storage locations including, for example, but not limited to, the first data store 140, the second data store 150, the third data store 160, and the fourth data store 170.
- the initiation server 120 can decompose data object into the plurality of segments and distribute the segments across a plurality of storage locations in response to the request from the client device 1 10.
- the client device 1 10 receives a sequencing key from the initiation server 120 in response to the request to retrieve the data object (306).
- the initiation server 120 generates the sequencing key 200 in response to the request from the client device 110.
- the sequencing key 200 includes an ordered list of storage locations (i.e., data store identifiers) at which segments of the data object are stored.
- the sequencing key 200 may include the first data store identifier 210, the second data store identifier 220, the third data store identifier 230, the second data store identifier 220, and the fourth data store identifier 240.
- the client device 1 10 retrieves segments of the data obj ect from a plurality of storage locations based on the sequencing key and a diffraction table (308).
- the client device 110 reconstructs the data object from the segments of the data object (310).
- the client device 1 10 retrieves segments of the data obj ect from each of the plurality of storage locations at which segments of the data object are stored in an order specified by the sequencing key 200.
- the client device 1 10 may retrieve one or more segments of the data object from the first data store 140 followed by the second data store 150, the third data store 160, the second data store 150, and the fourth data store 170.
- the client device 1 10 may retrieve some segments of the data object concurrently from multiple storage locations without departing from the scope of the present disclosure.
- the client device 110 retrieves one or more segments of the data object from each storage location using the connection information (e.g., URL, port number, and access key) for each storage location as provided by the diffraction table 250. For instance, in order to retrieve one or more segments of the data object from the first data store 140, the client device 110 may be required to provide the access key associated with the first data store 140 as provided by the diffraction table 250.
- connection information e.g., URL, port number, and access key
- FIG. 4 is a flowchart illustrating a process 400 for providing a data object according to various embodiments. Referring to FIGS. 1 , 2A-B, and 4, the process 400 can be performed by the initiation server 120.
- the initiation server 120 authenticates the client device 110 (402). For example, in various embodiments, the initiation server 120 may authenticate the client device 110 based on a usemame and password. However, a person having ordinary skill in the art can appreciate that the initiation server 120 can authenticate the client device 1 10 in any manner without departing from the scope of the present disclosure.
- the initiation server 120 invalidates the current session with the client device 110 (404). For example, if the initiation server 120 cannot authenticate the username and/or password provided by the client device 1 10, the initiation server 120 may invalidate session with the client device 1 10 including by rejecting the attempt by the client device 1 10 to establish a session with the initiation server 120.
- the initiation server 120 can generate a diffraction table (406) and transmit the diffraction table to the client device 110 (408).
- the client device 110 may generate the diffraction table 250.
- generating the diffraction table 250 includes rotating at least a portion of connection information included in the diffraction table 250.
- the initiation server 120 may change at least some of the access keys provided by the diffraction table 250.
- the initiation server 120 can generate the diffraction table (e.g., the diffraction table 250) each time the client device 1 10 is successfully authenticated and initiates a secure session with the initiation server 120.
- the initiation server 120 can generate the diffraction table according to a different schedule (e.g., daily) or dynamically (e.g., login, security breach) without departing from the scope of the present disclosure.
- the initiation server 120 receives a request from the client device 110 to retrieve a data object (410).
- the client device 1 10 may establish a secure session with the initiation server 120 upon successful authentication of the client device 1 10.
- the client device 110 may have access to one or more features and functionalities provided by the initiation server 120 including the retrieval of one or more data objects.
- the client device 110 may transmit a request to retrieve a data object to the initiation server 120 by inputting, selecting, or otherwise invoking a getData() command.
- processing the request to retrieve the data object includes decomposing the data object into a plurality of segments and distributing the segments of the data object across a plurality of storage locations.
- processing the request further includes generating a sequencing key (e.g., the sequencing key 200).
- the initiation server 120 monitors whether the client device 110 retrieves the segments of the data object from the plurality of storage locations in the order indicated by the sequencing key (e.g., the sequencing key 200).
- the initiation server 120 determines whether the client device 110 continues to be logged in (413). If the initiation server 120 determines that the client device 110 is no longer logged in (413-N), the initiation server 120 terminates the session with the client device 110 (414).
- the initiation server 120 may receive a next request from the client device 1 10 to retrieve another data object (416). In response to receiving a request to retrieve another data object, the initiation server 120 processes the request to retrieve the data object (408).
- FIG. 5 is a flowchart illustrating a process 500 for providing a data object according to various embodiments.
- the process 500 can be performed by the initiation server 120 and can implement operation 412 of the process 400.
- the initiation server 120 generates a sequencing key in response to a request from the client device 1 10 to retrieve a data obj ect (502). For example, in response to the request from the client device 110 to retrieve a data object, the initiation server 120 may generate the sequencing key 200. In one exemplary embodiment, the sequencing key 200 may indicate the correct order according to which the client device 1 10 is required to retrieve segments of the data object, which have been distributed for storage across a plurality of storage locations including, for example, but not limited to, the first data store 140, the second data store 150, the third data store 160, and the fourth data store 170. [0065] The initiation server 120 stores the sequencing key or a copy of the sequencing key (504).
- the initiation server 120 transmits the sequencing key or a copy of the sequencing key to the client device 1 10 (506).
- the initiation server 120 may store the sequencing key 200 or a copy of the sequencing key 200 at a local data store (e.g., the completion table 125 or the fourth data store 170).
- the initiation server 120 may transmit the sequencing key 200 or a copy of the sequencing key 200 to the client device 110.
- the client device 110 may retrieve segments of the data object from the plurality of storage locations in the order indicated by the sequencing key 200 received from the initiation server 120.
- the initiation server 120 monitors the progress of the retrieval of the data object including by determining whether the client device 110 is retrieving segments of the data object in the order indicated by the sequencing key 200.
- the initiation server 120 receives a notification from a first storage location of an attempt by the client device 1 10 to retrieve a first segment of the data obj ect (508).
- the first storage location may respond to a request by the client device 110 to retrieve segments of the data object by transmitting a notification of the attempt to the initiation server 120.
- the client device 110 may attempt (e.g., based on the sequencing key 200) to retrieve one or more segments of the data object from the first data store 140.
- the initiation server 120 may receive, from the first data store 140, a notification that the client device 1 10 is attempting to retrieve one or more segments of the data object from the first data store 140.
- the initiation server 120 determines whether the request to retrieve segments of the data object from the first storage location is in the order indicated by the sequencing key (509).
- the client device 110 is required to retrieve segments of the data object from storage locations in the order indicated by the sequencing key in order to successfully retrieve the segments of the data object.
- the sequencing key 200 indicates that segments of the data object are required to be retrieved first from the first data store 140 followed by the second data store 150, the third data store 160, the second data store 150, and the fourth data store 170.
- the initiation server 120 may determine whether the request to retrieve segments of the data obj ect form the first data store 140 is in the order indicated by the sequencing key 200.
- the initiation server 120 may determine that the request to retrieve segments of the data object from the first storage location is not in the order indicated by the sequencing key (509-N). Accordingly, the initiation server 120 invalidates the session with the client device 1 10 (510). In addition, in some embodiments, the initiation server 120 may retract segments of the data object stored across the plurality of storage locations (512). For example, the initiation server 120 may determine that the client device 110 is attempting to retrieve segments of the data object from the first data store 140 while the sequencing key 200 indicates that the client device 1 10 is required to retrieve segments of the data object from the second data store 150. As such, the initiation server 120 may terminate the secure session with the client device 110. The initiation server 120 may further retract the segments of the data object that are stored in the first data store 140, the second data store 150, the third data store 160, and the fourth data store 170.
- the initiation server 120 may determine that the request to retrieve the segments of the data object from the first storage location is in the order indicated by the sequencing key (509- Y). In response, the initiation server 120 may transmit a verification to the first storage location (514). For example, the initiation server 120 may determine that the client device 110 is attempting to retrieve segments of the data object from the first data store 140 as indicated by the sequencing key 200. As such, the initiation server 120 may transmit to the first data store 140 a verification that the client device 1 10 is attempting to retrieve segments of the data object from the first data store 140 in the order indicated by the sequencing key 200.
- the initiation server 120 may determine whether the client device 1 10 is successfully verified by the first storage location (515). In addition to retrieving segments of the data obj ect from storage locations in the order indicated by the sequencing key, the client device 110 may be required to provide the correct access key associated with each storage location in order to successfully retrieve segments of the data object. In various embodiments, the access key for each storage location may be included in a diffraction table (e.g., the diffraction table 250) provided by the initiation server 120. For example, in response to an attempt by the client device 110 to retrieve one or more segments of the data object from the first data store 140, the first data store 140 may verify the client device 110 based on the access key provided by the client device 1 10. The first data store 140 may transmit to the initiation server 120 an indication of whether the first data store 140 is able to successfully verify the client device 1 10.
- a diffraction table e.g., the diffraction table 250
- the initiation server 120 may invalidate the session with the client device 1 10 (510). In some embodiments, the initiation server 120 may further retract the segments of the data object stored across the plurality of storage locations (512).
- the initiation server 120 may determine that the client device 110 is not successfully verified by the first data store 140 if the initiation server 120 receives a notification from the first data store 140 that the client device 110 was not successfully verified based on the access key provided by the client device 110 to the first data store 140. Alternately or in addition, the initiation server 120 may determine that the client device 1 10 is not successfully verified by the first data store 140 if the initiation server 120 fails to receive any notification from the first data store 140 within a threshold length period of time from when the initiation server 120 transmitted the verification that the client device 1 10 is retrieving segments of the data object in the order indicated by the sequencing key 200. As such, the initiation server 120 may terminate the secure session with the client device 110. The initiation server 120 may further retract segments of the data object that are stored across the first data store 140, the second data store 150, the third data store 160, and the fourth data store 170.
- the initiation server 120 may determine that the client device 1 10 is successfully verified by the first storage location (515-Y). For example, the initiation server 120 may receive a notification from the first data store 140 indicating that the first data store is able to successfully verify the client device 1 10 based on the access key provided by the client device 110. In some embodiments, the initiation server 120 may determine that the client device is successfully verified by the first data store 140 if the initiation server 120 receives the notification from the first data store 140 within a threshold period of time from when the initiation server 120 transmitted the verification that the client device 1 10 is retrieving segments of the data object in the order indicated by the sequencing key 200.
- the initiation server 120 may receive notification from a second storage location of an attempt by the client device 110 to retrieve another segment of the data object (516). For example, the client device 1 10 may successfully retrieve the first segment of the data object if client device 1 10 is successfully verified by the first storage location. As such, the client device 110 may continue to retrieve additional segments of the data object from the plurality of storage locations. For instance, the client device 110 may attempt to retrieve a second segment of the data object from the second data store 150. The initiation server 120 may determine whether the request to retrieve segments of the data object from the second storage location is in the order indicated by the sequencing key (509). [0075] A person having ordinary skill in the art can appreciate that one or more operations of the process 500 may be performed in a different order without departing from the scope of the present disclosure.
- FIG. 6 is a flowchart illustrating a process 600 for providing a data object according to various embodiments.
- the process 600 can be performed, for example, by a storage location.
