WO2019009795A1 - Secure data transfer and storage - Google Patents

Secure data transfer and storage Download PDF

Info

Publication number
WO2019009795A1
WO2019009795A1 PCT/SE2018/050735 SE2018050735W WO2019009795A1 WO 2019009795 A1 WO2019009795 A1 WO 2019009795A1 SE 2018050735 W SE2018050735 W SE 2018050735W WO 2019009795 A1 WO2019009795 A1 WO 2019009795A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
storage device
data
file storage
key
Prior art date
Application number
PCT/SE2018/050735
Other languages
French (fr)
Inventor
Josef HADDAD
Karl Magnus BERG
Christian Ronald CARRION BRACAMONTE
Original Assignee
Braceit Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Braceit Ab filed Critical Braceit Ab
Publication of WO2019009795A1 publication Critical patent/WO2019009795A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the present disclosure relates to secure data transfer and storage.
  • the present disclosure relates to methods, devices and computer programs for secure transfer and storage of data on a file storage device.
  • the public cloud provides connected users with the convenience of access to their online files.
  • the present disclosure provides an alternative solution to using the cloud, which provides secure transfer and storage of data and maintains many of the benefits associated with the cloud.
  • Local storage works securely offline, but it lacks the accessibility and smartness of the cloud.
  • the present disclosure proposes a solution based on transferring data between a client device and a file storage device, and storing it on the file storage device, wherein the methods of data transfer and storage are particularly arranged to provide secure data transfer and storage.
  • the client device and the files storage device may each be arranged to communicate via cable and/or wirelessly.
  • the result is similar to a secure private cloud that can be accessed offline, which is particularly advantageous if the file storage device is portable, i.e. a mobile file storage device, as described further below.
  • the present disclosure relates to a method for file access restriction.
  • the method comprises transmitting access restriction information from a client device to a file storage device via respective communication interfaces.
  • the access restriction information comprises information identifying at least one file and/or folder to be access restricted when an access restriction criterion is met.
  • the method further comprises receiving, at the file storage device, the access restriction information.
  • the method also comprises configuring the storage device to restrict access to the identified at least one file and/or folder when the access restriction criterion is met.
  • the method yet further comprises detecting when the access restriction criterion is met.
  • the disclosed method thereby enables defining both the conditions under which data is access restricted and the nature of the access restriction. This provides increased flexibility with respect to the prior art in tailoring the availability of stored data.
  • the disclosed method enables the at least one file and/or folder to be hidden when the file storage device is outside a predetermined region.
  • the likelihood that a potential intruder will get access to protected data is significantly reduced.
  • the term "hide” and variations thereof is intended throughout to mean “making something invisible”. When a file is hidden and a list of contents of a directory does not list the hidden file. Similarly for folders or other data structures.
  • the claimed solution does not require sending keys. Sending keys over the internet is considered bad practice since the keys are sent through a hostile environment.
  • the claimed solution has a much more solid infrastructure.
  • the present disclosure also relates to a method for storage of data at a file storage device.
  • the method comprises obtaining an encrypted file to be stored on the file storage device using a public key.
  • the public key is a key from an asymmetric key pair.
  • the asymmetric key pair comprises the public key and a private key.
  • the method further comprises storing the public key on the file storage device.
  • the public key is stored only once, e.g. at a data base at the file storage device. In some examples, the public key is stored on the file storage device during generation of a partition at a data storage of the file storage device.
  • the claimed solution does not require sending keys. Sending keys over the internet is usually considered bad practice since the keys are sent through a hostile environment. The claimed solution has a much more solid infrastructure.
  • the method yet further comprises storing the encrypted file on the file storage device.
  • the disclosed method thereby enables limiting access to the stored data to a secure location where the private key is available.
  • the file storage device provides a write-only functionality in the sense that the stored data is not readable from the file storage device, but it is possible to write to the file storage device.
  • the stored data can however be read by using the private key.
  • the present disclosure further relates to a method for secure offline data transport.
  • the method comprises selecting a set of data storage devices comprising at least a main data storage device and one or more supplementary data storage devices.
  • the method further comprises splitting up at least one file into a plurality of data segments.
  • the method also comprises encrypting the at least one file based on a key or password.
  • the at least one file is encrypted before it is split up. Encrypting the file before splitting it up may make it more difficult for a third party to get unauthorized access by trying to decrypt the segments.
  • the at least one file is split up before being encrypted, i.e. the segments of the file from being split up are encrypted.
  • the claimed solution does not require sending keys. Sending keys over the internet is usually considered bad practice since the keys are sent through a hostile environment.
  • the claimed solution has a much more solid infrastructure.
  • the method additionally comprises distributing copies of the plurality of data segments over the selected data storage devices.
  • the method yet further comprises receiving the plurality of data segments at the main data storage device.
  • the method also comprises merging, at the main data storage device, the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate.
  • the method further comprises decrypting, at the main data storage device, the at least one file from which the plurality of decrypted data segments originate based on the key or password.
  • the disclosed method thereby enables encrypting and splitting up the data into several data segments at an original location and performing the reverse at a target location, while the transport from the original location to the target location may take different routes and by different means. This prevents the original data from being intercepted; only fragments can be intercepted. Furthermore, by splitting up the data it is possible to further increase the complexity for a third party to decrypt the data.
  • Figure 1 illustrates a method for file access restriction
  • Figure 2 illustrates different embodiments of a method for file access restriction
  • Figure 3 illustrates a file storage device for file access restriction
  • Figure 4 illustrates a method for file access restriction selection
  • Figure 5 illustrates a client device for file access restriction selection
  • Figure 6 illustrates a method for file access restriction selection
  • Figure 7 illustrates a method for storage of data at a file storage device
  • Figure 8 illustrates different embodiments of a method for storage of data at a file storage device
  • Figure 9 illustrates a file storage device for secure storage of data
  • Figure 10 illustrates a method for storage of data
  • Figure 11 illustrates a client device for secure storage of data
  • Figure 12 illustrates a method for storage of data
  • Figure 13 illustrates a method for secure offline data transport
  • Figure 14 illustrates different embodiments of a method for secure offline data transport
  • Figure 15 illustrates a file storage device for secure offline data transport
  • Figure 16 illustrates a method for secure offline data transport.
  • Figure 1 illustrates a method for file access restriction.
  • the method comprises transmitting S10 access restriction information from a client device to a file storage device via respective communication interfaces.
  • the communication may be performed via cable and/or wirelessly.
  • the method may comprise a step of establishing a connection between the client device and the file storage device.
  • the access restriction information comprises information identifying at least one file and/or folder to be access restricted when an access restriction criterion is met.
  • the method comprises selecting, via the client device, the at least one file and/or folder to be access restricted and/or the access restriction criterion.
  • access being access restricted comprises being hidden.
  • the file storage device when a user examines the file storage device in order to find out information about the data stored thereon, the file storage device is arranged to conceal the presence of the identified at least one file and/or folder.
  • the access restriction criterion may be based on a combination of geographic data, biometric data and physical sensor data obtained by either the client device or the file storage device.
  • the client device may comprise a camera and/or a fingerprint sensor, which enables face recognition and/or fingerprint data to be used as biometric data.
  • a sound sensor may be used to enable voice recognition.
  • the client device and/or the file storage device comprise movement sensors, e.g. accelerometers and/or gyroscopes, which enable registering linear movements as well as rotations, i.e.
  • the movement sensors enable registering unique movement patterns.
  • other physical sensor data may comprise temperature and/or lighting conditions.
  • Yet other physical sensor data may comprise pressure, vibrations and/or humidity.
  • An access restriction criterion based on geographic data may comprise one or more geographical regions in which the file storage device must be located for access to the at least one file and/or folder.
  • the method further comprises receiving S30, at the file storage device, the access restriction information.
  • the method also comprises configuring S50 the storage device to restrict access to the identified at least one file and/or folder when the access restriction criterion is met.
  • the access restriction criterion comprises the file storage device being outside a respective region associated with the identified at least one file and/or folder. In other words, the at least one file and/or folder is only available, e.g. visible, if the file storage device is inside said respective region.
  • each respective region is defined by geographical coordinate data.
  • the coordinate data may comprise global navigation satellite system, GNSS, coordinate data.
  • GNSS global navigation satellite system
  • Examples of GNSS include NAVSTAR global positioning system, GPS, typically just called GPS, the Russian system GLONASS and the European system Galileo.
  • the region(s) defining the access restriction criterion may be selected via the client device.
  • the client device may be arranged to provide the user with a visible map on which to define one or more regions per file and/or folder in which the file storage device has to be for the selected files and/or folders to be visible.
  • the associated file(s) and/or folder(s) will be visible at two positions; both at the current position and the position selected on the map. When the user leaves the position where the visible area was set, the associated file(s) and/or folder(s) will become invisible and impossible to access until the user goes back to the original position, or arrives at the selected area.
  • the method comprises storing the access restriction criterion and/or information identifying at least one file and/or folder to be access restricted on a database at the file storage device.
  • the method additionally comprises detecting S70 when the access restriction criterion is met.
  • Sensor data may be compared to the access restriction criterion. For instance, in the case of hiding a file when the file storage device is outside a region, if an internal positioning sensor is present, the current position may be obtained from the internal positioning sensor. Instead, or in addition thereto, the file storage device may be arranged to ask the client device about the current position. In this case, the position may be read over a short range client interface, such as Bluetooth which has a range on the order of ten meters, so the position difference between the file storage device and the client device is small enough to be negligible for this function. If no position can be obtained, the client device is arranged not to provide access to any files/directories. If the current position can be determined, the determined position information may be used to filter the list of files according to the access restriction criterion.
  • the present disclosure also relates to a computer program for file access restriction comprising computer program code which, when executed, causes a system comprising a file storage device and a client device communicatively connected to each other to transmit access restriction information from the client device to the file storage device via respective communication interfaces.
  • the access restriction information comprises information identifying at least one file and/or folder to be access restricted when an access restriction criterion is met.
  • the computer program is further arranged to, when executed, cause the system to receive, at the file storage device, the access restriction information.
  • the computer program is further arranged to, when executed, cause the system to configure the storage device to restrict access to the identified at least one file and/or folder when the access restriction criterion is met.
  • the computer program is yet further arranged to, when executed, cause the system to detect when the access restriction criterion is met.
  • Figure 2 illustrates different embodiments of a system implementing the disclosed method of fig. 1.
  • the illustrated embodiments present a scenario wherein a user restricts access to selected files and/or folders to a geographical region, and wherein the selected files and/or folders are hidden if the file storage device on which the restricted files are stored is outside of the region.
  • the term "hide” and variations thereof is intended throughout to mean “making something invisible”. When a file is hidden and a list of contents of a directory does not list the hidden file. Similarly for folders or other data structures.
  • the system comprises a file storage device 220 and a client device 210.
  • the client device 210 is illustrated as a wireless device, such as a smartphone having a user interface 212, processing circuitry 240a, optionally comprising a processor 250a and a memory 260a for storing a computer program, and a communication interface 230a for transmitting and receiving information wirelessly.
  • processing circuitry 240a optionally comprising a processor 250a and a memory 260a for storing a computer program
  • a communication interface 230a for transmitting and receiving information wirelessly.
  • the communication interface 230a is arranged to communicate using the Bluetooth wireless technology standard.
  • the user interface 212 typically comprises a touch screen arranged to receive user input via physical interaction with the touch screen.
  • the communication interface may further be arranged to receive biometric data input, e.g. by reading a fingerprint or via a camera.
  • the client device may further comprise sensors arranged to register movement of the client device, sound, vibration, light, temperature or humidity.
  • a computer program also known as an application or app
  • the computer program causes the client device to establish a connection between the client device 210 and the file storage device 220 via the respective communication interfaces 230a, 230b.
  • the user selects, by providing input to the computer program via the user interface 212, at least one file and/or folder which should be access restricted.
  • the user further selects a region where the at least one file and/or folder should be visible.
  • the criterion for access restriction is already arranged in the file storage device, e.g. the file storage device may comprise a data base having stored a criterion for access restriction, such as a region, thereon.
  • the file storage device may be arranged to store user defined criteria for access restriction, which may be reused by the user at later times.
  • the region may be selected by providing geographical coordinate data defining the region to the computer program via the user interface 212.
  • the computer program may be arranged to provide an interface or representation, e.g. in the form of a map, which may be used by the user when defining the region.
  • the information regarding which files and folders are to be access restricted, as well as the choice of region is transmitted to the file storage device.
  • the information may be transmitted as separated messages, e.g. a first message concerning the choice of the at least one file and/or folder and a second message concerning the choice of region, or all information in a single message.
  • the information relating to the choice of the at least one file and/or folder and the choice of region to which access is to be restricted enables the method for access restriction to be carried out.
  • the file storage device 220 comprises control circuitry 240b, e.g. a microcontroller unit, MCU, comprising a central processing unit, CPU, 250b and a memory 260b for storing a computer program executable by the CPU 250b.