- the storage location may be one of a plurality of storage location including, for example, but not limited to, the first data store 140, the second data store 150, the third data store 160, the fourth data store 170, and/or the delivery server 180.
- the storage location receives a request from the client device 1 10 to retrieve a first segment of the data object (602).
- the storage location transmits to the initiation server 120 a notification of the attempt by the client device 1 10 to retrieve the first segment of the data object (604).
- the client device 110 may attempt to retrieve segments of the data object from a plurality of storage locations based on the sequencing key 200 including, for example, but not limited to, the first data store 140.
- the first data store 140 may transmit a notification of the request to the initiation server 120.
- the initiation server 120 determines whether the client device 110 is retrieving segments of the data object from the plurality of data stores in the order indicated by a sequencing key (e.g., the sequencing key 200).
- the storage location determines whether a verification of the request is received from the initiation server 120 (605). For example, the initiation server 120 may transmit a verification to the first data store 140 if the initiation server 120 determines that the client device 1 10 is retrieving segments of the data object from the plurality of data stores in the order indicated by a sequencing key (e.g., the sequencing key 200).
- a sequencing key e.g., the sequencing key 200
- the initiation server 120 may not transmit a verification to the first data store 140 or the initiation server 120 may transmit an indication to the first data store 140 that the request by the client device 110 is not verified.
- the storage location may determine that a verification of the request is not received from the initiation server 120 (605-N). For example, the first data store 140 may receive an indication from the initiation server 120 that the request by the client device 1 10 is not verified. Alternately, the first data store 140 may determine that the verification of the request is not received from the initiation server 120 if the first data store 140 fails to receive a verification within a threshold period of time from when the first data store 140 transmitted to the initiation server 120 the notification of the attempt by the client device to retrieve the first segment of the data object. As such, the storage location may terminate the connection with the client device 110 (606).
- the storage location may verify the access key provided by the client device 1 10 (607).
- the client device 110 may provide an access key for the first data store 140 when requesting to retrieve the first segment of the data object from the first data store 140.
- the access key for the first data store 140 may be included in a diffraction table (e.g., the diffraction table 250) provided to the client device 110 by the initiation server 120.
- the access key for the first data store 140 may be generated based on tokens specific to the first data store 140 and/or the client device 1 10.
- the storage location If the storage location does not successfully verify the access key provided by the client device 1 10 (607-N), the storage location terminates the connection with the client device 1 10 (606). Alternately, if the storage location successfully verifies the access key provided by the client device 1 10 (607-Y), the storage location provides the first segment of the data object to the client device 1 10 (608).
- the storage location transmits a notification to the initiation server 120 of the successful verification of the client device 110 (610).
- the initiation server 120 monitors the progress of the retrieval of the data object by the client device 110.
- the initiation server 120 may maintain a secure session with the client device 110 and allow the client device 110 to continue retrieving additional segments of the data obj ect from the plurality of storage locations if the client device 110 is successfully verified by the first data store 140 based on the access key provided by the client device 1 10.
- the initiation server 120 may terminate the secure session with the client device 110 if the initiation server 120 determines that the client device 110 failed to be successfully verified by the first data store 140.
- FIG. 7 is a block diagram illustrating wired or wireless system 550 according to various embodiments.
- the system 550 may be used to implement the client device 1 10, the initiation server 120, and/or the delivery server 180.
- the system 550 can be a conventional personal computer, computer server, personal digital assistant, smart phone, tablet computer, or any other processor enabled device that is capable of wired or wireless data communication.
- Other computer systems and/or architectures may be also used, as will be clear to those skilled in the art.
- the system 550 preferably includes one or more processors, such as processor
- Additional processors may be provided, such as an auxiliary processor to manage input/output, an auxiliary processor to perform floating point mathematical operations, a special-purpose microprocessor having an architecture suitable for fast execution of signal processing algorithms (e.g., digital signal processor), a slave processor subordinate to the main processing system (e.g., back-end processor), an additional microprocessor or controller for dual or multiple processor systems, or a coprocessor.
- auxiliary processors may be discrete processors or may be integrated with the processor 560.
- the processor 560 is preferably connected to a communication bus 555.
- the communication bus 555 may include a data channel for facilitating information transfer between storage and other peripheral components of the system 550.
- the communication bus 555 further may provide a set of signals used for communication with the processor 560, including a data bus, address bus, and control bus (not shown).
- the communication bus 555 may comprise any standard or non-standard bus architecture such as, for example, bus architectures compliant with industry standard architecture ("ISA”), extended industry standard architecture (“EISA”), Micro Channel Architecture (“MCA”), peripheral component interconnect (“PCI”) local bus, or standards promulgated by the Institute of Electrical and Electronics Engineers (“IEEE”) including IEEE 488 general-purpose interface bus (“GPIB”), IEEE 696/S-100, and the like.
- ISA industry standard architecture
- EISA extended industry standard architecture
- MCA Micro Channel Architecture
- PCI peripheral component interconnect
- IEEE Institute of Electrical and Electronics Engineers
- IEEE Institute of Electrical and Electronics Engineers
- IEEE Institute of Electrical and Electronics Engineers
- IEEE Institute of Electrical and Electronics Engineers
- GPIB general-purpose interface bus
- IEEE 696/S-100 IEEE 696/S-100
- System 550 preferably includes a main memory 565 and may also include a secondary memory 570.
- the main memory 565 provides storage of instructions and data for programs executing on the processor 560.
- the main memory 565 is typically semiconductor- based memory such as dynamic random access memory (“DRAM”) and/or static random access memory (“SRAM”).
- DRAM dynamic random access memory
- SRAM static random access memory
- Other semiconductor-based memory types include, for example, synchronous dynamic random access memory (“SDRAM”), Rambus dynamic random access memory (“RDRAM”), ferroelectric random access memory (“FRAM”), and the like, including read only memory (“ROM”).
- SDRAM synchronous dynamic random access memory
- RDRAM Rambus dynamic random access memory
- FRAM ferroelectric random access memory
- ROM read only memory
- the secondary memory 570 may optionally include an internal memory 575 and/or a removable storage medium 580, for example a floppy disk drive, a magnetic tape drive, a compact disc (“CD”) drive, a digital versatile disc (“DVD”) drive, etc.
- the removable storage medium 580 is read from and/or written to in a well-known manner.
- Removable storage medium 580 may be, for example, a floppy disk, magnetic tape, CD, DVD, SD card, etc.
- the removable storage medium 580 is a non-transitory computer readable medium having stored thereon computer executable code (i.e., software) and/or data.
- the computer software or data stored on the removable storage medium 580 is read into the system 550 for execution by the processor 560.
- the secondary memory 570 may include other similar means for allowing computer programs or other data or instructions to be loaded into the system 550.
- Such means may include, for example, an external storage medium 595 and a communication interface 590.
- external storage medium 595 may include an external hard disk drive or an external optical drive, or and external magneto-optical drive.
- secondary memory 570 may include semiconductor-based memory such as programmable read-only memory (“PROM”), erasable programmable readonly memory (“EPROM”), electrically erasable read-only memory (“EEPROM”), or flash memory (block oriented memory similar to EEPROM). Also included are the removable storage medium 580 and a communication interface , which allow software and data to be transferred from an external storage medium 595 to the system 550.
- PROM programmable read-only memory
- EPROM erasable programmable readonly memory
- EEPROM electrically erasable read-only memory
- flash memory block oriented memory similar to EEPROM
- System 550 may also include an input/output (“I/O") interface 585.
- the I/O interface 585 facilitates input from and output to external devices.
- the I/O interface 585 may receive input from a keyboard or mouse and may provide output to a display.
- the I/O interface 585 is capable of facilitating input from and output to various alternative types of human interface and machine interface devices alike.
- System 550 may also include a communication interface 590.
- the communication interface 590 allows software and data to be transferred between system 550 and external devices (e.g. printers), networks, or information sources.
- external devices e.g. printers
- computer software or executable code may be transferred to system 550 from a network server via communication interface 590.
- Examples of communication interface 590 include a modem, a network interface card ("NIC"), a wireless data card, a communications port, a PCMCIA slot and card, an infrared interface, and an IEEE 1394 fire- wire, just to name a few.
- Communication interface 590 preferably implements industry promulgated protocol standards, such as Ethernet IEEE 802 standards, Fiber Channel, digital subscriber line (“DSL”), asynchronous digital subscriber line (“ADSL”), frame relay, asynchronous transfer mode (“ATM”), integrated digital services network (“ISDN”), personal communications services (“PCS”), transmission control protocol/Internet protocol (“TCP/IP”), serial line Internet protocol/point to point protocol (“SLIP/PPP”), and so on, but may also implement customized or non-standard interface protocols as well.
- industry promulgated protocol standards such as Ethernet IEEE 802 standards, Fiber Channel, digital subscriber line (“DSL”), asynchronous digital subscriber line (“ADSL”), frame relay, asynchronous transfer mode (“ATM”), integrated digital services network (“ISDN”), personal communications services (“PCS”), transmission control protocol/Internet protocol (“TCP/IP”), serial line Internet protocol/point to point protocol (“SLIP/PPP”), and so on, but may also implement customized or non-standard interface protocols as well.
- Software and data transferred via communication interface 590 are generally in the form of electrical communication signals 605.
- the electrical communication signals 605 are preferably provided to communication interface 590 via a communication channel 600.
- the communication channel 600 may be a wired or wireless network, or any variety of other communication links.
- Communication channel 600 carries the electrical communication signals 605 and can be implemented using a variety of wired or wireless communication means including wire or cable, fiber optics, conventional phone line, cellular phone link, wireless data communication link, radio frequency (“RF”) link, or infrared link, just to name a few.
- RF radio frequency
- Computer executable code i.e., computer programs or software
- main memory 565 and/or the secondary memory 570 Computer programs can also be received via communication interface 590 and stored in the main memory 565 and/or the secondary memory 570.
- Such computer programs when executed, enable the system 550 to perform the various functions of the present invention as previously described.
- computer readable medium is used to refer to any non-transitory computer readable storage media used to provide computer executable code (e.g., software and computer programs) to the system 550.
- Examples of these media include main memory 565, secondary memory 570 (including internal memory 575, removable storage medium 580, and external storage medium 595), and any peripheral device communicatively coupled with communication interface 590 (including a network information server or other network device).
- These non-transitory computer readable mediums are means for providing executable code, programming instructions, and software to the system 550.
- the software may be stored on a computer readable medium and loaded into the system 550 by way of removable storage medium 580, I/O interface 585, or communication interface 590.
- the software is loaded into the system 550 in the form of electrical communication signals 605.
- the software when executed by the processor 560, preferably causes the processor 560 to perform the inventive features and functions previously described herein.
- the system 550 also includes optional wireless communication components that facilitate wireless communication over a voice and over a data network.
- the wireless communication components comprise an antenna system 610, a radio system 615 and a baseband system 620.
- RF radio frequency
- the antenna system 610 may comprise one or more antennae and one or more multiplexors (not shown) that perform a switching function to provide the antenna system 610 with transmit and receive signal paths.
- received RF signals can be coupled from a multiplexor to a low noise amplifier (not shown) that amplifies the received RF signal and sends the amplified signal to the radio system 615.
- the radio system 615 may comprise one or more radios that are configured to communicate over various frequencies.
- the radio system 615 may combine a demodulator (not shown) and modulator (not shown) in one integrated circuit ("IC").
- the demodulator and modulator can also be separate components. In the incoming path, the demodulator strips away the RF carrier signal leaving a baseband receive audio signal, which is sent from the radio system 615 to the baseband system 620.
- baseband system 620 decodes the signal and converts it to an analog signal. Then the signal is amplified and sent to a speaker.
- the baseband system 620 also receives analog audio signals from a microphone. These analog audio signals are converted to digital signals and encoded by the baseband system 620.
- the baseband system 620 also codes the digital signals for transmission and generates a baseband transmit audio signal that is routed to the modulator portion of the radio system 615.
- the modulator mixes the baseband transmit audio signal with an RF carrier signal generating an RF transmit signal that is routed to the antenna system and may pass through a power amplifier (not shown).
- the power amplifier amplifies the RF transmit signal and routes it to the antenna system 610 where the signal is switched to the antenna port for transmission.
- the baseband system 620 is also communicatively coupled with the processor
- the processor 560 has access to one or more data storage areas including, for example, but not limited to, the main memory 565 and the secondary memory 570.
- the processor 560 is preferably configured to execute instructions (i.e., computer programs or software) that can be stored in the main memory 565 or in the secondary memory 570.
- Computer programs can also be received from the baseband processor 610 and stored in the main memory 565 or in the secondary memory 570, or executed upon receipt.
- Such computer programs when executed, enable the system 550 to perform the various functions of the present invention as previously described.
- the main memory 565 may include various software modules (not shown) that are executable by processor 560.
- Various embodiments may also be implemented primarily in hardware using, for example, components such as application specific integrated circuits ("ASICs"), or field programmable gate arrays ("FPGAs"). Implementation of a hardware state machine capable of performing the functions described herein will also be apparent to those skilled in the relevant art. Various embodiments may also be implemented using a combination of both hardware and software.
- ASICs application specific integrated circuits
- FPGAs field programmable gate arrays
- DSP digital signal processor
- a general-purpose processor can be a microprocessor, but in the alternative, the processor can be any processor, controller, microcontroller, or state machine.
- a processor can also be implemented as a combination of computing devices, for example, a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
- a software module can reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium including a network storage medium.
- An exemplary storage medium can be coupled to the processor such the processor can read information from, and write information to, the storage medium.
- the storage medium can be integral to the processor.
- the processor and the storage medium can also reside in an ASIC.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A system for diffracted data retrieval (DDR) comprises a plurality of storage locations. The system for DDR also comprises a client device configured to: transmit a request to retrieve the data object, wherein the data object comprises a plurality of segments stored across the plurality of storage locations; receive a sequencing key in response to the request to retrieve the data object; and retrieve the plurality of segments of the data object from the plurality of storage locations based at least in part on an order indicated by the sequencing key. The system of DDR further comprises an initiation server configured to: receive the request from the client device to retrieve the data object; generate the sequencing key in response to the request; transmit the sequencing key to the client device; and monitor a progress of the retrieval of the data object by the client device.
Description
SYSTEMS AND METHODS FOR DIFFRACTED DATA RETRIEVAL
BACKGROUND
1. Technical Field
[0001] Various embodiments described herein relate generally to the field of electronic data security and more particularly to diffracted retrieval of data from multiple storage locations.
2. Related Art
[0002] Electronic storage of information is now ubiquitous in modem society.
Almost every conceivable type of information is now stored in electronic format, and will at some point be transmitted across a network from one data storage location to another. A great deal of this information is confidential and sensitive information that must be securely transmitted and stored, be it personal financial information, classified government research or confidential corporate documents. The challenge for secure transmission and storage of electronic data is that securing the data must be balanced with the accessibility of the data. In other words, the data cannot be secured to the point that it is too difficult to obtain when it is needed.
[0003] Typical data security options either protect a location where data is stored
(through firewalls, passcodes, etc.) or protect the data during its transmission (through encryption, for example). Both methods are susceptible in that a bad actor need only penetrate a single security protocol to obtain access to all of the data being stored at the location, or all of the data being transmitted during a transmission session. In a standard secure client-server communication model, transfer of a data trove can be unlimited once the connection has been authenticated and authorized. Thus, a majority of electronic data
remains vulnerable to unauthorized intrusions that compromise an entire set of data being transmitted during a session or stored at a particular location.
[0004] Thus, what is needed is a system and method for secure storage and transmission of electronic data.
Summary
[0005] Systems and methods for diffracted data retrieval (DDR) are disclosed.
According to the systems and methods for DDR disclosed herein, request and delivery of a data object is diffracted across multiple storage locations. Accordingly, the data object is decomposed into a plurality of segments, which are stored across a plurality of storage locations. Attempts to retrieve individual segments of the data object require separate, sequential validations. The failure to validate the retrieval of any one segment of the data object from a storage location may prevent the retrieval of the remaining segments of the data object. Advantageously, DDR may eliminate a mass security breach as a client device is unable to retrieve a data object in its entirety through a single request and from a single storage location. Instead, the client device is required to execute multiple, separately validated requests across multiple storage locations in order to retrieve a single data object.
[0006] According to various embodiments, there is provided a method for retrieving a data object. In some embodiments, the method includes: transmitting from a client device to an initiation server a request to retrieve the data object, wherein the data object comprises a plurality of segments stored across a plurality of storage locations; receiving, at the client device, a sequencing key from the initiation server in response to the request to retrieve the data object, wherein the sequencing key comprises an ordered list of the plurality of storage locations; and retrieving, by the client device, the plurality of segments of the data object from the plurality of storage locations based at least in part on an order indicated by the sequencing key.
[0007] According to various embodiments, there is provided a method for providing a data object. In some embodiments, the method includes: receiving, at an initiation server, a request from a client device to retrieve a data object; generating a sequencing key in response to the request from the client device to retrieve the data object, wherein the sequencing key comprises an ordered list of the plurality of storage locations; transmitting the sequencing key to the client device; receiving a notification from a first of the plurality of storage locations of an attempt by the client device to retrieve a first segment of the data object; determining whether the request to retrieve the first segment of the data object from the first storage location is in the order indicated by the sequencing key; and invalidating a session with the client device in response to determining that the request to retrieve the first segment of the data object from the first storage location is not in the order indicated by the sequencing key.
[0008] According to various embodiments, there is provided a method for providing a data object. In some embodiments, the method includes: receiving, at a first of a plurality of storage locations, a request from a client device to retrieve a first of a plurality of segments of a data object, wherein the data object comprises the plurality of segments stored across the plurality of storage locations; transmitting, to an initiation server, a notification of the attempt by the client device to retrieve the first segment of the data object; determining whether a verification of the request is received from the initiation server; and in response to determining that a verification of the request is received from the initiation server: verifying an access key provided by the client device; and providing the first segment of the data object to the client device in response to successfully verifying the access key provided by the client device.
[0009] According to various embodiments, there is provided a system for DDR. The system may include plurality of storage locations, a client device, and an initiation server.
[0010] In some embodiments, the client device may be configured to: transmit a request to retrieve a data object, wherein the data object comprises a plurality of segments stored across the plurality of storage locations; receive a sequencing key in response to the request to retrieve the data object, wherein the sequencing key comprises an ordered list of the plurality of storage locations; and retrieve the plurality of segments of the data object from the plurality of storage locations based at least in part on an order indicated by the sequencing key.
[0011] In some embodiments, the initiation server may be configured to: receive the request from the client device to retrieve the data object; generate the sequencing key in response to the request from the client device to retrieve the data object; transmit the sequencing key to the client device; and monitor a progress of the retrieval of the data object by the client device.
[0012] Other features and advantages should become apparent from the following description of the preferred embodiments, taken in conjunction with the accompanying drawings.
Brief Description of the Drawings
[0013] Various embodiments disclosed herein are described in detail with reference to the following figures. The drawings are provided for purposes of illustration only and merely depict typical or exemplary embodiments. These drawings are provided to facilitate the reader's understanding and shall not be considered limiting of the breadth, scope, or applicability of the embodiments. It should be noted that for clarity and ease of illustration these drawings are not necessarily made to scale.
[0014] FIG. 1 is a network diagram illustrating a network environment according to various embodiments;
[0015] FIG. 2A illustrates a sequencing key according to various embodiments;
[0016] FIG. 2B illustrates a diffraction table according to various embodiments;
[0017] FIG. 3 is a flowchart illustrating a process for retrieving a data object according to various embodiments;
[0018] FIG. 4 is a flowchart illustrating a process for providing a data object according to various embodiments;
[0019] FIG. 5 is a flowchart illustrating a process for providing a data object according to various embodiments;
[0020] FIG. 6 is a flowchart illustrating a process for providing a data object according to various embodiments; and
[0021] FIG. 7 is a block diagram illustrating wired or wireless system according to various embodiments.
[0022] The various embodiments mentioned above are described in further detail with reference to the aforementioned figured and the following detailed description of exemplary embodiments.
Detailed Description
[0023] Certain embodiments disclosed herein provide methods and systems for secure storage, access, and transmission of electronic data. After reading this description it will become apparent to one skilled in the art how to implement the invention in various alternative embodiments and alternative applications. However, although various embodiments of the present invention will be described herein, it is understood that these embodiments are presented by way of example only, and not limitation. As such, this detailed description of various alternative embodiments should not be construed to limit the scope or breadth of the present invention as set forth in the appended claims.
[0024] FIG. 1 is a network diagram illustrating a network environment 100 according to various embodiments. Referring to FIG. 1, in various embodiments, a client device 110
communicates with an initiation server 120. The client device 1 10 can be any device that is capable of communication with or causing communication with the initiation server 120 through a wired or a wireless connection. For example, the client device 1 10 may be a wired or wireless communication device including, for example, but not limited to, a smartphone, a wearable device, a tablet personal computer (PC), a laptop, a desktop PC, a personal entertainment system, and an embedded processing system.
[0025] The client device 110 may communicate with the initiation server 120 via a communication network 130. In various embodiments, the communication network 130 represents one or more wired and/or wireless connections. For example, the communication network 130 may include, for example, but not limited to, a wired and/or wireless local area network (LAN), a wired and/or wireless wide area network (WAN), and any combinations thereof.
[0026] One or more features and functionalities of the initiation server 120 can be exposed via a user interface (UI). In one embodiment, one or more features and functionalities of the initiation server 120 may be accessed on the client device 1 10 via a mobile and/or web application. For example, during a secure session, the client device 110 may transmit a request to retrieve a data object to the initiation server 120 by inputting, selecting, or otherwise invoking a getData() command through the UI provided via the client device 110. It is to be understood that references to the data object throughout the present disclosure extends to any metadata that is associated with the data object. As such, any operation that is performed with respect to the data object (e.g., retrieving the data obj ect) may performed with respect to the data object and/or metadata associated with the data obj ect.