  • the file storage device further com prises a data storage 290 arranged to store files and folders thereon.
  • the data storage 290 comprises storage hardware.
  • the file storage device 220 further comprises a database 280.
  • the database 280 is arranged to store information identifying which files and/or folders on the data storage are to be hidden if not within a certain region or regions, and in which region or regions the respective files and/or folders are to be available.
  • the set of regions comprises an original region in addition to the selected regions where the at least file and/or folder is to be visible.
  • the original region thereby provides a safety aspect to ensure that a user can always move the original region in case the selected regions are unavailable, either physically and/or by fault or corruption of the definition of the selection regions.
  • the at least one file and/or folder will, in this example, be visible at two positions, within the original region and within the selected region.
  • the control circuitry 240b is arranged to retrieve information for determining a current location of the file storage device 220. If the file storage device 220 comprises a position sensor 270b arranged to obtain information for determining a current location of the file storage device, e.g. via coordinate data comprising global navigation satellite system, GNSS, coordinate data, the file storage device obtains the information for determining a current location from the position sensor 270b of the file storage device 220.
  • the file storage device may obtain the information for determining a current location via the client device currently connected to the file storage device. If the connection between the client device and the file storage device is performed via Bluetooth, the location of the client device may be taken as the location of the file storage device, with the effective range of the Bluetooth connection being used as a measure of position uncertainty.
  • the client device 220 comprises a position sensor 270a and is arranged to transfer information relating to the position of the client device 220 to the file storage device 220. In other words, if the file storage device can obtain the location of the file storage device from a position sensor 270b arranged at the file storage device, then use that information, otherwise try to obtain the location via information from the client device connected to the file storage device.
  • the file storage device is preferably arranged to hide the at least one file and/or folder. If the location of the file storage device can be determined, use it to filter the list of files according to the information stored in the database 280.
  • Figure 3 illustrates a file storage device 10 for file access restriction.
  • the file storage device 10 comprises a communication interface 12 arranged to transmit and receive information.
  • the file storage device further comprises a data storage 14 arranged to store data arranged in the form of files and/or folders.
  • the file storage device is arranged to store access restriction information comprising information identifying at least one file and/or folder stored on the data storage to be access restricted if an access restriction criterion is met.
  • the file storage device is also arranged restrict access to the identified at least one file and/or folder if the access restriction criterion is met.
  • the file storage device is further arranged to detect when the access restriction criterion is met.
  • the file storage device may comprise a dedicated detection element 16 arranged to detect when the access restriction criterion is met, e.g. a position sensor 20 arranged to determine a location of the file storage device and a suitable combination of hardware and software for evaluating the current location with respect to an access restriction criterion comprising the file storage device being outside a respective region associated with the identified at least one file and/or folder.
  • the file storage device may be arranged to receive the information necessary to detect when the access restriction criterion is met via the communication interface, e.g. as location data transmitted from an adjacent client device.
  • Figure 4 illustrates a method for file access restriction configuration and monitoring performed in a file storage device comprising a communication interface arranged to transmit and receive information and having at least one file and/or folder stored thereon.
  • the information may be transmitted and received via cable and/or wirelessly.
  • the method comprises receiving S1000, via the communication interface, access restriction information comprising information identifying at least one file and/or folder stored on the file storage device to be access restricted when an access restriction criterion is met.
  • the method further comprises configuring S2000 the file storage device to restrict access to the identified at least one file and/or folder when the access restriction criterion is met based on the received access restriction information.
  • the method yet further comprises detecting S3000 when the access restriction criterion is met.
  • the present disclosure also relates to a computer program for file access restriction configuration and monitoring comprising computer program code which, when executed on a file storage device comprising a communication interface arranged to transmit and receive information and having at least one file and/or folder stored thereon, causes the file storage device to receive, via the communication interface, access restriction information comprising information identifying at least one file and/or folder stored on the file storage device to be access restricted when an access restriction criterion is met.
  • the computer program is also arranged to, when executed on the file storage device, cause the file storage device to configure the file storage device to restrict access to the identified at least one file and/or folder if the access restriction criterion is met.
  • the computer program is also arranged to, when executed on the file storage device, cause the file storage device to detect when the access restriction criterion is met.
  • Figure 5 illustrates a client device 100 for file access restriction selection.
  • the client device comprises a communication interface 12 arranged to transmit and receive information.
  • the client device 100 is arranged to select an access restriction criterion and transmit access restriction information to a file storage device via the communication interface.
  • the access restriction information comprises information identifying at least one file and/or folder stored on the file storage device to be access restricted when the access restriction criterion is met.
  • Figure 6 illustrates a method, performed in a client device comprising a communication interface arranged to transmit and receive information, for file access restriction selection.
  • the method comprises selecting SlOO an access restriction criterion.
  • the method further comprises transmitting S200 access restriction information to a file storage device via the communication interface, the access restriction information comprising information identifying at least one file and/or folder stored on the file storage device to be access restricted when the access restriction criterion is met.
  • the present disclosure also relates to a computer program for file access restriction selection comprising computer program code which, when executed on a client device comprising a communication interface arranged to transmit and receive information, causes the client device to select an access restriction criterion.
  • the computer program is further arranged to, when executed on the client device, causes the client device to transmit access restriction information to a file storage device via the communication interface.
  • the access restriction information comprises information identifying at least one file and/or folder stored on the file storage device to be access restricted when the access restriction criterion is met.
  • the present disclosure further relates to a method for storage of data at a file storage device.
  • Figure 7 illustrates the method for storage of data at a file storage device.
  • the method may comprise a step of creating and formatting a partition on a data storage for storage of an encrypted file thereon.
  • the method comprises obtaining S990 an encrypted file to be stored on the file storage device using a public key.
  • the public key is selected from a set of public keys, e.g. a set of public keys available on a client device communicatively connected to the file storage device.
  • the encrypted file may be obtained by encrypting an unencrypted file at the file storage device.
  • the encrypted file may also be obtained by encrypting the file at a client device and transfer the encrypted file from the client device to the file storage device.
  • the name of the file and the content of the file are both encrypted.
  • the public key is a key from an asymmetric key pair.
  • the asymmetric key pair comprises the public key and a private key.
  • the asymmetric encryption enables keeping the private key at a secure location, thereby ensuring that no one, not even the user during the storage of the file, can access the contents of the file.
  • the private key can be used to decrypt all the files, e.g. to a connected client device.
  • the encryption can be done on the client device instead of encrypting each file on the file storage device.
  • Asymmetric encryption may be a very time consuming process and may take quite some time on an embedded device.
  • the method further comprises storing S992 the public key on the file storage device.
  • the public key only needs to be stored once, e.g. during creation of a partition for data storage or via user input, and may then be reused automatically, thereby eliminating the need to transmit the public key to the file storage device every time a file is to be stored on the file storage device. If encryption of the file is performed at the client device, the public key is transferred to the client device before encryption of the file.
  • the method also comprises storing S994 the encrypted file on the file storage device.
  • the user starts storing data into the location on the file storage device suitable for storing the data, e.g. said partition on the data storage. If the data is produced inside the client device, such as with a build-in camera, the data is never even written to a local folder on the file storage device, but only written to the dedicated partition on the data storage in the file storage device. Thus, contrary to solutions such as digital rights management, DRM, the claimed invention does not store the private key on the storage device.
  • the claimed invention specifically forbids decryption of the data on the storage device; instead, the only time the data can be read is when the private key is provided locally. After decryption is done, the private key is preferably destroyed.
  • the present disclosure also relates to a computer program for secure storage of data at a file storage device comprising computer program code which, when executed in a system comprising a file storage device and a client device, causes the file storage device and/or a client device in communication with the file storage device to obtain an encrypted file to be stored on the file storage device using a public key.
  • the public key is a key from an asymmetric key pair.
  • the asymmetric key pair comprises the public key and a private key.
  • the computer program is further arranged to, when executed in the system, cause the system to store the public key on the file storage device.
  • the computer program is arranged to cause the system to store the public key only upon request, thereby enabling a stored public key to be reused.
  • the request may comprise subscription updates.
  • the computer program is further arranged to, when executed in the system, cause the system to store the encrypted file on the file storage device.
  • Figure 8 illustrates different embodiments of a system implementing the disclosed method of figure 7.
  • the illustrated embodiments present a scenario wherein a user stores data on an area restricted to be unreadable at the time of storing the data and wherein the process of storing the data is performed in a secure manner.
  • the system comprises a file storage device 820 and a client device 810.
  • the client device 810 is illustrated as a wireless device, such as a smartphone having a user interface 812, processing circuitry 840a, the processing circuitry 840a optionally comprising a processor 850a and a memory 860a for storing a computer program, and a communication interface 830a for transmitting and receiving information wirelessly.
  • the communication interface 830a is arranged to communicate using the Bluetooth wireless technology standard.
  • the user interface 812 typically comprises a touch screen arranged to receive user input via physical interaction with the touch screen.
  • a user connects the client device 810 to the file storage device 820 via respective communication interfaces 830a, 830b. The user then selects, by providing input via the user interface 812 to a computer program executed on the client device 810, data which the user wants to store securely on the at the file storage device 820. The user may also select a public key to use for the encryption of the data.
  • the public key is already stored at the file storage device, e.g. in a data base.
  • the public key may thus be stored on the file storage device only once and then be used automatically whenever it is needed. The public key therefore only need to be stored when it is being stored for the first time or updated.
  • the public key is part of an asymmetric key pair comprising a private key and said public key.
  • the idea is to have the private key stored safely at a location other than where the encryption of the data by the public key takes place. Maximum security of the data is thereby enabled; the file storage device provides a write-only functionality in the sense that the stored data is not readable from the file storage device, but it is possible to write to the file storage device.
  • the stored data can however be read by using the private key.
  • anyone wishing to be able to read the data must go to the location where the private key is stored and obtain the private key in order to access the data.
  • the file storage device 820 comprises a data storage for storing data.
  • a partition 894 for storage of encrypted data is created and formatted.
  • the public key may be stored at the file storage device during this process. After this, when data is sent from the client device which is destined for the partition 894, both the resulting file name and the file content is encrypted using the public key. In other words, an encrypted file is obtained.
  • the encryption is preferably performed by an encryption engine, which may be implemented in the form of dedicated software, hardware or any combination thereof.
  • the file storage device comprises an encryption engine 882b arranged to encrypt data using the public key.
  • the client device comprises an encryption engine 882a arranged to encrypt data using the public key. Since the public key is needed by the encryption engine 882a, 882b that is used to perform the encryption of the data, the encryption engine must have access to the public key. Thus, a step of obtaining the public key may need to be taken if the public key is not already available, as mentioned above in relation to storing the public key during creation of the partition on which the data is to be stored. For instance, the client device may have stored the public key and transfers the public key to the file storage device for encryption at the encryption engine 882b at the file storage device, or vice versa.
  • the encrypted file will originate from a device external to the file storage device, e.g. from the client device. If the data is produced at the client device, such as with a built-in camera, the data is never stored at a local storage at the client device, but only stored at the partition 894 on the file storage device 820.
  • files are arranged to be stored sequentially on the partition.
  • the file storage device is arranged to store a pointer arranged to point to where the next available space begins on the partition.
  • the pointer is arranged to indicate where the next encrypted file will begin to be stored. The pointer is then updated after each file is stored.
  • Figure 9 illustrates a file storage device 920 for secure storage of data.
  • the file storage device 920 comprises a communication interface 930 arranged to transmit and receive information.
  • the file storage device further comprises a data storage 990 arranged to store an encrypted file.
  • the file storage device is arranged to obtain the encrypted file to be stored on the file storage device using a public key.
  • the public key is a key from an asymmetric key pair.
  • the asymmetric key pair comprises the public key and a private key.
  • the file storage device is further arranged to store the public key on the file storage device.
  • Figure 10 illustrates a method, performed in a storage device, for secure storage of data at a file storage device.
  • the method comprises receiving S1010 an encrypted file to be stored on the file storage device using a public key.
  • the public key is a key from an asymmetric key pair.
  • the asymmetric key pair comprises the public key and a private key.
  • the method further comprises storing S1020 the public key on the file storage device.
  • storing S1020 the public key on the file storage device is only performed of the public key is not already stored on the file storage device or if the public key needs to be updated. Public keys already stored on the file storage device can thereby be reused until they need to be updated.
  • the method yet further storing S1030 the encrypted file on the file storage device.