[0027] The initiation server 120 is configured to receive and process the request to retrieve the data object. The data object may have been decomposed into a plurality of
segments and stored across a plurality of storage locations including, for example, but not limited to, a first data store 140, a second data store 150, a third data store 160, and a fourth data store 170. In some embodiments, the initiation server 120 may decompose the data obj ect and distribute segments of the data obj ect across the plurality of storage locations when the request to retrieve the data object is received at the initiation server 120. Storage and retrieval of data obj ects that are decomposed into a plurality of segments and distributed across multiple storage locations are described in U.S. Patent Application No. 14/863,294, the disclosure of which is incorporated herein by reference in its entirety.
[0028] A person having ordinary skill in the art can appreciate that segments of the data object may be stored in a different number of storage locations without departing from the scope of the present inventive concept. For example, the number of storage locations used to store segments of the data object may vary based on one or more factors including, for example, but not limited to, a size of the data object, a complexity of the data object, and a number of segments associated with the data object.
[0029] In various embodiments, segments of the data object may have been stored across multiple local and/or remote storage locations. In some embodiments, the initiation server 120 may decompose the data object and distribute segments of the data object for storage across a plurality of local and/or remote storage locations upon receiving the request to retrieve the data object from the client device 1 10. For example, the first data store 140 may be a local data store with respect to the client device 110 including, for example, but not limited to, an internal hard drive, a portal storage device (e.g., a universal serial bus (USB) flash drive, external hard drive), and any combination thereof. The second data store 150, the third data store 160, and the fourth data store 170 may be each be a remote data store (i.e., with respect to the client device 1 10) including, for example, but not limited to, one or more databases (e.g., MongoDB®), cloud storage, and any combination thereof. The second data
store 150, the third data store 160, and the fourth data store 170 can each be a proprietary data store (i.e., directly associated with the initiation server 120), or be associated with one or more third-party file hosting services (e.g., Amazon® Simple Storage Service (S3), Dropbox®) and/or storage as a service (STaaS) providers. The client device 110 can communicate with the second data store 150, the third data store 160, and the fourth data store 170 (e.g., to retrieve segments of the data object) via the communication network 130.
[0030] In response to the request from the client device 110, the initiation server 120 generates a sequencing key that includes an ordered list of individual identifiers corresponding to each of the storage location at which segments of the data object are stored. The initiation server 120 stores the sequencing key or a copy of the sequencing key (e.g., in the completion table 125 or in the fourth data store 170). The initiation server 120 further transmits the sequencing key or a copy of the sequencing key to the client device 110. The client device 110 retrieves the segments of the data object from each storage location based on the sequencing key and a diffraction table. According to one exemplary embodiment, in order to successfully retrieve the data object, the client device 110 is required to retrieve segments of the data object from each storage location in the order indicated by the sequencing key.
[0031] The initiation server 120 is further configured to monitor the progress of the data retrieval by the client device 110. In one exemplary embodiment, each storage location is configured to verify requests from the client device 110 to retrieve one or more segments of the data object. For example, in response to receiving a request from the client device 110 to retrieve one or more segments of the data object, the second data store 150 may transmit a notification to the initiation server 120. The initiation server 120 determines whether the request to the second data store 150 is in the correct order indicated by the sequencing key. According to one exemplary embodiment, the initiation server 120 is configured to invalidate
the current session with the client device 110 in response to determining that the request to retrieve data from the second data store 150 is not in the correct order indicated by the sequencing key.
[0032] In order to successfully retrieve one or more segments of the data object from a storage location, the client device 110 is further configured to provide a correct access key associated with the storage location. For example, the client device 110 may provide the access key associated with the second data store 150 when requesting to retrieve one or more segments of the data object from the second data store 150. In various embodiments, the second data store 150 verifies the access key provided by the client device 110. In the event that the access key provided by the client device 110 is incorrect, the second data store 150 can alert the initiation server 120. As a result, the initiation server 120 can invalidate the current session with the client device 110.
[0033] In some embodiments, the client device 110 may retrieve one or more segments of the data object directly from a storage location. Alternately or in addition, the client device 110 may retrieve one or more segments of the data object via a delivery server. For example, the client device 110 may retrieve one or more segments of the data object directly from the second data store 150 by transmitting a request to the second data store 150. Alternately, a delivery server 180 may intercept the request from the client device 110. The delivery server 180 may retrieve the segments of the data object from the second data store 150 and provide the segments of the data object to the client device 110. According to one exemplary embodiment, the operations of a delivery server (e.g., the delivery server 180) as an intermediary are transparent to the client device 110.
[0034] FIG. 2A illustrates a sequencing key 200 according to various embodiments.
Referring to FIGS. 1 and 2 A, the sequencing key 200 may include a plurality of data store identifiers including, for example, but not limited to, a first data store identifier 210, a second
data store identifier 220, a third data store identifier 230, and a fourth data store identifier 240.
[0035] Each of the data store identifiers can be associated with a corresponding data store. For example, the first data store identifier 210 may be associated with the first data store 140, the second data store identifier 220 may be associated with the second data store 150, the third data store identifier 230 may be associated with the third data store 160, and the fourth data store identifier 240 may be associated with the fourth data store 170.
[0036] In one exemplary embodiment, the sequencing key 200 includes the plurality of data store identifiers in a specific order. For example, as shown in FIG. 2A, the sequencing key 200 indicates the following order: the first data store identifier 210, the second data store identifier 220, the third data store identifier 230, the second data store identifier 220, and the fourth data store identifier 240.
[0037] To successfully retrieve the data object, the client device 1 10 is required to retrieve segments of the data object from each storage location according to the order indicated by the sequencing key 200. For example, the client device 110 may retrieve one or more segments of the data object first from the first data store 140 associated with the first data store identifier 210 that appears first in the sequencing key 200. Next, the client device 110 may retrieve one or more segments of the data object from the second data store 150 associated with the second data store identifier 220 appearing next in the sequencing key 200. The client device 110 may subsequently retrieve one or more segments of the data object from the third data store 160, the second data store 150, and the fourth data store 170 as indicated by the order that the corresponding data store identifiers appears in the sequencing key 200.
[0038] It is to be understood that the client device 110 may retrieve any number of segments of the data object each time the client device 110 retrieves segments of the data
object from a storage location. For example, a same or different number of segments of the data object may be stored at each storage location. A person having ordinary skill in the art can appreciate that the client device 110 may retrieve a fixed or a variable number of segments from each storage location without departing from the scope of the present disclosure.
[0039] FIG. 2B illustrates a diffraction table 250 according to various embodiments.
Referring to FIGS. 1 and 2A-B, the diffraction table 250 includes connection information associated each storage location including, for example, but not limited to, a universal resource locator (URL), a port number, and an access key. According to one exemplary embodiment, in addition to a sequencing key (e.g., the sequencing key 200), the client device 110 can retrieve segments of the data object from the plurality of storage locations based on the diffraction table 250.
[0040] For example, the client device 110 may retrieve one or more segments of the data object from the first data store 140 based on the URL, the port number, and access key associated with the first data store identifier 210 of the first data store 140 as provided by the diffraction table 250. Similarly, the client device may retrieve one or more segments of the data object from the second data store 150 based on the URL, the port number, and access key associated with the second data store identifier 220 of the second data store 150 as provided by the diffraction table 250.
[0041] In one exemplary embodiment, in order to retrieve one or more segments of the data object from a data store, the client device 110 is required to provide a correct access key to the data store. Each storage location can authenticate the client device 110 based on the access key provided by the client device 110 when the client device 110 attempts to retrieve one or more segments of the data object from the data store. For example, the client
device 1 10 is required to provide the access key associated with the first data store 140 in order to retrieve one or more segments of the data object from the first data store 140.
[0042] The access key associated with each storage location may be specific to each session between the client device 1 10 and the initiation server 120. For example, the access key associated with each storage location may be a hash key. In some embodiments, the access key associated with each storage location may be a salted hash key.
[0043] According to one exemplary embodiment, the access key associated with each storage location can be generated based on a credential token that is specific to each storage location. In addition, the access key associated with each storage location can be generated based on a separate credential token that is specific to the client device 110. For example, upon each successful login by the client device 1 10, the initiation server 120 can provide the client device 1 10 with the credential token. In some embodiments, the credential token associated with the client device 1 10 may be generated based on an internet protocol (IP) address of the client device 110 and a salt value. Alternately, the initiation server 120 can generate a random value for the credential token associated with the client device 110.
[0044] In various embodiments, the diffraction table 250 can be generated and provided by the initiation server 120. According to one exemplary embodiment, at least a portion of the connection information included in diffraction table 250 can be rotated based on a fixed schedule (e.g., daily). Alternately or in addition, at least a portion of the connection information included in the diffraction table 250 may be rotated dynamically (e.g., upon each login and/or detection of security risks). For example, the initiation server 120 may change at least some of the access keys included in the diffraction table 250 for each session between the client device 1 10 and the initiation server 120. Alternately or in addition, in some embodiments, the initiation server 120 can rotate the diffraction table 250 in response to an elevated security risk (e.g., detection of a security breach).
[0045] According to one exemplary embodiment, the diffraction table 250 can be specific to the client device 1 10. For instance, in some embodiments, the initiation server 120 can implement load balancing and/or prioritized access. As such, the initiation server 120 can impose one or more restrictions on the storage locations that may be accessed by the client device 1 10. Accordingly, the diffraction table 250 may selectively include (or omit) one or more storage locations such one or more segments of the data object retrieved by the client device 1 10 are stored in some but not all of the available storage locations.
[0046] FIG. 3 is a flowchart illustrating a process 300 for retrieving a data object according to various embodiments. Referring to FIGS. 1 -3, the process 300 can be performed by the client device 1 10.
[0047] The client device 1 10 receives the diffraction table 250 from the initiation server 120 (302). In various embodiments, client device 1 10 may receive the diffraction table 250 from the initiation server 120 upon each successful login. The diffraction table 250 includes connection information for one or more storage locations including, for example, but not limited to, an URL, a port number, and an access key associated with each storage location. According to one exemplary embodiment, the initiation server 120 can implement load balancing and/or prioritized access by selecting including (or omitting) one or more available storage locations from the diffraction table 250.
[0048] The client device 1 10 transmits to the initiation server 120 a request to retrieve a data object (304). In various embodiments, the client device 1 10 transmits a request to retrieve a data object that is decomposed into a plurality of segments and stored across a plurality of storage locations including, for example, but not limited to, the first data store 140, the second data store 150, the third data store 160, and the fourth data store 170. In some embodiments, the initiation server 120 can decompose data object into the plurality of
segments and distribute the segments across a plurality of storage locations in response to the request from the client device 1 10.
[0049] The client device 1 10 receives a sequencing key from the initiation server 120 in response to the request to retrieve the data object (306). For example, according to one exemplary embodiment, the initiation server 120 generates the sequencing key 200 in response to the request from the client device 110. The sequencing key 200 includes an ordered list of storage locations (i.e., data store identifiers) at which segments of the data object are stored. For example, the sequencing key 200 may include the first data store identifier 210, the second data store identifier 220, the third data store identifier 230, the second data store identifier 220, and the fourth data store identifier 240.