  • the present disclosure also relates to a computer program for secure storage of data at a file storage device comprising computer program code which, when executed in a file storage device, causes the file storage device to receive an encrypted file to be stored on the file storage device using a public key.
  • the public key is a key from an asymmetric key pair.
  • the asymmetric key pair comprises the public key and a private key.
  • the computer program is further arranged to, when executed in the file storage device, cause the file storage device to store the public key on the file storage device.
  • the computer program is further arranged to only store the public key on the file storage device if the public key is not already stored on the file storage device or if the public key needs to be updated. Public keys already stored on the file storage device can thereby be reused until they need to be updated.
  • the computer program is further arranged to, when executed in the file storage device, cause the file storage device to store the encrypted file on the file storage device.
  • Figure 11 illustrates a client device 1110 for secure storage of data at a file storage device.
  • the client device comprises a communication interface 1130 arranged to transmit and receive information.
  • the client device is arranged to transmit data to the file storage device for secure storage of data.
  • the data is arranged to enable the file storage device to obtain an encrypted file to be stored on the file storage device using a public key.
  • the public key is a key from an asymmetric key pair.
  • the asymmetric key pair comprises the public key and a private key.
  • the client device is may further be arranged to transmit the public key to the file storage device.
  • Figure 12 illustrates a method, performed at a client device, for secure storage of data at a file storage device.
  • the method comprises transmitting S1210 data to the file storage device for secure storage of data.
  • the data is arranged to enable the file storage device to obtain an encrypted file to be stored on the file storage device using a public key.
  • the public key is a key from an asymmetric key pair.
  • the asymmetric key pair comprises the public key and a private key.
  • the method may further comprise transmitting S1220 the public key to the file storage device.
  • the present disclosure also relates to a computer program for secure storage of data at a file storage device comprising computer program code which, when executed at a client device, causes the client device to transmit data to the file storage device for secure storage of data.
  • the data is arranged to enable the file storage device to obtain an encrypted file to be stored on the file storage device using a public key.
  • the public key is a key from an asymmetric key pair.
  • the asymmetric key pair comprises the public key and a private key.
  • the computer program may further be arranged to, when executed at the client device, cause the client device to transmit the public key to the file storage device.
  • the present disclosure also relates to a method for secure offline data transport, as illustrated in figure 13.
  • the method comprises selecting S200 a set of data storage devices comprising at least a main data storage device and one or more supplementary data storage devices.
  • the main data storage device preferably comprises at least a communication interface arranged to transmit and receive information and a data storage.
  • the main data storage device is preferably a file storage device as described above and below.
  • the selection may then be performed via a client device communicatively connected to the main data storage device, wherein the client device is arranged to perform the selection and transmit information relating to the selection to the main data storage device.
  • the method further comprises splitting up S210 at least one file into a plurality of data segments.
  • the splitting up S10 of the at least one file is preferably performed offline.
  • the method also comprises storing S205 the at least one file on the main data storage device before splitting up S210 the at least one file into a plurality of data segments.
  • the plurality of data segments are configured to enable reconstructing all data of the at least one file from a subset of data segments of the plurality of data segments. Redundancy is thereby introduced.
  • the transported data can thereby be recreated at the step of merging 260 even if not every single data segment arrivev
  • the method also comprises encrypting S220 the at least one file based on a key or password.
  • the user enters the key or password to be used for the data into the client device, which then initiates the encryption process. If a key is used, the key must have been previously generated and stored on the client device.
  • the encryption S220 of the at least one file is performed before it is split up S210. This may make it more difficult to decrypt the data segments depending on the encryption method and/or the password or key used for encryption.
  • the method additionally comprises distributing S230 copies of the plurality of data segments over the selected data storage devices.
  • a notification may be sent to the selected data storage devices that no more chunks will be sent.
  • the method further comprises erasing securely S240 the at least one file and/or the plurality of data segments from the main data storage device.
  • the step of erasing securely comprises overwriting the data to be erased, e.g. with random data. This makes sure that the file cannot be recovered in its original unencrypted form.
  • the method further comprises transporting S242 the selected data storage devices comprising the plurality of received data segments from a first location to a second location.
  • transporting S242 the selected data storage devices comprises at least two storage devices being transported along different routes and/or being transported with different temporal distributions.
  • the method yet further comprises receiving S250 the plurality of data segments at the main data storage device.
  • the method also comprises merging S260, at the main data storage device, the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate.
  • the merging S260 is preferably performed offline.
  • the method additionally comprises decrypting S270, at the main data storage device, the at least one file from which the plurality of decrypted data segments originate based on the key or password.
  • the password or key used to decrypt is provided via a client device communicatively connected to the main data storage device.
  • the data segments are read from the data storage devices one by one, sent to the main data storage device for decryption, e.g. via an encryption engine arranged to perform the decryption, and then the original file is written back to the main data storage device.
  • the process is reversed, i.e. the data segments are merged into an encrypted version of the original file, followed by decryption of the encrypted version of the original file.
  • the present disclosure also relates to a computer program for secure offline data transport comprising computer program code which, when executed in a system comprising a main data storage and at least one supplementary storage device, causes the main data storage device to select a set of data storage devices comprising at least a main data storage device and one or more supplementary data storage devices.
  • the computer program is further arranged to cause the main data storage device to split up at least one file into a plurality of data segments.
  • the computer program is yet further arranged to cause the main data storage device to encrypt the at least one file based on a key or password.
  • the computer program is also arranged to cause the main storage device to distribute copies of the plurality of data segments over the selected data storage devices.
  • the computer program is additionally arranged to cause the main data storage device to receive the plurality of data segments at the main data storage device.
  • the computer program is further arranged to cause the system to merge, at the main data storage device, the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate.
  • the computer program is yet further arranged to cause the system to decrypt, at the main data storage device, the at least one file from which the plurality of decrypted data segments originate based on the key or password.
  • Figure 14 illustrates different embodiments of a system implementing the disclosed method of figure 13.
  • the illustrated embodiments present a scenario wherein a user stores data on an area restricted to be inaccessible at the time of storing the data and wherein the process of storing the data is performed in a secure manner.
  • the system comprises a file storage device 1420 and a client device 1410.
  • the client device 1410 is illustrated as a wireless device, such as a smartphone having a user interface 1412, processing circuitry 1440a, the processing circuitry 1440a optionally comprising a processor 1450a and a memory 1460a for storing a computer program, and a communication interface 1430a for transmitting and receiving information wirelessly.
  • the communication interface 1430a is arranged to communicate using the Bluetooth wireless technology standard.
  • the user interface 1412 typically comprises a touch screen arranged to receive user input via physical interaction with the touch screen.
  • a user connects the client device 1410 to the file storage device 1420 via respective communication interfaces 1430a, 1430b.
  • the file storage device 1420 comprises a data storage 1490b.
  • the user selects, by providing input via the user interface 1412 to a computer program executed on the client device 1410, at least one file and/or folder stored on the data storage 1490b that should be split up.
  • the user further enters, via the user interface 1412, a password or key to be used for encryption of the chosen at least one file and/or folder. If a key is used, the key must have been previously generated.
  • a set of storage devices 1410c, 1410d, 1410e is connected to the file storage device 1420.
  • the user also selects a set of data storage devices from the available storage devices 1410, 1420, 1410c, 1410d, 1410e comprising at least a main data storage device, here represented by the file storage device 1420, and one or more supplementary data storage devices 1410, 1410c, 1410d, 1410e.
  • the selected set of data storage devices is to be used for carrying pieces of the chosen at least one file and/or folder.
  • the storage devices over which to split up the at least one file and/or folder could comprise any two or more of the available storage devices.
  • the three data storage devices 1410c, 1410d, 1410e and the file storage device 1420 will be used to illustrate the chosen set of data storage devices, with the file storage device 1420 corresponding to the main data storage device.
  • the file storage device 1420 further comprises an encryption engine 1482 arranged to encrypt and decrypt the selected at least one file and/or folder using the password or key.
  • the at least one file and/or folder is read by processing circuitry 1440b of the file storage device, and subsequently encrypted by the encryption engine 1482.
  • the encrypted at least one file and/or folder is split in small chunks.
  • the first chunk is sent to a first data storage device 1410c of the three data storage devices 1410c, 1410d, 1410e.
  • the second encrypted chunk is sent to a second data storage device of the three data storage devices 1410c, 1410d, 1410e and so on until there are no more data storage devices in the list.
  • the chunk after this will then be sent to the first data storage device again.
  • the main data storage device i.e. the file storage device 1420, could also hold one or more of the encrypted chunks, but in this example only the three data storage devices 1410c, 1410d, 1410e will serve this function.
  • the at least one file and/or folder When the at least one file and/or folder is completely read, encrypted, split up and sent to the supplementary data storage devices, a notification is sent to the supplementary data storage devices that no more chunks will be sent.
  • the encrypted chunks of the at least one file and/or folder have been distributed over the three supplementary data storage devices 1410c, 1410d, 1410e, the original data of the at least one file and/or folder is securely removed from the file storage device 1420, e.g. it is overwritten by random data.
  • the file storage device 1420, the client device 1410 and the three supplementary data storage devices 1410c, 1410d, 1410e are transported to a target location different from the current location, preferably using different routes and/or means and/or with different temporal distributions.
  • the client device 1410 provides the password/key to the file storage device 1420, then the chunks are read from the three supplementary data storage devices one by one, sent to the encryption engine 1482 for decryption and then the original file is written back to the file storage device.
  • the client device 1410 providing the password/key for decryption and the file storage device 1420 at which the encrypted chunks were collected and restored were the same, but it is possible that the password/key could be provided by another device and/or that the at least one file and/or folder is decrypted at a different file storage device than that from which the at least one file and/or folder originated.
  • Figure 15 illustrates a file storage device 1520 for secure offline data transport.
  • the file storage device comprises a communication interface 1530 arranged to transmit and receive information.
  • the file storage device further comprises a data storage 1590 arranged to store an encrypted file.
  • the file storage device is arranged to receive a selection of a set of data storage devices comprising one or more supplementary data storage devices.
  • the file storage device is further arranged to split up at least one file into a plurality of data segments.
  • the file storage device is yet further arranged to encrypt the at least one file based on a key or password.
  • the file storage device is also arranged to distribute copies of the plurality of data segments over the selected data storage devices.
  • the file storage device is additionally arranged to receive the plurality of data segments from the one or more supplementary data storage devices.
  • the file storage device is further arranged to merge the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate.
  • the file storage device is yet further arranged to decrypt the at least one file from which the plurality of decrypted data segments originate based on the key or password.
  • Figure 16 illustrates a method for secure offline data transport.
  • the method is performed at a file storage device.
  • the method comprises receiving S1610 a selection of a set of data storage devices comprising one or more supplementary data storage devices.
  • the method further comprises splitting up S1620 at least one file into a plurality of data segments.
  • the method yet further comprises encrypting S1630 the at least one file based on a key or password.
  • the method also comprises distributing S1640 copies of the plurality of data segments over the selected data storage devices.
  • the method additionally comprises receiving S1650 the plurality of data segments from the one or more supplementary data storage devices.
  • the method further comprises merging S1660 the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate.
  • the method yet further comprises decrypting S1670 the at least one file from which the plurality of decrypted data segments originate based on the key or password.
  • the present disclosure also relates to a computer program for secure offline data transport comprising computer program code which, when executed at a file storage device, causes the file storage device to receive a selection of a set of data storage devices comprising one or more supplementary data storage devices.
  • the computer program is further arranged to cause the file storage device to split up at least one file into a plurality of data segments.
  • the computer program is yet further arranged to cause the file storage device to encrypt the at least one file based on a key or password.
  • the computer program is arranged to cause the file storage device to encrypt the at least one file before splitting up the at least one file into the plurality of data segments.
  • the computer program is also arranged to cause the file storage device to distribute copies of the plurality of data segments over the selected data storage devices.
  • the computer program is additionally arranged to cause the file storage device to receive the plurality of data segments from the one or more supplementary data storage devices.
  • the computer program is further arranged to cause the file storage device to merge the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate.
  • the computer program is yet further arranged to cause the file storage device to decrypt the at least one file from which the plurality of decrypted data segments originate based on the key or password.
  • the present disclosure also relates to a client device for secure offline data transport.
  • the client device comprises a communication interface arranged to transmit and receive information.
  • the client device is further arranged to transmit a selection of a set of data storage devices comprising one or more supplementary data storage devices.
  • the present disclosure also relates to a method for secure offline data transport.
  • the method is performed in a client device comprising a communication interface arranged to transmit and receive information.
  • the method comprises transmitting a selection of a set of data storage devices comprising one or more supplementary data storage devices.
  • the present disclosure also relates to a computer program comprising computer program code which, when executed at a client device, causes the client device to transmit a selection of a set of data storage devices comprising one or more supplementary data storage devices.

Abstract

The present invention relates to methods, systems, devices and computer programs for secure data storage for mobile devices. The disclosure proposes a method for secure offline data transport. The method comprises selecting (S200) a set of data storage devices comprising at least a main data storage device and one or more supplementary data storage devices, and splitting up (S210) at least one file into a plurality of data segments. The method further comprises encrypting (S220) the at least one file based on a key or password, and distributing (S230) copies of the plurality of data segments over the selected data storage devices. The method also comprises receiving (S250) the plurality of data segments at the main data storage device, merging (S260), at the main data storage device, the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate, and decrypting (S270), at the main data storage device, the at least one file from which the plurality of decrypted data segments originate based onthe key or password.

Description

Secure data transfer and storage
TECHNICAL FIELD
The present disclosure relates to secure data transfer and storage. In particular, the present disclosure relates to methods, devices and computer programs for secure transfer and storage of data on a file storage device.
BACKGROUND
The public cloud provides connected users with the convenience of access to their online files. There are however major security issues associated with working via the cloud at present. Data travelling over the internet, between the current network used by a user and a service accessed in the cloud, exposes the user to potential data transfer security issues. Further security issues arise when interacting with the cloud service; the software interface used to access the cloud service is a potential source for security issues. Protection from unwanted access when the data is stored in the cloud is a further issue. There is thus a need in the art for solutions which address the security issues of the cloud, but maintains the associated benefits.
SUMMARY
The present disclosure provides an alternative solution to using the cloud, which provides secure transfer and storage of data and maintains many of the benefits associated with the cloud. Local storage works securely offline, but it lacks the accessibility and smartness of the cloud. The present disclosure proposes a solution based on transferring data between a client device and a file storage device, and storing it on the file storage device, wherein the methods of data transfer and storage are particularly arranged to provide secure data transfer and storage. The client device and the files storage device may each be arranged to communicate via cable and/or wirelessly. The result is similar to a secure private cloud that can be accessed offline, which is particularly advantageous if the file storage device is portable, i.e. a mobile file storage device, as described further below.
In particular, the present disclosure relates to a method for file access restriction. The method comprises transmitting access restriction information from a client device to a file storage device via respective communication interfaces. The access restriction information comprises information identifying at least one file and/or folder to be access restricted when an access restriction criterion is met. The method further comprises receiving, at the file storage device, the access restriction information. The method also comprises configuring the storage device to restrict access to the identified at least one file and/or folder when the access restriction criterion is met. The method yet further comprises detecting when the access restriction criterion is met. The disclosed method thereby enables defining both the conditions under which data is access restricted and the nature of the access restriction. This provides increased flexibility with respect to the prior art in tailoring the availability of stored data. In particular, the disclosed method enables the at least one file and/or folder to be hidden when the file storage device is outside a predetermined region. By hiding the at least one file and/or folder outside the predetermined region, the likelihood that a potential intruder will get access to protected data is significantly reduced.
The term "hide" and variations thereof is intended throughout to mean "making something invisible". When a file is hidden and a list of contents of a directory does not list the hidden file. Similarly for folders or other data structures. The claimed solution does not require sending keys. Sending keys over the internet is considered bad practice since the keys are sent through a hostile environment. The claimed solution has a much more solid infrastructure. The present disclosure also relates to a method for storage of data at a file storage device. The method comprises obtaining an encrypted file to be stored on the file storage device using a public key. The public key is a key from an asymmetric key pair. The asymmetric key pair comprises the public key and a private key. The method further comprises storing the public key on the file storage device. In some preferred examples, the public key is stored only once, e.g. at a data base at the file storage device. In some examples, the public key is stored on the file storage device during generation of a partition at a data storage of the file storage device. The claimed solution does not require sending keys. Sending keys over the internet is usually considered bad practice since the keys are sent through a hostile environment. The claimed solution has a much more solid infrastructure.
The method yet further comprises storing the encrypted file on the file storage device. The disclosed method thereby enables limiting access to the stored data to a secure location where the private key is available. During the process of obtaining and storing the data neither the user nor third parties will be able to read the encrypted data, since the private key is not available during the process. Maximum security of the data is thereby enabled; the file storage device provides a write-only functionality in the sense that the stored data is not readable from the file storage device, but it is possible to write to the file storage device. The stored data can however be read by using the private key. Anyone wishing to be able to read the data must go to the location where the private key is stored and obtain the private key in order to access the data.
The present disclosure further relates to a method for secure offline data transport. The method comprises selecting a set of data storage devices comprising at least a main data storage device and one or more supplementary data storage devices. The method further comprises splitting up at least one file into a plurality of data segments. The method also comprises encrypting the at least one file based on a key or password. In some examples, the at least one file is encrypted before it is split up. Encrypting the file before splitting it up may make it more difficult for a third party to get unauthorized access by trying to decrypt the segments. In some other examples, the at least one file is split up before being encrypted, i.e. the segments of the file from being split up are encrypted.
The claimed solution does not require sending keys. Sending keys over the internet is usually considered bad practice since the keys are sent through a hostile environment. The claimed solution has a much more solid infrastructure.
The method additionally comprises distributing copies of the plurality of data segments over the selected data storage devices. The method yet further comprises receiving the plurality of data segments at the main data storage device. The method also comprises merging, at the main data storage device, the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate. The method further comprises decrypting, at the main data storage device, the at least one file from which the plurality of decrypted data segments originate based on the key or password. The disclosed method thereby enables encrypting and splitting up the data into several data segments at an original location and performing the reverse at a target location, while the transport from the original location to the target location may take different routes and by different means. This prevents the original data from being intercepted; only fragments can be intercepted. Furthermore, by splitting up the data it is possible to further increase the complexity for a third party to decrypt the data.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 illustrates a method for file access restriction;
Figure 2 illustrates different embodiments of a method for file access restriction;
Figure 3 illustrates a file storage device for file access restriction;
Figure 4 illustrates a method for file access restriction selection;
Figure 5 illustrates a client device for file access restriction selection;
Figure 6 illustrates a method for file access restriction selection;
Figure 7 illustrates a method for storage of data at a file storage device;
Figure 8 illustrates different embodiments of a method for storage of data at a file storage device;
Figure 9 illustrates a file storage device for secure storage of data;
Figure 10 illustrates a method for storage of data;
Figure 11 illustrates a client device for secure storage of data;
Figure 12 illustrates a method for storage of data;
Figure 13 illustrates a method for secure offline data transport;
Figure 14 illustrates different embodiments of a method for secure offline data transport; Figure 15 illustrates a file storage device for secure offline data transport; and
Figure 16 illustrates a method for secure offline data transport.
DETAILED DESCRIPTION
Figure 1 illustrates a method for file access restriction. The method comprises transmitting S10 access restriction information from a client device to a file storage device via respective communication interfaces. The communication may be performed via cable and/or wirelessly. The method may comprise a step of establishing a connection between the client device and the file storage device. The access restriction information comprises information identifying at least one file and/or folder to be access restricted when an access restriction criterion is met. According to some aspects, the method comprises selecting, via the client device, the at least one file and/or folder to be access restricted and/or the access restriction criterion. According to some preferred aspects, access being access restricted comprises being hidden. In other words, when a user examines the file storage device in order to find out information about the data stored thereon, the file storage device is arranged to conceal the presence of the identified at least one file and/or folder. The access restriction criterion may be based on a combination of geographic data, biometric data and physical sensor data obtained by either the client device or the file storage device. The client device may comprise a camera and/or a fingerprint sensor, which enables face recognition and/or fingerprint data to be used as biometric data. Similarly, a sound sensor may be used to enable voice recognition. According to some aspects, the client device and/or the file storage device comprise movement sensors, e.g. accelerometers and/or gyroscopes, which enable registering linear movements as well as rotations, i.e. yaw, roll and pitch, of the device in which the movement sensors are arranged. The movement sensors enable registering unique movement patterns. Besides movement, other physical sensor data may comprise temperature and/or lighting conditions. Yet other physical sensor data may comprise pressure, vibrations and/or humidity. An access restriction criterion based on geographic data may comprise one or more geographical regions in which the file storage device must be located for access to the at least one file and/or folder.
The method further comprises receiving S30, at the file storage device, the access restriction information. The method also comprises configuring S50 the storage device to restrict access to the identified at least one file and/or folder when the access restriction criterion is met. According to some preferred aspects, the access restriction criterion comprises the file storage device being outside a respective region associated with the identified at least one file and/or folder. In other words, the at least one file and/or folder is only available, e.g. visible, if the file storage device is inside said respective region.
According to some further aspects, each respective region is defined by geographical coordinate data. The coordinate data may comprise global navigation satellite system, GNSS, coordinate data. Examples of GNSS include NAVSTAR global positioning system, GPS, typically just called GPS, the Russian system GLONASS and the European system Galileo. The region(s) defining the access restriction criterion may be selected via the client device. For instance, the client device may be arranged to provide the user with a visible map on which to define one or more regions per file and/or folder in which the file storage device has to be for the selected files and/or folders to be visible.
According to some aspects, the associated file(s) and/or folder(s) will be visible at two positions; both at the current position and the position selected on the map. When the user leaves the position where the visible area was set, the associated file(s) and/or folder(s) will become invisible and impossible to access until the user goes back to the original position, or arrives at the selected area. According to some aspects, the method comprises storing the access restriction criterion and/or information identifying at least one file and/or folder to be access restricted on a database at the file storage device.