[0050] The client device 1 10 retrieves segments of the data obj ect from a plurality of storage locations based on the sequencing key and a diffraction table (308). The client device 110 reconstructs the data object from the segments of the data object (310). In one exemplary embodiment, the client device 1 10 retrieves segments of the data obj ect from each of the plurality of storage locations at which segments of the data object are stored in an order specified by the sequencing key 200. For example, the client device 1 10 may retrieve one or more segments of the data object from the first data store 140 followed by the second data store 150, the third data store 160, the second data store 150, and the fourth data store 170. However, it is to be understood that the client device 1 10 may retrieve some segments of the data object concurrently from multiple storage locations without departing from the scope of the present disclosure.
[0051] Additionally, the client device 110 retrieves one or more segments of the data object from each storage location using the connection information (e.g., URL, port number, and access key) for each storage location as provided by the diffraction table 250. For instance, in order to retrieve one or more segments of the data object from the first data store
140, the client device 110 may be required to provide the access key associated with the first data store 140 as provided by the diffraction table 250.
[0052] A person having ordinary skill in the art can appreciate that one or more operations of the process 300 may be performed in a different order without departing from the scope of the present disclosure.
[0053] FIG. 4 is a flowchart illustrating a process 400 for providing a data object according to various embodiments. Referring to FIGS. 1 , 2A-B, and 4, the process 400 can be performed by the initiation server 120.
[0054] The initiation server 120 authenticates the client device 110 (402). For example, in various embodiments, the initiation server 120 may authenticate the client device 110 based on a usemame and password. However, a person having ordinary skill in the art can appreciate that the initiation server 120 can authenticate the client device 1 10 in any manner without departing from the scope of the present disclosure.
[0055] If the client device 110 is not successfully authenticated (403-N), the initiation server 120 invalidates the current session with the client device 110 (404). For example, if the initiation server 120 cannot authenticate the username and/or password provided by the client device 1 10, the initiation server 120 may invalidate session with the client device 1 10 including by rejecting the attempt by the client device 1 10 to establish a session with the initiation server 120.
[0056] Alternately, if client device 1 10 is successfully authenticated (403-Y), the initiation server 120 can generate a diffraction table (406) and transmit the diffraction table to the client device 110 (408). For example, the client device 110 may generate the diffraction table 250. In various embodiments, generating the diffraction table 250 includes rotating at least a portion of connection information included in the diffraction table 250. For instance,
the initiation server 120 may change at least some of the access keys provided by the diffraction table 250.
[0057] According to one exemplary embodiment, the initiation server 120 can generate the diffraction table (e.g., the diffraction table 250) each time the client device 1 10 is successfully authenticated and initiates a secure session with the initiation server 120. However, a person having ordinary skill in the art can appreciate that the initiation server 120 can generate the diffraction table according to a different schedule (e.g., daily) or dynamically (e.g., login, security breach) without departing from the scope of the present disclosure.
[0058] The initiation server 120 receives a request from the client device 110 to retrieve a data object (410). For example, the client device 1 10 may establish a secure session with the initiation server 120 upon successful authentication of the client device 1 10. During the secure session, the client device 110 may have access to one or more features and functionalities provided by the initiation server 120 including the retrieval of one or more data objects. The client device 110 may transmit a request to retrieve a data object to the initiation server 120 by inputting, selecting, or otherwise invoking a getData() command.
[0059] In response to the request to retrieve the data object, the initiation server 120 processes the request to retrieve the data object (408). In some embodiments, processing the request to retrieve the data object includes decomposing the data object into a plurality of segments and distributing the segments of the data object across a plurality of storage locations. According to one exemplary embodiment, processing the request further includes generating a sequencing key (e.g., the sequencing key 200). The initiation server 120 monitors whether the client device 110 retrieves the segments of the data object from the plurality of storage locations in the order indicated by the sequencing key (e.g., the sequencing key 200).
[0060] The initiation server 120 determines whether the client device 110 continues to be logged in (413). If the initiation server 120 determines that the client device 110 is no longer logged in (413-N), the initiation server 120 terminates the session with the client device 110 (414).
[0061] Alternately, if the initiation server 120 determines that the client device 1 10 continues to be logged in (413-Y), the initiation server 120 may receive a next request from the client device 1 10 to retrieve another data object (416). In response to receiving a request to retrieve another data object, the initiation server 120 processes the request to retrieve the data object (408).
[0062] A person having ordinary skill in the art can appreciate that one or more operations of the process 400 may be performed in a different order without departing from the scope of the present disclosure. Furthermore, it is to be understood that one or more operations of the process 400 (e.g., operation 406) may be omitted without departing from the scope of the present disclosure.
[0063] FIG. 5 is a flowchart illustrating a process 500 for providing a data object according to various embodiments. Referring to FIGS. 1 - 5, the process 500 can be performed by the initiation server 120 and can implement operation 412 of the process 400.
[0064] The initiation server 120 generates a sequencing key in response to a request from the client device 1 10 to retrieve a data obj ect (502). For example, in response to the request from the client device 110 to retrieve a data object, the initiation server 120 may generate the sequencing key 200. In one exemplary embodiment, the sequencing key 200 may indicate the correct order according to which the client device 1 10 is required to retrieve segments of the data object, which have been distributed for storage across a plurality of storage locations including, for example, but not limited to, the first data store 140, the second data store 150, the third data store 160, and the fourth data store 170.
[0065] The initiation server 120 stores the sequencing key or a copy of the sequencing key (504). The initiation server 120 transmits the sequencing key or a copy of the sequencing key to the client device 1 10 (506). For example, the initiation server 120 may store the sequencing key 200 or a copy of the sequencing key 200 at a local data store (e.g., the completion table 125 or the fourth data store 170). In addition, the initiation server 120 may transmit the sequencing key 200 or a copy of the sequencing key 200 to the client device 110. According to one exemplary embodiment, the client device 110 may retrieve segments of the data object from the plurality of storage locations in the order indicated by the sequencing key 200 received from the initiation server 120. The initiation server 120 monitors the progress of the retrieval of the data object including by determining whether the client device 110 is retrieving segments of the data object in the order indicated by the sequencing key 200.
[0066] The initiation server 120 receives a notification from a first storage location of an attempt by the client device 1 10 to retrieve a first segment of the data obj ect (508). In various embodiments, the first storage location may respond to a request by the client device 110 to retrieve segments of the data object by transmitting a notification of the attempt to the initiation server 120. For example, the client device 110 may attempt (e.g., based on the sequencing key 200) to retrieve one or more segments of the data object from the first data store 140. As such, the initiation server 120 may receive, from the first data store 140, a notification that the client device 1 10 is attempting to retrieve one or more segments of the data object from the first data store 140.
[0067] The initiation server 120 determines whether the request to retrieve segments of the data object from the first storage location is in the order indicated by the sequencing key (509). According to one exemplary embodiment, the client device 110 is required to retrieve segments of the data object from storage locations in the order indicated by the
sequencing key in order to successfully retrieve the segments of the data object. For example, the sequencing key 200 indicates that segments of the data object are required to be retrieved first from the first data store 140 followed by the second data store 150, the third data store 160, the second data store 150, and the fourth data store 170. As such, the initiation server 120 may determine whether the request to retrieve segments of the data obj ect form the first data store 140 is in the order indicated by the sequencing key 200.
[0068] The initiation server 120 may determine that the request to retrieve segments of the data object from the first storage location is not in the order indicated by the sequencing key (509-N). Accordingly, the initiation server 120 invalidates the session with the client device 1 10 (510). In addition, in some embodiments, the initiation server 120 may retract segments of the data object stored across the plurality of storage locations (512). For example, the initiation server 120 may determine that the client device 110 is attempting to retrieve segments of the data object from the first data store 140 while the sequencing key 200 indicates that the client device 1 10 is required to retrieve segments of the data object from the second data store 150. As such, the initiation server 120 may terminate the secure session with the client device 110. The initiation server 120 may further retract the segments of the data object that are stored in the first data store 140, the second data store 150, the third data store 160, and the fourth data store 170.
[0069] Alternately, the initiation server 120 may determine that the request to retrieve the segments of the data object from the first storage location is in the order indicated by the sequencing key (509- Y). In response, the initiation server 120 may transmit a verification to the first storage location (514). For example, the initiation server 120 may determine that the client device 110 is attempting to retrieve segments of the data object from the first data store 140 as indicated by the sequencing key 200. As such, the initiation server 120 may transmit to the first data store 140 a verification that the client device 1 10 is
attempting to retrieve segments of the data object from the first data store 140 in the order indicated by the sequencing key 200.
[0070] The initiation server 120 may determine whether the client device 1 10 is successfully verified by the first storage location (515). In addition to retrieving segments of the data obj ect from storage locations in the order indicated by the sequencing key, the client device 110 may be required to provide the correct access key associated with each storage location in order to successfully retrieve segments of the data object. In various embodiments, the access key for each storage location may be included in a diffraction table (e.g., the diffraction table 250) provided by the initiation server 120. For example, in response to an attempt by the client device 110 to retrieve one or more segments of the data object from the first data store 140, the first data store 140 may verify the client device 110 based on the access key provided by the client device 1 10. The first data store 140 may transmit to the initiation server 120 an indication of whether the first data store 140 is able to successfully verify the client device 1 10.
[0071] If the initiation server 120 determines that the client device 110 is not successfully verified by the first storage location (515-N), the initiation server 120 may invalidate the session with the client device 1 10 (510). In some embodiments, the initiation server 120 may further retract the segments of the data object stored across the plurality of storage locations (512).
[0072] For example, the initiation server 120 may determine that the client device 110 is not successfully verified by the first data store 140 if the initiation server 120 receives a notification from the first data store 140 that the client device 110 was not successfully verified based on the access key provided by the client device 110 to the first data store 140. Alternately or in addition, the initiation server 120 may determine that the client device 1 10 is not successfully verified by the first data store 140 if the initiation server 120 fails to receive
any notification from the first data store 140 within a threshold length period of time from when the initiation server 120 transmitted the verification that the client device 1 10 is retrieving segments of the data object in the order indicated by the sequencing key 200. As such, the initiation server 120 may terminate the secure session with the client device 110. The initiation server 120 may further retract segments of the data object that are stored across the first data store 140, the second data store 150, the third data store 160, and the fourth data store 170.
[0073] Alternately, the initiation server 120 may determine that the client device 1 10 is successfully verified by the first storage location (515-Y). For example, the initiation server 120 may receive a notification from the first data store 140 indicating that the first data store is able to successfully verify the client device 1 10 based on the access key provided by the client device 110. In some embodiments, the initiation server 120 may determine that the client device is successfully verified by the first data store 140 if the initiation server 120 receives the notification from the first data store 140 within a threshold period of time from when the initiation server 120 transmitted the verification that the client device 1 10 is retrieving segments of the data object in the order indicated by the sequencing key 200.
[0074] As such, the initiation server 120 may receive notification from a second storage location of an attempt by the client device 110 to retrieve another segment of the data object (516). For example, the client device 1 10 may successfully retrieve the first segment of the data object if client device 1 10 is successfully verified by the first storage location. As such, the client device 110 may continue to retrieve additional segments of the data object from the plurality of storage locations. For instance, the client device 110 may attempt to retrieve a second segment of the data object from the second data store 150. The initiation server 120 may determine whether the request to retrieve segments of the data object from the second storage location is in the order indicated by the sequencing key (509).