The method additionally comprises detecting S70 when the access restriction criterion is met. Sensor data may be compared to the access restriction criterion. For instance, in the case of hiding a file when the file storage device is outside a region, if an internal positioning sensor is present, the current position may be obtained from the internal positioning sensor. Instead, or in addition thereto, the file storage device may be arranged to ask the client device about the current position. In this case, the position may be read over a short range client interface, such as Bluetooth which has a range on the order of ten meters, so the position difference between the file storage device and the client device is small enough to be negligible for this function. If no position can be obtained, the client device is arranged not to provide access to any files/directories. If the current position can be determined, the determined position information may be used to filter the list of files according to the access restriction criterion.
The present disclosure also relates to a computer program for file access restriction comprising computer program code which, when executed, causes a system comprising a file storage device and a client device communicatively connected to each other to transmit access restriction information from the client device to the file storage device via respective communication interfaces. The access restriction information comprises information identifying at least one file and/or folder to be access restricted when an access restriction criterion is met. The computer program is further arranged to, when executed, cause the system to receive, at the file storage device, the access restriction information. The computer program is further arranged to, when executed, cause the system to configure the storage device to restrict access to the identified at least one file and/or folder when the access restriction criterion is met. The computer program is yet further arranged to, when executed, cause the system to detect when the access restriction criterion is met.
Figure 2 illustrates different embodiments of a system implementing the disclosed method of fig. 1. The illustrated embodiments present a scenario wherein a user restricts access to selected files and/or folders to a geographical region, and wherein the selected files and/or folders are hidden if the file storage device on which the restricted files are stored is outside of the region. The term "hide" and variations thereof is intended throughout to mean "making something invisible". When a file is hidden and a list of contents of a directory does not list the hidden file. Similarly for folders or other data structures. The system comprises a file storage device 220 and a client device 210. The client device 210 is illustrated as a wireless device, such as a smartphone having a user interface 212, processing circuitry 240a, optionally comprising a processor 250a and a memory 260a for storing a computer program, and a communication interface 230a for transmitting and receiving information wirelessly.
According to some aspects, the communication interface 230a is arranged to communicate using the Bluetooth wireless technology standard. The user interface 212 typically comprises a touch screen arranged to receive user input via physical interaction with the touch screen. The communication interface may further be arranged to receive biometric data input, e.g. by reading a fingerprint or via a camera.
The client device may further comprise sensors arranged to register movement of the client device, sound, vibration, light, temperature or humidity. Before initiating the method for file access restriction, the user starts a computer program, also known as an application or app, on the client device 210. The computer program causes the client device to establish a connection between the client device 210 and the file storage device 220 via the respective communication interfaces 230a, 230b. The user then selects, by providing input to the computer program via the user interface 212, at least one file and/or folder which should be access restricted. In some examples, the user further selects a region where the at least one file and/or folder should be visible. In some other examples, the criterion for access restriction is already arranged in the file storage device, e.g. the file storage device may comprise a data base having stored a criterion for access restriction, such as a region, thereon. The file storage device may be arranged to store user defined criteria for access restriction, which may be reused by the user at later times.
The region may be selected by providing geographical coordinate data defining the region to the computer program via the user interface 212. The computer program may be arranged to provide an interface or representation, e.g. in the form of a map, which may be used by the user when defining the region. The information regarding which files and folders are to be access restricted, as well as the choice of region is transmitted to the file storage device. The information may be transmitted as separated messages, e.g. a first message concerning the choice of the at least one file and/or folder and a second message concerning the choice of region, or all information in a single message. The information relating to the choice of the at least one file and/or folder and the choice of region to which access is to be restricted enables the method for access restriction to be carried out.
The file storage device 220 comprises control circuitry 240b, e.g. a microcontroller unit, MCU, comprising a central processing unit, CPU, 250b and a memory 260b for storing a computer program executable by the CPU 250b. The file storage device further com prises a data storage 290 arranged to store files and folders thereon. According to some aspects, the data storage 290 comprises storage hardware.
The file storage device 220 further comprises a database 280. The database 280 is arranged to store information identifying which files and/or folders on the data storage are to be hidden if not within a certain region or regions, and in which region or regions the respective files and/or folders are to be available. According to some aspects, the set of regions comprises an original region in addition to the selected regions where the at least file and/or folder is to be visible. The original region thereby provides a safety aspect to ensure that a user can always move the original region in case the selected regions are unavailable, either physically and/or by fault or corruption of the definition of the selection regions. In other words, the at least one file and/or folder will, in this example, be visible at two positions, within the original region and within the selected region.
When the user leaves the position where the current region where the definition of the region(s) where at least one file and/or folder is to be visible was set, the file become invisible and impossible to access until the user goes to the selected region or the original region. When the available files are listed by a user connected to the file storage device, the control circuitry 240b is arranged to retrieve information for determining a current location of the file storage device 220. If the file storage device 220 comprises a position sensor 270b arranged to obtain information for determining a current location of the file storage device, e.g. via coordinate data comprising global navigation satellite system, GNSS, coordinate data, the file storage device obtains the information for determining a current location from the position sensor 270b of the file storage device 220.
Alternatively, the file storage device may obtain the information for determining a current location via the client device currently connected to the file storage device. If the connection between the client device and the file storage device is performed via Bluetooth, the location of the client device may be taken as the location of the file storage device, with the effective range of the Bluetooth connection being used as a measure of position uncertainty. The client device 220 comprises a position sensor 270a and is arranged to transfer information relating to the position of the client device 220 to the file storage device 220. In other words, if the file storage device can obtain the location of the file storage device from a position sensor 270b arranged at the file storage device, then use that information, otherwise try to obtain the location via information from the client device connected to the file storage device. If the location of the file storage device cannot be determined, the file storage device is preferably arranged to hide the at least one file and/or folder. If the location of the file storage device can be determined, use it to filter the list of files according to the information stored in the database 280.
Figure 3 illustrates a file storage device 10 for file access restriction. The file storage device 10 comprises a communication interface 12 arranged to transmit and receive information. The file storage device further comprises a data storage 14 arranged to store data arranged in the form of files and/or folders. The file storage device is arranged to store access restriction information comprising information identifying at least one file and/or folder stored on the data storage to be access restricted if an access restriction criterion is met. The file storage device is also arranged restrict access to the identified at least one file and/or folder if the access restriction criterion is met. The file storage device is further arranged to detect when the access restriction criterion is met.
The file storage device may comprise a dedicated detection element 16 arranged to detect when the access restriction criterion is met, e.g. a position sensor 20 arranged to determine a location of the file storage device and a suitable combination of hardware and software for evaluating the current location with respect to an access restriction criterion comprising the file storage device being outside a respective region associated with the identified at least one file and/or folder. Alternatively, the file storage device may be arranged to receive the information necessary to detect when the access restriction criterion is met via the communication interface, e.g. as location data transmitted from an adjacent client device.
Figure 4 illustrates a method for file access restriction configuration and monitoring performed in a file storage device comprising a communication interface arranged to transmit and receive information and having at least one file and/or folder stored thereon. The information may be transmitted and received via cable and/or wirelessly. The method comprises receiving S1000, via the communication interface, access restriction information comprising information identifying at least one file and/or folder stored on the file storage device to be access restricted when an access restriction criterion is met. The method further comprises configuring S2000 the file storage device to restrict access to the identified at least one file and/or folder when the access restriction criterion is met based on the received access restriction information. The method yet further comprises detecting S3000 when the access restriction criterion is met.
The present disclosure also relates to a computer program for file access restriction configuration and monitoring comprising computer program code which, when executed on a file storage device comprising a communication interface arranged to transmit and receive information and having at least one file and/or folder stored thereon, causes the file storage device to receive, via the communication interface, access restriction information comprising information identifying at least one file and/or folder stored on the file storage device to be access restricted when an access restriction criterion is met. The computer program is also arranged to, when executed on the file storage device, cause the file storage device to configure the file storage device to restrict access to the identified at least one file and/or folder if the access restriction criterion is met. The computer program is also arranged to, when executed on the file storage device, cause the file storage device to detect when the access restriction criterion is met.
Figure 5 illustrates a client device 100 for file access restriction selection. The client device comprises a communication interface 12 arranged to transmit and receive information. The client device 100 is arranged to select an access restriction criterion and transmit access restriction information to a file storage device via the communication interface. The access restriction information comprises information identifying at least one file and/or folder stored on the file storage device to be access restricted when the access restriction criterion is met.
Figure 6 illustrates a method, performed in a client device comprising a communication interface arranged to transmit and receive information, for file access restriction selection. The method comprises selecting SlOO an access restriction criterion. The method further comprises transmitting S200 access restriction information to a file storage device via the communication interface, the access restriction information comprising information identifying at least one file and/or folder stored on the file storage device to be access restricted when the access restriction criterion is met.
The present disclosure also relates to a computer program for file access restriction selection comprising computer program code which, when executed on a client device comprising a communication interface arranged to transmit and receive information, causes the client device to select an access restriction criterion. The computer program is further arranged to, when executed on the client device, causes the client device to transmit access restriction information to a file storage device via the communication interface. The access restriction information comprises information identifying at least one file and/or folder stored on the file storage device to be access restricted when the access restriction criterion is met. The present disclosure further relates to a method for storage of data at a file storage device. Figure 7 illustrates the method for storage of data at a file storage device. The method may comprise a step of creating and formatting a partition on a data storage for storage of an encrypted file thereon. The method comprises obtaining S990 an encrypted file to be stored on the file storage device using a public key.
According to some aspects, the public key is selected from a set of public keys, e.g. a set of public keys available on a client device communicatively connected to the file storage device. The encrypted file may be obtained by encrypting an unencrypted file at the file storage device. The encrypted file may also be obtained by encrypting the file at a client device and transfer the encrypted file from the client device to the file storage device. According to some aspects, the name of the file and the content of the file are both encrypted.
The public key is a key from an asymmetric key pair. The asymmetric key pair comprises the public key and a private key. The asymmetric encryption enables keeping the private key at a secure location, thereby ensuring that no one, not even the user during the storage of the file, can access the contents of the file. When the file storage device is brought back to the secure location, the private key can be used to decrypt all the files, e.g. to a connected client device. For performance reasons, the encryption can be done on the client device instead of encrypting each file on the file storage device. Asymmetric encryption may be a very time consuming process and may take quite some time on an embedded device.
The method further comprises storing S992 the public key on the file storage device. According to some aspects, the public key only needs to be stored once, e.g. during creation of a partition for data storage or via user input, and may then be reused automatically, thereby eliminating the need to transmit the public key to the file storage device every time a file is to be stored on the file storage device. If encryption of the file is performed at the client device, the public key is transferred to the client device before encryption of the file.
The method also comprises storing S994 the encrypted file on the file storage device. The user starts storing data into the location on the file storage device suitable for storing the data, e.g. said partition on the data storage. If the data is produced inside the client device, such as with a build-in camera, the data is never even written to a local folder on the file storage device, but only written to the dedicated partition on the data storage in the file storage device. Thus, contrary to solutions such as digital rights management, DRM, the claimed invention does not store the private key on the storage device. The claimed invention specifically forbids decryption of the data on the storage device; instead, the only time the data can be read is when the private key is provided locally. After decryption is done, the private key is preferably destroyed.
The present disclosure also relates to a computer program for secure storage of data at a file storage device comprising computer program code which, when executed in a system comprising a file storage device and a client device, causes the file storage device and/or a client device in communication with the file storage device to obtain an encrypted file to be stored on the file storage device using a public key. The public key is a key from an asymmetric key pair. The asymmetric key pair comprises the public key and a private key. The computer program is further arranged to, when executed in the system, cause the system to store the public key on the file storage device. According to some aspects, the computer program is arranged to cause the system to store the public key only upon request, thereby enabling a stored public key to be reused. The request may comprise subscription updates. The computer program is further arranged to, when executed in the system, cause the system to store the encrypted file on the file storage device.
Figure 8 illustrates different embodiments of a system implementing the disclosed method of figure 7. The illustrated embodiments present a scenario wherein a user stores data on an area restricted to be unreadable at the time of storing the data and wherein the process of storing the data is performed in a secure manner. The system comprises a file storage device 820 and a client device 810. The client device 810 is illustrated as a wireless device, such as a smartphone having a user interface 812, processing circuitry 840a, the processing circuitry 840a optionally comprising a processor 850a and a memory 860a for storing a computer program, and a communication interface 830a for transmitting and receiving information wirelessly. According to some aspects, the communication interface 830a is arranged to communicate using the Bluetooth wireless technology standard. The user interface 812 typically comprises a touch screen arranged to receive user input via physical interaction with the touch screen. A user connects the client device 810 to the file storage device 820 via respective communication interfaces 830a, 830b. The user then selects, by providing input via the user interface 812 to a computer program executed on the client device 810, data which the user wants to store securely on the at the file storage device 820. The user may also select a public key to use for the encryption of the data.
Alternatively, the public key is already stored at the file storage device, e.g. in a data base. The public key may thus be stored on the file storage device only once and then be used automatically whenever it is needed. The public key therefore only need to be stored when it is being stored for the first time or updated.
The public key is part of an asymmetric key pair comprising a private key and said public key. The idea is to have the private key stored safely at a location other than where the encryption of the data by the public key takes place. Maximum security of the data is thereby enabled; the file storage device provides a write-only functionality in the sense that the stored data is not readable from the file storage device, but it is possible to write to the file storage device. The stored data can however be read by using the private key. Anyone wishing to be able to read the data must go to the location where the private key is stored and obtain the private key in order to access the data.
The file storage device 820 comprises a data storage for storing data.
Before secure storage of the data, a partition 894 for storage of encrypted data is created and formatted. The public key may be stored at the file storage device during this process. After this, when data is sent from the client device which is destined for the partition 894, both the resulting file name and the file content is encrypted using the public key. In other words, an encrypted file is obtained. The encryption is preferably performed by an encryption engine, which may be implemented in the form of dedicated software, hardware or any combination thereof. According to some aspects, the file storage device comprises an encryption engine 882b arranged to encrypt data using the public key.
For performance reasons, it may in some cases be preferable if the encryption is performed at the client device. Thus, according to some aspects, the client device comprises an encryption engine 882a arranged to encrypt data using the public key. Since the public key is needed by the encryption engine 882a, 882b that is used to perform the encryption of the data, the encryption engine must have access to the public key. Thus, a step of obtaining the public key may need to be taken if the public key is not already available, as mentioned above in relation to storing the public key during creation of the partition on which the data is to be stored. For instance, the client device may have stored the public key and transfers the public key to the file storage device for encryption at the encryption engine 882b at the file storage device, or vice versa.
The encrypted file will originate from a device external to the file storage device, e.g. from the client device. If the data is produced at the client device, such as with a built-in camera, the data is never stored at a local storage at the client device, but only stored at the partition 894 on the file storage device 820.
According to some aspects, files are arranged to be stored sequentially on the partition. According to some further aspects, the file storage device is arranged to store a pointer arranged to point to where the next available space begins on the partition. In other words, the pointer is arranged to indicate where the next encrypted file will begin to be stored. The pointer is then updated after each file is stored. According to some yet further aspects, it is not possible to delete individual files once the partition 894 becomes full, and the partition needs to be reformatted in order to store additional files on it.
Figure 9 illustrates a file storage device 920 for secure storage of data. The file storage device 920 comprises a communication interface 930 arranged to transmit and receive information. The file storage device further comprises a data storage 990 arranged to store an encrypted file. The file storage device is arranged to obtain the encrypted file to be stored on the file storage device using a public key. The public key is a key from an asymmetric key pair. The asymmetric key pair comprises the public key and a private key. The file storage device is further arranged to store the public key on the file storage device.
Figure 10 illustrates a method, performed in a storage device, for secure storage of data at a file storage device. The method comprises receiving S1010 an encrypted file to be stored on the file storage device using a public key. The public key is a key from an asymmetric key pair. The asymmetric key pair comprises the public key and a private key. The method further comprises storing S1020 the public key on the file storage device. According to some aspects, storing S1020 the public key on the file storage device is only performed of the public key is not already stored on the file storage device or if the public key needs to be updated. Public keys already stored on the file storage device can thereby be reused until they need to be updated. The method yet further storing S1030 the encrypted file on the file storage device.
The present disclosure also relates to a computer program for secure storage of data at a file storage device comprising computer program code which, when executed in a file storage device, causes the file storage device to receive an encrypted file to be stored on the file storage device using a public key. The public key is a key from an asymmetric key pair. The asymmetric key pair comprises the public key and a private key. The computer program is further arranged to, when executed in the file storage device, cause the file storage device to store the public key on the file storage device.
According to some aspects, the computer program is further arranged to only store the public key on the file storage device if the public key is not already stored on the file storage device or if the public key needs to be updated. Public keys already stored on the file storage device can thereby be reused until they need to be updated. The computer program is further arranged to, when executed in the file storage device, cause the file storage device to store the encrypted file on the file storage device.
Figure 11 illustrates a client device 1110 for secure storage of data at a file storage device. The client device comprises a communication interface 1130 arranged to transmit and receive information. The client device is arranged to transmit data to the file storage device for secure storage of data. The data is arranged to enable the file storage device to obtain an encrypted file to be stored on the file storage device using a public key. The public key is a key from an asymmetric key pair. The asymmetric key pair comprises the public key and a private key. The client device is may further be arranged to transmit the public key to the file storage device.
Figure 12 illustrates a method, performed at a client device, for secure storage of data at a file storage device. The method comprises transmitting S1210 data to the file storage device for secure storage of data. The data is arranged to enable the file storage device to obtain an encrypted file to be stored on the file storage device using a public key. The public key is a key from an asymmetric key pair. The asymmetric key pair comprises the public key and a private key. The method may further comprise transmitting S1220 the public key to the file storage device.
The present disclosure also relates to a computer program for secure storage of data at a file storage device comprising computer program code which, when executed at a client device, causes the client device to transmit data to the file storage device for secure storage of data. The data is arranged to enable the file storage device to obtain an encrypted file to be stored on the file storage device using a public key. The public key is a key from an asymmetric key pair. The asymmetric key pair comprises the public key and a private key. The computer program may further be arranged to, when executed at the client device, cause the client device to transmit the public key to the file storage device. The present disclosure also relates to a method for secure offline data transport, as illustrated in figure 13. The method comprises selecting S200 a set of data storage devices comprising at least a main data storage device and one or more supplementary data storage devices. The main data storage device preferably comprises at least a communication interface arranged to transmit and receive information and a data storage. In other words, the main data storage device is preferably a file storage device as described above and below. The selection may then be performed via a client device communicatively connected to the main data storage device, wherein the client device is arranged to perform the selection and transmit information relating to the selection to the main data storage device.
The method further comprises splitting up S210 at least one file into a plurality of data segments. The splitting up S10 of the at least one file is preferably performed offline. According to some aspects, the method also comprises storing S205 the at least one file on the main data storage device before splitting up S210 the at least one file into a plurality of data segments. According to some aspects, the plurality of data segments are configured to enable reconstructing all data of the at least one file from a subset of data segments of the plurality of data segments. Redundancy is thereby introduced. The transported data can thereby be recreated at the step of merging 260 even if not every single data segment arrivev The method also comprises encrypting S220 the at least one file based on a key or password. According to some aspects, the user enters the key or password to be used for the data into the client device, which then initiates the encryption process. If a key is used, the key must have been previously generated and stored on the client device. According to some aspects, the encryption S220 of the at least one file is performed before it is split up S210. This may make it more difficult to decrypt the data segments depending on the encryption method and/or the password or key used for encryption.
The method additionally comprises distributing S230 copies of the plurality of data segments over the selected data storage devices. When the file is completely read, encrypted and sent to the selected data storage devices, a notification may be sent to the selected data storage devices that no more chunks will be sent.
According to some aspects, the method further comprises erasing securely S240 the at least one file and/or the plurality of data segments from the main data storage device. According to some aspects, the step of erasing securely comprises overwriting the data to be erased, e.g. with random data. This makes sure that the file cannot be recovered in its original unencrypted form. Now, all the selected data storage devices can be transported, ideally by different routes and means, to the destination. Thus, according to some aspects, the method further comprises transporting S242 the selected data storage devices comprising the plurality of received data segments from a first location to a second location. According to some further aspects, transporting S242 the selected data storage devices comprises at least two storage devices being transported along different routes and/or being transported with different temporal distributions. When all devices have arrived, the process is executed in reverse. Thus, the method yet further comprises receiving S250 the plurality of data segments at the main data storage device. The method also comprises merging S260, at the main data storage device, the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate. The merging S260 is preferably performed offline. The method additionally comprises decrypting S270, at the main data storage device, the at least one file from which the plurality of decrypted data segments originate based on the key or password. According to some aspects, the password or key used to decrypt is provided via a client device communicatively connected to the main data storage device. According to some aspects, the data segments are read from the data storage devices one by one, sent to the main data storage device for decryption, e.g. via an encryption engine arranged to perform the decryption, and then the original file is written back to the main data storage device. According to some other aspects, the process is reversed, i.e. the data segments are merged into an encrypted version of the original file, followed by decryption of the encrypted version of the original file.
The present disclosure also relates to a computer program for secure offline data transport comprising computer program code which, when executed in a system comprising a main data storage and at least one supplementary storage device, causes the main data storage device to select a set of data storage devices comprising at least a main data storage device and one or more supplementary data storage devices. The computer program is further arranged to cause the main data storage device to split up at least one file into a plurality of data segments. The computer program is yet further arranged to cause the main data storage device to encrypt the at least one file based on a key or password.
The computer program is also arranged to cause the main storage device to distribute copies of the plurality of data segments over the selected data storage devices. The computer program is additionally arranged to cause the main data storage device to receive the plurality of data segments at the main data storage device. The computer program is further arranged to cause the system to merge, at the main data storage device, the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate. The computer program is yet further arranged to cause the system to decrypt, at the main data storage device, the at least one file from which the plurality of decrypted data segments originate based on the key or password.
Figure 14 illustrates different embodiments of a system implementing the disclosed method of figure 13. The illustrated embodiments present a scenario wherein a user stores data on an area restricted to be inaccessible at the time of storing the data and wherein the process of storing the data is performed in a secure manner. The system comprises a file storage device 1420 and a client device 1410. The client device 1410 is illustrated as a wireless device, such as a smartphone having a user interface 1412, processing circuitry 1440a, the processing circuitry 1440a optionally comprising a processor 1450a and a memory 1460a for storing a computer program, and a communication interface 1430a for transmitting and receiving information wirelessly. According to some aspects, the communication interface 1430a is arranged to communicate using the Bluetooth wireless technology standard.
The user interface 1412 typically comprises a touch screen arranged to receive user input via physical interaction with the touch screen. A user connects the client device 1410 to the file storage device 1420 via respective communication interfaces 1430a, 1430b. The file storage device 1420 comprises a data storage 1490b.
The user then selects, by providing input via the user interface 1412 to a computer program executed on the client device 1410, at least one file and/or folder stored on the data storage 1490b that should be split up.
The user further enters, via the user interface 1412, a password or key to be used for encryption of the chosen at least one file and/or folder. If a key is used, the key must have been previously generated. In the illustrated scenario, a set of storage devices 1410c, 1410d, 1410e is connected to the file storage device 1420. The user also selects a set of data storage devices from the available storage devices 1410, 1420, 1410c, 1410d, 1410e comprising at least a main data storage device, here represented by the file storage device 1420, and one or more supplementary data storage devices 1410, 1410c, 1410d, 1410e. The selected set of data storage devices is to be used for carrying pieces of the chosen at least one file and/or folder.
In principle, the storage devices over which to split up the at least one file and/or folder could comprise any two or more of the available storage devices. In this example, the three data storage devices 1410c, 1410d, 1410e and the file storage device 1420 will be used to illustrate the chosen set of data storage devices, with the file storage device 1420 corresponding to the main data storage device. The file storage device 1420 further comprises an encryption engine 1482 arranged to encrypt and decrypt the selected at least one file and/or folder using the password or key.
In this example, the at least one file and/or folder is read by processing circuitry 1440b of the file storage device, and subsequently encrypted by the encryption engine 1482. The encrypted at least one file and/or folder is split in small chunks. After this, the first chunk is sent to a first data storage device 1410c of the three data storage devices 1410c, 1410d, 1410e. The second encrypted chunk is sent to a second data storage device of the three data storage devices 1410c, 1410d, 1410e and so on until there are no more data storage devices in the list. The chunk after this will then be sent to the first data storage device again. In principle, the main data storage device, i.e. the file storage device 1420, could also hold one or more of the encrypted chunks, but in this example only the three data storage devices 1410c, 1410d, 1410e will serve this function.
When the at least one file and/or folder is completely read, encrypted, split up and sent to the supplementary data storage devices, a notification is sent to the supplementary data storage devices that no more chunks will be sent. Once the encrypted chunks of the at least one file and/or folder have been distributed over the three supplementary data storage devices 1410c, 1410d, 1410e, the original data of the at least one file and/or folder is securely removed from the file storage device 1420, e.g. it is overwritten by random data. In this scenario, the file storage device 1420, the client device 1410 and the three supplementary data storage devices 1410c, 1410d, 1410e are transported to a target location different from the current location, preferably using different routes and/or means and/or with different temporal distributions.
When all devices have arrived at the target location, the process is executed in reverse. The client device 1410 provides the password/key to the file storage device 1420, then the chunks are read from the three supplementary data storage devices one by one, sent to the encryption engine 1482 for decryption and then the original file is written back to the file storage device. In this example, the client device 1410 providing the password/key for decryption and the file storage device 1420 at which the encrypted chunks were collected and restored were the same, but it is possible that the password/key could be provided by another device and/or that the at least one file and/or folder is decrypted at a different file storage device than that from which the at least one file and/or folder originated.
Figure 15 illustrates a file storage device 1520 for secure offline data transport. The file storage device comprises a communication interface 1530 arranged to transmit and receive information. The file storage device further comprises a data storage 1590 arranged to store an encrypted file. The file storage device is arranged to receive a selection of a set of data storage devices comprising one or more supplementary data storage devices. The file storage device is further arranged to split up at least one file into a plurality of data segments. The file storage device is yet further arranged to encrypt the at least one file based on a key or password. The file storage device is also arranged to distribute copies of the plurality of data segments over the selected data storage devices. The file storage device is additionally arranged to receive the plurality of data segments from the one or more supplementary data storage devices. The file storage device is further arranged to merge the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate. The file storage device is yet further arranged to decrypt the at least one file from which the plurality of decrypted data segments originate based on the key or password.
Figure 16 illustrates a method for secure offline data transport. The method is performed at a file storage device. The method comprises receiving S1610 a selection of a set of data storage devices comprising one or more supplementary data storage devices. The method further comprises splitting up S1620 at least one file into a plurality of data segments. The method yet further comprises encrypting S1630 the at least one file based on a key or password. The method also comprises distributing S1640 copies of the plurality of data segments over the selected data storage devices. The method additionally comprises receiving S1650 the plurality of data segments from the one or more supplementary data storage devices. The method further comprises merging S1660 the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate. The method yet further comprises decrypting S1670 the at least one file from which the plurality of decrypted data segments originate based on the key or password.
The present disclosure also relates to a computer program for secure offline data transport comprising computer program code which, when executed at a file storage device, causes the file storage device to receive a selection of a set of data storage devices comprising one or more supplementary data storage devices. The computer program is further arranged to cause the file storage device to split up at least one file into a plurality of data segments. The computer program is yet further arranged to cause the file storage device to encrypt the at least one file based on a key or password. According to some aspects, the computer program is arranged to cause the file storage device to encrypt the at least one file before splitting up the at least one file into the plurality of data segments. The computer program is also arranged to cause the file storage device to distribute copies of the plurality of data segments over the selected data storage devices. The computer program is additionally arranged to cause the file storage device to receive the plurality of data segments from the one or more supplementary data storage devices. The computer program is further arranged to cause the file storage device to merge the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate. The computer program is yet further arranged to cause the file storage device to decrypt the at least one file from which the plurality of decrypted data segments originate based on the key or password.
The present disclosure also relates to a client device for secure offline data transport. The client device comprises a communication interface arranged to transmit and receive information. The client device is further arranged to transmit a selection of a set of data storage devices comprising one or more supplementary data storage devices.
The present disclosure also relates to a method for secure offline data transport. The method is performed in a client device comprising a communication interface arranged to transmit and receive information. The method comprises transmitting a selection of a set of data storage devices comprising one or more supplementary data storage devices.
The present disclosure also relates to a computer program comprising computer program code which, when executed at a client device, causes the client device to transmit a selection of a set of data storage devices comprising one or more supplementary data storage devices.