[0075] A person having ordinary skill in the art can appreciate that one or more operations of the process 500 may be performed in a different order without departing from the scope of the present disclosure.
[0076] FIG. 6 is a flowchart illustrating a process 600 for providing a data object according to various embodiments. Referring to FIGS. 1 - 6, the process 600 can be performed, for example, by a storage location. The storage location may be one of a plurality of storage location including, for example, but not limited to, the first data store 140, the second data store 150, the third data store 160, the fourth data store 170, and/or the delivery server 180.
[0077] The storage location receives a request from the client device 1 10 to retrieve a first segment of the data object (602). In response to the request from the client device 1 10, the storage location transmits to the initiation server 120 a notification of the attempt by the client device 1 10 to retrieve the first segment of the data object (604).
[0078] For example, the client device 110 may attempt to retrieve segments of the data object from a plurality of storage locations based on the sequencing key 200 including, for example, but not limited to, the first data store 140. When the first data store 140 receives a request from the client device 110 to retrieve one or more segments of the data obj ect, the first data store 140 may transmit a notification of the request to the initiation server 120. According to one exemplary embodiment, in response to the notification from the first data store 140, the initiation server 120 determines whether the client device 110 is retrieving segments of the data object from the plurality of data stores in the order indicated by a sequencing key (e.g., the sequencing key 200).
[0079] The storage location determines whether a verification of the request is received from the initiation server 120 (605). For example, the initiation server 120 may transmit a verification to the first data store 140 if the initiation server 120 determines that the
client device 1 10 is retrieving segments of the data object from the plurality of data stores in the order indicated by a sequencing key (e.g., the sequencing key 200). Alternately, if the initiation server 120 determines that the client device 1 10 is not retrieving segments of the data object from the plurality of data stores in the order indicated by the sequencing key (e.g., the sequencing key 200), the initiation server 120 may not transmit a verification to the first data store 140 or the initiation server 120 may transmit an indication to the first data store 140 that the request by the client device 110 is not verified.
[0080] The storage location may determine that a verification of the request is not received from the initiation server 120 (605-N). For example, the first data store 140 may receive an indication from the initiation server 120 that the request by the client device 1 10 is not verified. Alternately, the first data store 140 may determine that the verification of the request is not received from the initiation server 120 if the first data store 140 fails to receive a verification within a threshold period of time from when the first data store 140 transmitted to the initiation server 120 the notification of the attempt by the client device to retrieve the first segment of the data object. As such, the storage location may terminate the connection with the client device 110 (606).
[0081] Alternately, if the storage location determines that a verification of the request is received from the initiation server 120 (605-Y), the storage location may verify the access key provided by the client device 1 10 (607). For example, the client device 110 may provide an access key for the first data store 140 when requesting to retrieve the first segment of the data object from the first data store 140. The access key for the first data store 140 may be included in a diffraction table (e.g., the diffraction table 250) provided to the client device 110 by the initiation server 120. In various embodiments, the access key for the first data store 140 may be generated based on tokens specific to the first data store 140 and/or the client device 1 10.
[0082] If the storage location does not successfully verify the access key provided by the client device 1 10 (607-N), the storage location terminates the connection with the client device 1 10 (606). Alternately, if the storage location successfully verifies the access key provided by the client device 1 10 (607-Y), the storage location provides the first segment of the data object to the client device 1 10 (608).
[0083] The storage location transmits a notification to the initiation server 120 of the successful verification of the client device 110 (610). In one exemplary embodiment, the initiation server 120 monitors the progress of the retrieval of the data object by the client device 110. The initiation server 120 may maintain a secure session with the client device 110 and allow the client device 110 to continue retrieving additional segments of the data obj ect from the plurality of storage locations if the client device 110 is successfully verified by the first data store 140 based on the access key provided by the client device 1 10. Alternately, the initiation server 120 may terminate the secure session with the client device 110 if the initiation server 120 determines that the client device 110 failed to be successfully verified by the first data store 140.
[0084] It is to be understood that at least some operations of the process 600 may be performed concurrently (or in sequence) without departing from the scope of the present disclosure. A person having ordinary skill in the art can appreciate that one or more operations of the process 600 may be performed in a different order without departing from the scope of the present disclosure.
[0085] FIG. 7 is a block diagram illustrating wired or wireless system 550 according to various embodiments. Referring to FIGS. 1 and 7, the system 550 may be used to implement the client device 1 10, the initiation server 120, and/or the delivery server 180.
[0086] In various embodiments, the system 550 can be a conventional personal computer, computer server, personal digital assistant, smart phone, tablet computer, or any
other processor enabled device that is capable of wired or wireless data communication. Other computer systems and/or architectures may be also used, as will be clear to those skilled in the art.
[0087] The system 550 preferably includes one or more processors, such as processor
560. Additional processors may be provided, such as an auxiliary processor to manage input/output, an auxiliary processor to perform floating point mathematical operations, a special-purpose microprocessor having an architecture suitable for fast execution of signal processing algorithms (e.g., digital signal processor), a slave processor subordinate to the main processing system (e.g., back-end processor), an additional microprocessor or controller for dual or multiple processor systems, or a coprocessor. Such auxiliary processors may be discrete processors or may be integrated with the processor 560.
[0088] The processor 560 is preferably connected to a communication bus 555. The communication bus 555 may include a data channel for facilitating information transfer between storage and other peripheral components of the system 550. The communication bus 555 further may provide a set of signals used for communication with the processor 560, including a data bus, address bus, and control bus (not shown). The communication bus 555 may comprise any standard or non-standard bus architecture such as, for example, bus architectures compliant with industry standard architecture ("ISA"), extended industry standard architecture ("EISA"), Micro Channel Architecture ("MCA"), peripheral component interconnect ("PCI") local bus, or standards promulgated by the Institute of Electrical and Electronics Engineers ("IEEE") including IEEE 488 general-purpose interface bus ("GPIB"), IEEE 696/S-100, and the like.
[0089] System 550 preferably includes a main memory 565 and may also include a secondary memory 570. The main memory 565 provides storage of instructions and data for programs executing on the processor 560. The main memory 565 is typically semiconductor-
based memory such as dynamic random access memory ("DRAM") and/or static random access memory ("SRAM"). Other semiconductor-based memory types include, for example, synchronous dynamic random access memory ("SDRAM"), Rambus dynamic random access memory ("RDRAM"), ferroelectric random access memory ("FRAM"), and the like, including read only memory ("ROM").
[0090] The secondary memory 570 may optionally include an internal memory 575 and/or a removable storage medium 580, for example a floppy disk drive, a magnetic tape drive, a compact disc ("CD") drive, a digital versatile disc ("DVD") drive, etc. The removable storage medium 580 is read from and/or written to in a well-known manner. Removable storage medium 580 may be, for example, a floppy disk, magnetic tape, CD, DVD, SD card, etc.
[0091] The removable storage medium 580 is a non-transitory computer readable medium having stored thereon computer executable code (i.e., software) and/or data. The computer software or data stored on the removable storage medium 580 is read into the system 550 for execution by the processor 560.
[0092] In alternative embodiments, the secondary memory 570 may include other similar means for allowing computer programs or other data or instructions to be loaded into the system 550. Such means may include, for example, an external storage medium 595 and a communication interface 590. Examples of external storage medium 595 may include an external hard disk drive or an external optical drive, or and external magneto-optical drive.
[0093] Other examples of secondary memory 570 may include semiconductor-based memory such as programmable read-only memory ("PROM"), erasable programmable readonly memory ("EPROM"), electrically erasable read-only memory ("EEPROM"), or flash memory (block oriented memory similar to EEPROM). Also included are the removable
storage medium 580 and a communication interface , which allow software and data to be transferred from an external storage medium 595 to the system 550.
[0094] System 550 may also include an input/output ("I/O") interface 585. The I/O interface 585 facilitates input from and output to external devices. For example the I/O interface 585 may receive input from a keyboard or mouse and may provide output to a display. The I/O interface 585 is capable of facilitating input from and output to various alternative types of human interface and machine interface devices alike.
[0095] System 550 may also include a communication interface 590. The communication interface 590 allows software and data to be transferred between system 550 and external devices (e.g. printers), networks, or information sources. For example, computer software or executable code may be transferred to system 550 from a network server via communication interface 590. Examples of communication interface 590 include a modem, a network interface card ("NIC"), a wireless data card, a communications port, a PCMCIA slot and card, an infrared interface, and an IEEE 1394 fire- wire, just to name a few.
[0096] Communication interface 590 preferably implements industry promulgated protocol standards, such as Ethernet IEEE 802 standards, Fiber Channel, digital subscriber line ("DSL"), asynchronous digital subscriber line ("ADSL"), frame relay, asynchronous transfer mode ("ATM"), integrated digital services network ("ISDN"), personal communications services ("PCS"), transmission control protocol/Internet protocol ("TCP/IP"), serial line Internet protocol/point to point protocol ("SLIP/PPP"), and so on, but may also implement customized or non-standard interface protocols as well.
[0097] Software and data transferred via communication interface 590 are generally in the form of electrical communication signals 605. The electrical communication signals 605 are preferably provided to communication interface 590 via a communication channel 600. In one embodiment, the communication channel 600 may be a wired or wireless
network, or any variety of other communication links. Communication channel 600 carries the electrical communication signals 605 and can be implemented using a variety of wired or wireless communication means including wire or cable, fiber optics, conventional phone line, cellular phone link, wireless data communication link, radio frequency ("RF") link, or infrared link, just to name a few.
[0098] Computer executable code (i.e., computer programs or software) is stored in the main memory 565 and/or the secondary memory 570. Computer programs can also be received via communication interface 590 and stored in the main memory 565 and/or the secondary memory 570. Such computer programs, when executed, enable the system 550 to perform the various functions of the present invention as previously described.
[0099] In this description, the term "computer readable medium" is used to refer to any non-transitory computer readable storage media used to provide computer executable code (e.g., software and computer programs) to the system 550. Examples of these media include main memory 565, secondary memory 570 (including internal memory 575, removable storage medium 580, and external storage medium 595), and any peripheral device communicatively coupled with communication interface 590 (including a network information server or other network device). These non-transitory computer readable mediums are means for providing executable code, programming instructions, and software to the system 550.
[00100] In an embodiment that is implemented using software, the software may be stored on a computer readable medium and loaded into the system 550 by way of removable storage medium 580, I/O interface 585, or communication interface 590. In such an embodiment, the software is loaded into the system 550 in the form of electrical communication signals 605. The software, when executed by the processor 560, preferably
causes the processor 560 to perform the inventive features and functions previously described herein.
[00101] The system 550 also includes optional wireless communication components that facilitate wireless communication over a voice and over a data network. The wireless communication components comprise an antenna system 610, a radio system 615 and a baseband system 620. In the system 550, radio frequency ("RF") signals are transmitted and received over the air by the antenna system 610 under the management of the radio system 615.
[00102] In one embodiment, the antenna system 610 may comprise one or more antennae and one or more multiplexors (not shown) that perform a switching function to provide the antenna system 610 with transmit and receive signal paths. In the receive path, received RF signals can be coupled from a multiplexor to a low noise amplifier (not shown) that amplifies the received RF signal and sends the amplified signal to the radio system 615.
[00103] In alternative embodiments, the radio system 615 may comprise one or more radios that are configured to communicate over various frequencies. In one embodiment, the radio system 615 may combine a demodulator (not shown) and modulator (not shown) in one integrated circuit ("IC"). The demodulator and modulator can also be separate components. In the incoming path, the demodulator strips away the RF carrier signal leaving a baseband receive audio signal, which is sent from the radio system 615 to the baseband system 620.
[00104] If the received signal contains audio information, then baseband system 620 decodes the signal and converts it to an analog signal. Then the signal is amplified and sent to a speaker. The baseband system 620 also receives analog audio signals from a microphone. These analog audio signals are converted to digital signals and encoded by the baseband system 620. The baseband system 620 also codes the digital signals for transmission and generates a baseband transmit audio signal that is routed to the modulator
portion of the radio system 615. The modulator mixes the baseband transmit audio signal with an RF carrier signal generating an RF transmit signal that is routed to the antenna system and may pass through a power amplifier (not shown). The power amplifier amplifies the RF transmit signal and routes it to the antenna system 610 where the signal is switched to the antenna port for transmission.
[00105] The baseband system 620 is also communicatively coupled with the processor
560. The processor 560 has access to one or more data storage areas including, for example, but not limited to, the main memory 565 and the secondary memory 570. The processor 560 is preferably configured to execute instructions (i.e., computer programs or software) that can be stored in the main memory 565 or in the secondary memory 570. Computer programs can also be received from the baseband processor 610 and stored in the main memory 565 or in the secondary memory 570, or executed upon receipt. Such computer programs, when executed, enable the system 550 to perform the various functions of the present invention as previously described. For example, the main memory 565 may include various software modules (not shown) that are executable by processor 560.
[00106] Various embodiments may also be implemented primarily in hardware using, for example, components such as application specific integrated circuits ("ASICs"), or field programmable gate arrays ("FPGAs"). Implementation of a hardware state machine capable of performing the functions described herein will also be apparent to those skilled in the relevant art. Various embodiments may also be implemented using a combination of both hardware and software.
[00107] Furthermore, those of skill in the art will appreciate that the various illustrative logical blocks, modules, circuits, and method steps described in connection with the above described figures and the embodiments disclosed herein can often be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this
interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled persons can implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the invention. In addition, the grouping of functions within a module, block, circuit or step is for ease of description. Specific functions or steps can be moved from one module, block or circuit to another without departing from the invention.
[00108] Moreover, the various illustrative logical blocks, modules, and methods described in connection with the embodiments disclosed herein can be implemented or performed with a general purpose processor, a digital signal processor ("DSP"), an ASIC, FPGA or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor can be a microprocessor, but in the alternative, the processor can be any processor, controller, microcontroller, or state machine. A processor can also be implemented as a combination of computing devices, for example, a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
[00109] Additionally, the steps of a method or algorithm described in connection with the embodiments disclosed herein can be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module can reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium including a network storage medium. An exemplary storage medium can be coupled
to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium can be integral to the processor. The processor and the storage medium can also reside in an ASIC.
[00110] The above description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles described herein can be applied to other embodiments without departing from the spirit or scope of the invention. Thus, it is to be understood that the description and drawings presented herein represent a presently preferred embodiment of the invention and are therefore representative of the subject matter which is broadly contemplated by the present invention. It is further understood that the scope of the present invention fully encompasses other embodiments that may become obvious to those skilled in the art and that the scope of the present invention is accordingly not limited.
Claims
1. A method for retrieving a data object, comprising:
transmitting from a client device to an initiation server a request to retrieve the data object, wherein the data object comprises a plurality of segments stored across a plurality of storage locations;
receiving, at the client device, a sequencing key from the initiation server in response to the request to retrieve the data object, wherein the sequencing key comprises an ordered list of the plurality of storage locations; and
retrieving, by the client device, the plurality of segments of the data object from the plurality of storage locations based at least in part on an order indicated by the sequencing key.
2. The method of claim 1, wherein the ordered list comprises a first identifier associated with a first storage location followed by a second identifier associated with a second storage location.
3. The method of claim 2, wherein based on the sequencing key, retrieving the plurality of segments of the data object from the plurality of storage locations includes retrieving a first segment of the data object from the first storage location prior to retrieving a second segment of the data object from the second storage location.
4. The method of claim 3, wherein the initiation server is configured to terminate a secure session with the client device in response to determining that the client device is attempting to retrieve the second segment of the data object from the second storage
location prior to retrieving the first segment of the data object from the first storage location.
5. The method of claim 1, further comprising receiving a diffraction table from the initiation server.
6. The method of claim 5, wherein the plurality of segments of the data object is retrieved from the plurality of storage locations further based on the diffraction table.
7. The method of claim 6, wherein the diffraction table includes, for each of the plurality of storage locations, a corresponding universal record locator (URL), port number, and access key.
8. The method of claim 7, wherein the access key associated with a first of the plurality of storage locations is generated based at least in part on a token associated with the first storage location and a token associated with the client device.
9. The method of claim 7, further comprising providing the access key associated with a first of the plurality of storage locations to retrieve a first segment of the data object from the first storage location.
10. The method of claim 9, wherein the first storage location is configured to provide the first segment of the data object to the client device in response to successfully verifying the client device based on the access key provided by the client device.
1 1. A method for providing a data object, comprising:
receiving, at an initiation server, a request from a client device to retrieve a data object;
generating a sequencing key in response to the request from the client device to retrieve the data object, wherein the sequencing key comprises an ordered list of the plurality of storage locations;
transmitting the sequencing key to the client device;
receiving a notification from a first of the plurality of storage locations of an attempt by the client device to retrieve a first segment of the data object;
determining whether the request to retrieve the first segment of the data object from the first storage location is in an order indicated by the sequencing key; and
invalidating a session with the client device in response to determining that the request to retrieve the first segment of the data object from the first storage location is not in the order indicated by the sequencing key.
12. The method of claim 11 , further comprising retracting the plurality of segments of the data object from the plurality of storage locations in response to determining that the request to retrieve the first segment of the data object from the first storage location is not in the order indicated by the sequencing key.
13. The method of claim 1 1, further comprising transmitting a verification to the first storage location in response to determining that the request to retrieve the first segment of the data object from the first storage location is in the order indicated by the sequencing key.
14. The method of claim 13, wherein the first storage location is configured to provide the first segment of the data object to the client device in response to receiving the verification from the initiation server and to successfully verifying the client device based on an access key provided by the client device.
15. The method of claim 11 , further comprising:
authenticating the client device; and
in response to successfully authenticating the client device:
generating a diffraction table that includes, for each of the plurality of storage locations, a universal record locator (URL), a port number, and an access key; and transmitting the diffraction table to the client device.
16. A method of providing a data object, comprising:
receiving, at a first of a plurality of storage locations, a request from a client device to retrieve a first of a plurality of segments of a data object, wherein the data object comprises the plurality of segments stored across the plurality of storage locations;
transmitting, to an initiation server, a notification of the attempt by the client device to retrieve the first segment of the data object;
determining whether a verification of the request is received from the initiation server; and
in response to determining that a verification of the request is received from the initiation server:
verifying an access key provided by the client device; and
providing the first segment of the data object to the client device in response to successfully verifying the access key provided by the client device.
17. The method of claim 16, further comprising in response to successfully verifying the access key provided by the client device, transmitting a notification to the initiation server of a successful verification of the client device.
18. The method of claim 16, further comprising terminating a connection with the client device in response to determining that a verification of the request is not received from the initiation server.
19. The method of claim 16, wherein the initiation server is configured to transmit the verification of the request in response to determining that the client device is retrieving the first segment of the data object from the first storage location in an order indicated by a sequencing key provided by the initiation server.
20. The method of claim 19, wherein the initiation server is further configured to provide the access key for the first storage location in a diffraction table that includes, for each of the plurality of storage locations, a corresponding universal record locator (URL), port number, and access key.
21. A system for diffracted data retrieval (DDR), comprising:
a plurality of storage locations;
a client device configured to:
transmit a request to retrieve a data object, wherein the data object comprises a plurality of segments stored across the plurality of storage locations;
receive a sequencing key in response to the request to retrieve the data object, wherein the sequencing key comprises an ordered list of the plurality of storage locations; and
retrieve the plurality of segments of the data object from the plurality of storage locations based at least in part on an order indicated by the sequencing key; and an initiation server configured to:
receive the request from the client device to retrieve the data object; generate the sequencing key in response to the request from the client device to retrieve the data object;
transmit the sequencing key to the client device; and
monitor a progress of the retrieval of the data object by the client device.
22. The system of claim 21, wherein to monitor the progress of the retrieval of the data object by the client device, the initiation server is configured to:
receive a notification from a first of the plurality of storage locations of an attempt by the client device to retrieve a first segment of the data object;
determine whether the request to retrieve the first segment of the data object from the first storage location is in the order indicated by the sequencing key; and
invalidating a session with the client device in response to determining that the request to retrieve the first segment of the data object from the first storage location is not in the order indicated by the sequencing key.
23. The system of claim 21, wherein a first of the plurality of storage location is configured to:
receive a request from the client device to retrieve a first of a plurality of segments of the data obj ect;
transmit, to the initiation server, a notification of the attempt by the client device to retrieve the first segment of the data object;
determine whether a verification of the request is received from the initiation server; and
in response to determining that a verification of the request is received from the initiation server:
verify an access key provided by the client device; and
provide the first segment of the data object to the client device in response to successfully verifying the access key provided by the client device.
24. The system of claim 23, wherein the first storage location is further configured to transmit to the initiation server a notification of a successful verification of the client device.