Claims

1. A method for secure offline data transport, the method comprising
selecting (S200) a set of data storage devices comprising at least a main data storage device and one or more supplementary data storage devices,
- splitting up (S210) at least one file into a plurality of data segments,
encrypting (S220) the at least one file based on a key or password,
distributing (S230) copies of the plurality of data segments over the selected data storage devices,
receiving (S250) the plurality of data segments at the main data storage device, - merging (S260), at the main data storage device, the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate, and
decrypting (S270), at the main data storage device, the at least one file from which the plurality of decrypted data segments originate based on the key or password.
2. The method according to claim 1, further comprising the steps of storing (S205) the at least one file on the main data storage device before splitting up (S210) the at least one file into a plurality of data segments and securely erasing (S240) the at least one file stored on the main data storage device after the file is split up into a plurality of data segments.
3. The method according to claim 1 or 2, further comprising transporting (S242) the selected data storage devices comprising the plurality of received data segments from a first location to a second location.
4. The method according to claim 3, wherein transporting (S242) the selected data storage devices comprises at least two storage devices being transported along different routes and/or being transported with different temporal distributions. 5. A computer program for secure offline data transport comprising computer program code which, when executed, causes a main data storage device to select a set of data storage devices comprising at least a main data storage device and one or more supplementary data storage devices,
split up at least one file into a plurality of data segments,
encrypt the at least one file based on a key or password,
- distribute copies of the plurality of data segments over the selected data storage devices,
receive the plurality of data segments at the main data storage device,
merge, at the main data storage device, the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate, and
decrypt, at the main data storage device, the at least one file from which the plurality of decrypted data segments originate based on the key or password.
6. A file storage device for secure offline data transport, the file storage device comprising
a communication interface arranged to transmit and receive information, a data storage arranged to store an encrypted file,
wherein the file storage device is arranged to
receive a selection of a set of data storage devices comprising one or more supplementary data storage devices,
split up at least one file into a plurality of data segments,
encrypt the at least one file based on a key or password,
distribute copies of the plurality of data segments over the selected data storage devices,
receive the plurality of data segments from the one or more supplementary data storage devices,
merge the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate, and
decrypt the at least one file from which the plurality of decrypted data segments originate based on the key or password.
7. A method for secure offline data transport, performed at a file storage device, the method comprising the steps of
receiving (S1610) a selection of a set of data storage devices comprising one or more supplementary data storage devices,
- splitting up (S1620) at least one file into a plurality of data segments,
encrypting (S1630) the at least one file based on a key or password,
distributing (S1640) copies of the plurality of data segments over the selected data storage devices,
receiving (S1650) the plurality of data segments from the one or more supplementary data storage devices,
merging (S1660) the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate, and decrypting (S1670) the at least one file from which the plurality of decrypted data segments originate based on the key or password.
8. A computer program for secure offline data transport comprising computer program code which, when executed at a file storage device, causes the file storage device to receive a selection of a set of data storage devices comprising one or more supplementary data storage devices,
- split up at least one file into a plurality of data segments,
encrypt the at least one file based on a key or password,
distribute copies of the plurality of data segments over the selected data storage devices,
receive the plurality of data segments from the one or more supplementary data storage devices,
merge the plurality of decrypted data segments to recreate the at least one file from which the plurality of decrypted data segments originate, and
decrypt the at least one file from which the plurality of decrypted data segments originate based on the key or password.
9. A method for file access restriction, the method comprising the steps of transmitting (S10) access restriction information from a client device to a file storage device via respective communication interfaces, the access restriction information comprising information identifying at least one file and/or folder to be access restricted when an access restriction criterion is met,
- receiving (S30), at the file storage device, the access restriction information,
configuring (S50) the storage device to restrict access to the identified at least one file and/or folder when the access restriction criterion is met, and
detecting (S70) when the access restriction criterion is met. 10. The method according to claim 9, wherein configuring (S50) the storage device to restrict access comprises hiding (S55) the identified at least one file and/or folder.
11. The method according to claim 10, wherein the access restriction criterion comprises the file storage device being outside a respective region associated with the identified at least one file and/or folder.
12. The method according to claim 11, wherein the each respective region is defined by geographical coordinate data. 13. The method according to claim 12, wherein the coordinate data comprises global navigation satellite system, GNSS, coordinate data.
14. A computer program for file access restriction comprising computer program code which, when executed, causes a system comprising a file storage device and a client device communicatively connected to each other to
transmit access restriction information from the client device to the file storage device via respective communication interfaces, the access restriction information comprising information identifying at least one file and/or folder to be access restricted when an access restriction criterion is met,
- receive, at the file storage device, the access restriction information,
configure the storage device to restrict access to the identified at least one file and/or folder when the access restriction criterion is met, and detect when the access restriction criterion is met.
15. A file storage device (10) for file access restriction, the file storage device (10) comprising
- a communication interface (12) arranged to transmit and receive information,
a data storage (14) arranged to store data arranged in the form of files and/or folders, wherein the file storage device is arranged to store access restriction information comprising information identifying at least one file and/or folder stored on the data storage to be access restricted if an access restriction criterion is met, and arranged to restrict access to the identified at least one file and/or folder if the access restriction criterion is met, and
wherein the file storage device is arranged to detect when the access restriction criterion is met. 16. A method, performed in a file storage device comprising a communication interface arranged to transmit and receive information and having at least one file and/or folder stored thereon, for file access restriction configuration and monitoring, the method comprising the steps of
receiving (S1000), via the communication interface, access restriction information comprising information identifying at least one file and/or folder stored on the file storage device to be access restricted when an access restriction criterion is met, configuring (S2000) the file storage device to restrict access to the identified at least one file and/or folder when the access restriction criterion is met based on the received access restriction information, and
- detecting (S3000) when the access restriction criterion is met.
A computer program for file access restriction configuration and monitoring comprising computer program code which, when executed on a file storage device comprising a communication interface arranged to transmit and receive information and having at least one file and/or folder stored thereon, causes the file storage device to receive, via the communication interface, access restriction information comprising information identifying at least one file and/or folder stored on the file storage device to be access restricted when an access restriction criterion is met,
configure the file storage device to restrict access to the identified at least one file and/or folder if the access restriction criterion is met, and
detect when the access restriction criterion is met.
18. A method for storage of data at a file storage device, the method comprising
obtaining (S990) an encrypted file to be stored on the file storage device using a public key, the public key being a key from an asymmetric key pair, the asymmetric key pair comprising the public key and a private key,
storing (S992) the public key on the file storage device, and
storing (S994) the encrypted file on the file storage device. 19. A computer program for secure storage of data at a file storage device comprising computer program code which, when executed, causes the file storage device and/or a client device in communication with the file storage device to
obtain an encrypted file to be stored on the file storage device using a public key, the public key being a key from an asymmetric key pair, the asymmetric key pair comprising the public key and a private key,
store the public key on the file storage device, and
store the encrypted file on the file storage device.
20. A file storage device for secure storage of data, the file storage device comprising
- a communication interface arranged to transmit and receive information,
a data storage arranged to store an encrypted file,
wherein the file storage device is arranged to obtain the encrypted file to be stored on the file storage device using a public key, the public key being a key from an asymmetric key pair, the asymmetric key pair comprising the public key and a private key, and
wherein the file storage device is arranged to store the public key on the file storage device.
21. A method for storage of data at a file storage device, performed at the file storage device, the method comprising
receiving (S1010) an encrypted file to be stored on the file storage device using a public key, the public key being a key from an asymmetric key pair, the asymmetric key pair comprising the public key and a private key,
storing (S1020) the public key on the file storage device, and
storing (S1030) the encrypted file on the file storage device.
22. A computer program for secure storage of data at a file storage device comprising computer program code which, when executed in a file storage device, causes the file storage device to
receive an encrypted file to be stored on the file storage device using a public key, the public key being a key from an asymmetric key pair, the asymmetric key pair comprising the public key and a private key,
store the public key on the file storage device, and
store the encrypted file on the file storage device.
23. A client device for secure storage of data at a file storage device, the client device comprising a communication interface arranged to transmit and receive information, wherein the client device is arranged to
transmit data to the file storage device for secure storage of data, the data being arranged to enable the file storage device to obtain an encrypted file to be stored on the file storage device using a public key, the public key being a key from an asymmetric key pair, the asymmetric key pair comprising the public key and a private key.
24. The client device according to claim 23, wherein the client device is further arranged to transmit the public key to the file storage device.
25. A method for storage of data at a file storage device, performed at a client device, the method comprising the step of transmitting (S1210) data to the file storage device for secure storage of data, the data being arranged to enable the file storage device to obtain an encrypted file to be stored on the file storage device using a public key, the public key being a key from an asymmetric key pair, the asymmetric key pair comprising the public key and a private key.
26. The method according to claim 25, further comprising the step of
transmitting (S1220) the public key to the file storage device.
27. A computer program for secure storage of data at a file storage device comprising computer program code which, when executed at a client device, causes the client device to
transmit data to the file storage device for secure storage of data, the data being arranged to enable the file storage device to obtain an encrypted file to be stored on the file storage device using a public key, the public key being a key from an asymmetric key pair, the asymmetric key pair comprising the public key and a private key, and
transmit the public key to the file storage device.
PCT/SE2018/050735 2017-07-07 2018-07-04 Secure data transfer and storage WO2019009795A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE1750905-0 2017-07-07
SE1750905 2017-07-07

Publications (1)

Publication Number Publication Date
WO2019009795A1 true WO2019009795A1 (en) 2019-01-10

Family

ID=64950271

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2018/050735 WO2019009795A1 (en) 2017-07-07 2018-07-04 Secure data transfer and storage

Country Status (1)

Country Link
WO (1) WO2019009795A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200068006A1 (en) * 2018-08-22 2020-02-27 International Business Machines Corporation Crowdsourcing big data transfer

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008031158A1 (en) * 2006-09-12 2008-03-20 Cebridge Pty. Ltd. Method system and apparatus for handling information
US20120066517A1 (en) * 2009-02-05 2012-03-15 Wwpass Corporation Dispersed secure data storage and retrieval
US20130208893A1 (en) * 2012-02-13 2013-08-15 Eugene Shablygin Sharing secure data
EP2963853A1 (en) * 2014-06-30 2016-01-06 Quantum Trains International B.V. Method for transporting large amounts of electronic data
US20170109242A1 (en) * 2012-11-12 2017-04-20 Infinite Io Systems and methods of transmitting data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008031158A1 (en) * 2006-09-12 2008-03-20 Cebridge Pty. Ltd. Method system and apparatus for handling information
US20120066517A1 (en) * 2009-02-05 2012-03-15 Wwpass Corporation Dispersed secure data storage and retrieval
US20130208893A1 (en) * 2012-02-13 2013-08-15 Eugene Shablygin Sharing secure data
US20170109242A1 (en) * 2012-11-12 2017-04-20 Infinite Io Systems and methods of transmitting data
EP2963853A1 (en) * 2014-06-30 2016-01-06 Quantum Trains International B.V. Method for transporting large amounts of electronic data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200068006A1 (en) * 2018-08-22 2020-02-27 International Business Machines Corporation Crowdsourcing big data transfer
US10958708B2 (en) * 2018-08-22 2021-03-23 International Business Machines Corporation Crowdsourcing big data transfer

Similar Documents

Publication Publication Date Title
US10872042B2 (en) Backup system with multiple recovery keys
US9992172B2 (en) Secure key management in a data storage system
ES2680660T3 (en) Systems and methods to secure and restore virtual machines
US9330275B1 (en) Location based decryption
US10567369B2 (en) Secure token passing via hash chains
JP5631322B2 (en) Information processing terminal, confidential information access control method, program, recording medium, and integrated circuit
CN110199284A (en) Crossover-platform surrounds area's identity
US10121012B2 (en) End-to-end encryption and backup in data protection environments
CN110147329B (en) Method, device and terminal for dynamically detecting simulator
JP2017533521A (en) Method and system for geolocation authentication of resources
US20200235916A1 (en) Secure memory arrangements
US8296571B2 (en) Export control for a GNSS receiver
US20150227753A1 (en) Content item encryption on mobile devices
JP4753398B2 (en) File encryption system with position information, decryption system, and method thereof
US20160063278A1 (en) Privacy Compliance Event Analysis System
CN110214321A (en) Nesting surrounds area's identity
US20170264438A1 (en) Location-locked data
Paladi et al. Trusted geolocation-aware data placement in infrastructure clouds
US20160110555A1 (en) Resource sharing apparatus, method, and non-transitory computer readable storage medium thereof
JP2018156633A (en) Information management terminal equipment
CN110914826B (en) System and method for distributed data mapping
WO2019009795A1 (en) Secure data transfer and storage
US11588632B2 (en) Private key creation using location data
US20150278539A1 (en) Location-based data security system
JP2005071071A (en) Information access management system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18827836

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20/03/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18827836

Country of ref document: EP

Kind code of ref document: A1