25. The system of claim 24, wherein the initiation server is further configured to invalidate a session with the client device in response to determining that the client device is not successfully verified by the first storage location.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2968084A CA2968084C (en) | 2014-12-15 | 2015-12-15 | Systems and methods for diffracted data retrieval |
EP20185548.3A EP3796201A3 (en) | 2014-12-15 | 2015-12-15 | Systems and methods for diffracted data retrieval |
EP15870918.8A EP3234856B1 (en) | 2014-12-15 | 2015-12-15 | Method for diffracted data retrieval |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201462092227P | 2014-12-15 | 2014-12-15 | |
US62/092,227 | 2014-12-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016100404A1 true WO2016100404A1 (en) | 2016-06-23 |
Family
ID=56112334
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2015/065911 WO2016100404A1 (en) | 2014-12-15 | 2015-12-15 | Systems and methods for diffracted data retrieval |
Country Status (4)
Country | Link |
---|---|
US (2) | US10165050B2 (en) |
EP (2) | EP3796201A3 (en) |
CA (1) | CA2968084C (en) |
WO (1) | WO2016100404A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024030240A1 (en) * | 2022-08-03 | 2024-02-08 | Shardsecure, Inc. | Utilization of detached pointers with microshard data fragmentation |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10146850B2 (en) | 2012-10-30 | 2018-12-04 | FHOOSH, Inc. | Systems and methods for collecting, classifying, organizing and populating information on electronic forms |
WO2016049227A1 (en) | 2014-09-23 | 2016-03-31 | FHOOSH, Inc. | Secure high speed data storage, access, recovery, and transmission |
US10579823B2 (en) | 2014-09-23 | 2020-03-03 | Ubiq Security, Inc. | Systems and methods for secure high speed data generation and access |
US10373496B2 (en) * | 2017-03-23 | 2019-08-06 | Toyota Jidosha Kabushiki Kaisha | Parking management system and parking management method |
US11095631B1 (en) * | 2017-04-17 | 2021-08-17 | T Stamp Inc. | Systems and methods for identity verification via third party accounts |
US11349656B2 (en) | 2018-03-08 | 2022-05-31 | Ubiq Security, Inc. | Systems and methods for secure storage and transmission of a data stream |
US20190278931A1 (en) * | 2018-03-08 | 2019-09-12 | Ubiq Security, Inc. | Systems and methods for secure data storage and retrieval |
US11175507B2 (en) | 2018-03-15 | 2021-11-16 | Facebook Technologies, Llc | Polarization-sensitive components in optical systems for large pupil acceptance angles |
US11175508B2 (en) * | 2018-03-15 | 2021-11-16 | Facebook Technologies, Llc | Display device with varifocal optical assembly |
US20190285891A1 (en) | 2018-03-15 | 2019-09-19 | Oculus Vr, Llc | Image quality of pancharatnam berry phase components using polarizers |
US11846779B2 (en) | 2018-03-15 | 2023-12-19 | Meta Platforms Technologies, Llc | Display device with varifocal optical assembly |
US11093771B1 (en) | 2018-05-04 | 2021-08-17 | T Stamp Inc. | Systems and methods for liveness-verified, biometric-based encryption |
US11496315B1 (en) | 2018-05-08 | 2022-11-08 | T Stamp Inc. | Systems and methods for enhanced hash transforms |
US11243692B2 (en) * | 2018-12-07 | 2022-02-08 | Netapp, Inc. | Object tiering in a distributed storage system |
US12058234B2 (en) * | 2019-03-29 | 2024-08-06 | Accenture Global Solutions Limited | Cryptologic blockchain-based off-chain storage verification |
US11301586B1 (en) | 2019-04-05 | 2022-04-12 | T Stamp Inc. | Systems and processes for lossy biometric representations |
US11967173B1 (en) | 2020-05-19 | 2024-04-23 | T Stamp Inc. | Face cover-compatible biometrics and processes for generating and using same |
US20220159029A1 (en) * | 2020-11-13 | 2022-05-19 | Cyberark Software Ltd. | Detection of security risks based on secretless connection data |
US12079371B1 (en) | 2021-04-13 | 2024-09-03 | T Stamp Inc. | Personal identifiable information encoder |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030204602A1 (en) | 2002-04-26 | 2003-10-30 | Hudson Michael D. | Mediated multi-source peer content delivery network architecture |
US20080022012A1 (en) | 2006-07-20 | 2008-01-24 | Matrix Xin Wang | Peer-to-peer file download system for IPTV network |
US20120331088A1 (en) * | 2011-06-01 | 2012-12-27 | Security First Corp. | Systems and methods for secure distributed storage |
US8386706B2 (en) * | 2008-01-08 | 2013-02-26 | International Business Machines Corporation | Method and system for secure data storage |
US20130173553A1 (en) * | 2011-12-29 | 2013-07-04 | Anand Apte | Distributed Scalable Deduplicated Data Backup System |
US20130290648A1 (en) * | 2012-04-27 | 2013-10-31 | Netapp, Inc. | Efficient data object storage and retrieval |
US8782437B2 (en) * | 2000-11-02 | 2014-07-15 | Intel Corporation | Content protection using block reordering |
GB2514428A (en) | 2013-08-19 | 2014-11-26 | Visa Europe Ltd | Enabling access to data |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1522947A3 (en) | 1998-06-04 | 2005-05-04 | Collegenet, Inc. | Universal forms engines |
US7334184B1 (en) | 1999-03-10 | 2008-02-19 | American Express Travel Related Services Company, Inc. | Method for online information sharing for completing electronic forms |
US6088700A (en) | 1999-08-06 | 2000-07-11 | Larsen; Kenneth N. | Automated forms completion for global information network applications |
US7630986B1 (en) * | 1999-10-27 | 2009-12-08 | Pinpoint, Incorporated | Secure data interchange |
US7434219B2 (en) | 2000-01-31 | 2008-10-07 | Commvault Systems, Inc. | Storage of application specific profiles correlating to document versions |
US7257581B1 (en) | 2000-08-04 | 2007-08-14 | Guardian Networks, Llc | Storage, management and distribution of consumer information |
US20020111888A1 (en) | 2000-09-01 | 2002-08-15 | Todd Stanley | Automated tax return with universal data import |
US20020062342A1 (en) | 2000-11-22 | 2002-05-23 | Sidles Charles S. | Method and system for completing forms on wide area networks such as the internet |
US7092952B1 (en) | 2001-11-20 | 2006-08-15 | Peter Wilens | Method for grouping computer subscribers by common preferences to establish non-intimate relationships |
JP4807106B2 (en) | 2006-03-02 | 2011-11-02 | 富士ゼロックス株式会社 | Electronic form, electronic document generation apparatus, program, and method |
US20080155664A1 (en) * | 2006-12-24 | 2008-06-26 | Zeev Lieber | Identity management system with an untrusted identity provider |
US20090030910A1 (en) | 2007-07-25 | 2009-01-29 | Stephen Bennett | Information storage and management system and method for automating online requests and transactions |
US8396838B2 (en) | 2007-10-17 | 2013-03-12 | Commvault Systems, Inc. | Legal compliance, electronic discovery and electronic document handling of online and offline copies of data |
EP2159720A1 (en) * | 2008-08-28 | 2010-03-03 | Bach Technology AS | Apparatus and method for generating a collection profile and for communicating based on the collection profile |
US8019664B1 (en) | 2008-10-14 | 2011-09-13 | Intuit Inc. | System and method for completing a form |
US8228542B2 (en) | 2009-03-31 | 2012-07-24 | 1st Management Services, Inc. | Systems and methods for storing multiple records using identifiers, storage locations, and attributes associated with electronic documents |
US20100274590A1 (en) | 2009-04-24 | 2010-10-28 | Compangano Jeffrey B | Insurance administration systems and methods |
US8494872B2 (en) | 2010-02-04 | 2013-07-23 | International Business Machines Corporation | Personalized electronic healthcare management |
US20110289010A1 (en) | 2010-05-21 | 2011-11-24 | Rankin Jr Claiborne R | Apparatuses, methods and systems for an activity tracking and property transaction facilitating hub user interface |
US20130041808A1 (en) * | 2011-08-10 | 2013-02-14 | Nathalie Pham | Distributed media access |
US8904503B2 (en) * | 2013-01-15 | 2014-12-02 | Symantec Corporation | Systems and methods for providing access to data accounts within user profiles via cloud-based storage services |
WO2015066537A1 (en) * | 2013-10-31 | 2015-05-07 | Eco-Mail Development, Llc | System and method for secured content delivery |
-
2015
- 2015-12-15 EP EP20185548.3A patent/EP3796201A3/en active Pending
- 2015-12-15 EP EP15870918.8A patent/EP3234856B1/en active Active
- 2015-12-15 WO PCT/US2015/065911 patent/WO2016100404A1/en active Application Filing
- 2015-12-15 US US14/970,466 patent/US10165050B2/en active Active
- 2015-12-15 CA CA2968084A patent/CA2968084C/en active Active
-
2018
- 2018-12-14 US US16/221,304 patent/US20190124152A1/en not_active Abandoned
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8782437B2 (en) * | 2000-11-02 | 2014-07-15 | Intel Corporation | Content protection using block reordering |
US20030204602A1 (en) | 2002-04-26 | 2003-10-30 | Hudson Michael D. | Mediated multi-source peer content delivery network architecture |
US20080022012A1 (en) | 2006-07-20 | 2008-01-24 | Matrix Xin Wang | Peer-to-peer file download system for IPTV network |
US8386706B2 (en) * | 2008-01-08 | 2013-02-26 | International Business Machines Corporation | Method and system for secure data storage |
US20120331088A1 (en) * | 2011-06-01 | 2012-12-27 | Security First Corp. | Systems and methods for secure distributed storage |
US20130173553A1 (en) * | 2011-12-29 | 2013-07-04 | Anand Apte | Distributed Scalable Deduplicated Data Backup System |
US20130290648A1 (en) * | 2012-04-27 | 2013-10-31 | Netapp, Inc. | Efficient data object storage and retrieval |
GB2514428A (en) | 2013-08-19 | 2014-11-26 | Visa Europe Ltd | Enabling access to data |
Non-Patent Citations (1)
Title |
---|
See also references of EP3234856A4 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024030240A1 (en) * | 2022-08-03 | 2024-02-08 | Shardsecure, Inc. | Utilization of detached pointers with microshard data fragmentation |
Also Published As
Publication number | Publication date |
---|---|
US20190124152A1 (en) | 2019-04-25 |
EP3234856A1 (en) | 2017-10-25 |
CA2968084C (en) | 2024-01-02 |
EP3796201A2 (en) | 2021-03-24 |
US10165050B2 (en) | 2018-12-25 |
CA2968084A1 (en) | 2016-06-23 |
EP3796201A3 (en) | 2021-04-07 |
EP3234856A4 (en) | 2018-09-19 |
EP3234856B1 (en) | 2020-07-15 |
US20160173605A1 (en) | 2016-06-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2968084C (en) | Systems and methods for diffracted data retrieval | |
US20230085027A1 (en) | System, method and computer program product for credential provisioning in a mobile device platform | |
US10579817B2 (en) | Systems and methods for front-end and back-end data security protocols | |
US8606234B2 (en) | Methods and apparatus for provisioning devices with secrets | |
US9450921B2 (en) | Systems and methods for controlling email access | |
US10645557B2 (en) | Transferable ownership tokens for discrete, identifiable devices | |
JP6255091B2 (en) | Secure proxy to protect private data | |
US9325713B2 (en) | Systems and methods for controlling email access | |
US9032217B1 (en) | Device-specific tokens for authentication | |
US20190138621A1 (en) | High-speed secure virtual file system | |
US9369286B2 (en) | System and methods for facilitating authentication of an electronic device accessing plurality of mobile applications | |
JP2019508972A (en) | System and method for password assisted computer login service assisted mobile pairing | |
US9747434B1 (en) | Authenticating with an external device by providing a message having message fields arranged in a particular message field order | |
US10609070B1 (en) | Device based user authentication | |
US10298556B2 (en) | Systems and methods for secure storage and management of credentials and encryption keys | |
WO2017063163A1 (en) | Apparatus, method and computer program product for authentication | |
US10375084B2 (en) | Methods and apparatuses for improved network communication using a message integrity secure token | |
EP2342672A2 (en) | Network location determination for direct access networks | |
US8799646B1 (en) | Methods and systems for authenticating devices | |
Jeong | A study on smart door lock control system | |
US12124560B2 (en) | Keystroke cipher password management system and method for managing and protecting master passwords without exposing to others |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15870918 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2968084 Country of ref document: CA |
|
REEP | Request for entry into the european phase |
Ref document number: 2015870918 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |