WO2021097550A1 - Method and system for fast secure file transfer service - Google Patents

Method and system for fast secure file transfer service Download PDF

Info

Publication number
WO2021097550A1
WO2021097550A1 PCT/CA2019/051654 CA2019051654W WO2021097550A1 WO 2021097550 A1 WO2021097550 A1 WO 2021097550A1 CA 2019051654 W CA2019051654 W CA 2019051654W WO 2021097550 A1 WO2021097550 A1 WO 2021097550A1
Authority
WO
WIPO (PCT)
Prior art keywords
store
digital file
storage device
request
link
Prior art date
Application number
PCT/CA2019/051654
Other languages
French (fr)
Inventor
Younes Hafri
Original Assignee
Effica Technologies Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Effica Technologies Inc. filed Critical Effica Technologies Inc.
Priority to PCT/CA2019/051654 priority Critical patent/WO2021097550A1/en
Publication of WO2021097550A1 publication Critical patent/WO2021097550A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • H04L51/046Interoperability with other network applications or services

Definitions

  • the present disclosure relates to information technology systems employed over an electronic communication network. More specifically, the present disclosure relates to methods and systems for securely serving and transferring digital files at high speeds with minimal hardware requirements.
  • a digital file when transferring a digital file from a storage location (such as but not limited to a remotely located, cloud-based database) to a user device, the digital file(s) being transferred may be vulnerable to corruption, loss or unauthorized copying. Moreover, users typically desire rapid file transfer in order to facilitate the pace that which many electronic interactions are performed at.
  • the present disclosure provides methods and systems for serving and transferring digital files in a secure, rapid, scalable and invulnerable manner.
  • the present disclosure provides a method for securely uploading a digital file to a storage device and transferring a digital file from the storage device to a user device, the method including the steps of uploading the digital file to the storage device by way of a first cryptographic connection in electronic socket-based communication, storing the digital file in the storage device by way of an store request, storing the digital file including the steps of authenticating the store request, authorizing the store request, validating the parameters of the store request, defining a store link associated with the store request, the store link selected from the group consisting of: a persistent store link and an infinite number of ephemeral links, receiving metadata associated with the digital file, the metadata included in the store request, caching the metadata associated with the digital file, allocating storage space on the storage device, precomputing a store response headers for a store response, storing the digital file in the storage device prefixed by the store response headers, the store response having a universally unique identifier having an entity tag and a secure hash digest of the
  • the present disclosure provides a method for securely uploading a digital file to a storage device, including the steps of uploading the digital file to the storage device by way of a first cryptographic connection in electronic communication with a first TCP/IP network socket, storing the digital file in the storage device by way of a store request, storing the digital file including the steps of authenticating the store request, authorizing the store request, validating the parameters of the store request, defining a store link associated with the store request, the store link selected from the group consisting of: a persistent link and an infinite (i.e.: only limited by physical resources) number of ephemeral links associated to the persistent link, receiving metadata associated with the digital file, the metadata included in the store request, storing the metadata in a cache in electronic communication with the storage device, allocating storage space on the storage device, precomputing store response headers for a store response, storing the digital file in the storage device, providing the store response with the store response headers, the store response having a universally unique identifier
  • the present disclosure provides a method for securely transferring a digital file from the storage device to a user device, the method including the steps of loading the digital file for subsequent download, loading the digital file including the steps of receiving a load request, validating the parameters of the load request, and defining a load link associated with the load request, the load link selected from the group consisting of: a persistent link and an infinite (i.e.: only limited by physical resources) number of ephemeral links associated to the persistent link, obtaining the metadata associated with the digital file from the cache by way of a secure and authenticated connection in electronic socket-based communication between the user device and the storage device, the authenticated connection providing direct memory access between the storage device and the user device, downloading the digital file from the storage device to the user device by way of an authenticated connection.
  • the present disclosure provides a system for securely uploading and transferring a digital file
  • the system having a storage device having a processor, storage means and a communications subsystem adapted to electrically connect the storage device to an electronic communication network, a user device having a processor, user input means, local storage means, and a communication subsystem adapted to electrically connect the storage device to the electronic communication network, such that the storage device receives the digital file by way of a first cryptographic connection in electronic communication with a first network socket, the storage device stores the digital file in the storage means in response to a store request, storing the digital file including the steps of authenticating the store request, authorizing the store request, validating the parameters of the store request, defining a store link associated with the store request, the store link selected from the group consisting of: a persistent store link and an infinite (only limited by physical resources) number of ephemeral links associated to the persistent link, receiving metadata associated with the digital file, the metadata included in the store request, storing the metadata in a cache with the
  • FIGURE 1 is an illustration of a suitable system for use in accordance with at least one embodiment of the present disclosure
  • FIGURE 2 is an illustration of a suitable user device for use in accordance with at least one embodiment of the present disclosure
  • FIGURE 3 is a diagram of a method for securely loading data to a storage device in accordance with at least one embodiment of the present disclosure
  • FIGURE 4 is a diagram of a method for storing data based on a store request in accordance with at least one embodiment of the present disclosure
  • FIGURE 5 is a diagram of a method for securely downloading data to a user device in accordance with at least one embodiment of the present disclosure
  • FIGURE 6 is a diagram of a method for loading data for download based on a load request in accordance with at least one embodiment of the present disclosure.
  • FIGURE 7 is a diagram of a method for securely loading data to a storage device and downloading the data to a user device in accordance with at least one embodiment of the present disclosure.
  • the present disclosure provides methods and systems for serving and transferring digital files in a secure, rapid, scalable and invulnerable manner.
  • a suitable “user device” and “uploading device” includes any suitable computing device such as but not limited to a mobile device, smart phone, a tablet, laptop, desktop terminal, server terminal, and application service.
  • a suitable user device will have suitable local memory, input means and display means and will have an electronic communication module that enables electronic communication with other devices, either hard wired or wirelessly, over a suitable electronic communication network.
  • a suitable “storage device” includes any suitable data storage device such as but not limited to a remotely located server device and a user device as discussed herein.
  • a suitable storage device will have suitable volatile and non-volatile memory (such as but not limited to SDD/HDD disk, Network Attached Storage (NAS) memory and RAMDISK memory), read/write means and will have an electronic communication module that enables electronic communication with other devices, either hard wired or wirelessly, over a suitable electronic communication network.
  • suitable volatile and non-volatile memory such as but not limited to SDD/HDD disk, Network Attached Storage (NAS) memory and RAMDISK memory
  • read/write means will have an electronic communication module that enables electronic communication with other devices, either hard wired or wirelessly, over a suitable electronic communication network.
  • a suitable “electronic communication network” includes any local area network (LAN) or wide area network (WAN) that enables electronic communication between suitably connected devices as required by the end-user application.
  • LAN local area network
  • WAN wide area network
  • a suitable user device will be in electronic communication with suitable storage device as discussed herein.
  • the user device has local data storage means and in other embodiments the user device additionally or alternatively will be in electronic communication with a remotely located storage device over an electronic communication network.
  • suitable data storage may be provided that can be located remotely (i.e. in the cloud and electronically accessed via typical wired or wireless communication protocols) or in a locally oriented server stored onsite (or in other words, on premises data storage) or in local storage on the user device and electronically accessed by way of standard wired or wireless communication protocols, as required by the end user application of the present disclosure.
  • a suitable user device can be adapted and configured to run a suitable Application Programming Interface (API) that is suitable for sending and receiving encrypted electronic communications and managing, editing, storing, and accessing digital files in accordance with the present disclosure.
  • API Application Programming Interface
  • embodiments of the present disclosure can be accessed by a suitable user device through a web browser having access to a suitable electronic communication network, such as the Internet or a local area network.
  • a suitable “digital file” can include any digital data in any format as required by the end user application of the present invention.
  • a user device 2 and a storage device 4 are in electronic communication by way of an electronic communication network 6.
  • user device 2 has visual display means and user interface means, as discussed herein.
  • storage device 6 is a remotely located server.
  • user device 2 and storage device 4 are in electronic communication with each other through an electronic communication network 6 that is a wireless communication network operated through remote servers, also known as a cloud-based network, although other arrangements such as hard-wired local networks are also contemplated as discussed herein.
  • electronic communication network 6 is a wireless communication network operated through remote servers, also known as a cloud-based network, although other arrangements such as hard-wired local networks are also contemplated as discussed herein.
  • user device 2 for use in connection with the present disclosure is illustrated.
  • user device 2 includes a processor 3, a communication subsystem 5 and local data storage 7, all of which are electronically connected by way of a bus 8.
  • Communication subsystem 5 enables wireless electronic communication with electronic communication network 6, although other wired embodiments are also contemplated.
  • Figures 3 and 7 at least one embodiment of a method of securely uploading a digital file to a storage device is depicted. In this embodiment, the method starts 10 and the digital file is subsequently uploaded 12 and stored 14 with the storage device.
  • the digital file is uploaded over a cryptographically secured connection between the uploading device and the storage device through a standard network socket (such as a TSL/SSL socket), although other arrangements are also contemplated.
  • a standard network socket such as a TSL/SSL socket
  • the cryptographically secured connection is a Transport Layer Security (TLS)Secure Sockets Layer (SSL) protocol-enabled connection, as will be readily understood by the skilled person.
  • TLS Transport Layer Security
  • SSL Secure Sockets Layer
  • uploading the digital file 12 to the storage device further comprises the steps of encrypting the digital file using a key derivation function (such as but not limited to a scrypt function) and sending a password associated with the key derivation function from the uploading device to the storage device by way of a suitable electronic communication, including but not limited to a Short Message Service (SMS) message, an email, a facsimile or other suitably secure electronic communication as will be readily understood by the skilled person.
  • SMS Short Message Service
  • a store response is provided 16 confirm that the digital file has been stored and providing further information that can be used to retrieve the stored digital file, as will be discussed in further detail herein.
  • the digital file is stored 14 with the storage device by way of a store request.
  • the store request is a HTTP POST request, as will be readily understood by the skilled person.
  • the store request includes an HTTP header that provides readable parameters for the store request.
  • the store request is associated with a dedicated central processing unit (CPU) of the storage device by way of a consistent hashing protocol, in order to evenly distribute load on computing resources to the storage request.
  • CPU central processing unit
  • the storage request can subsequently be authenticated 100 and authorized 102.
  • the parameters of the store request can be validated 104.
  • a store link between the uploading device and the storage device can be defined 106 in order to determine if the store link is a permanent store link or an ephemeral store link.
  • the store link is an ephemeral store link
  • the ephemeral store link expires after a predetermined amount of time elapses or a predetermined number of clicks that can be defined by the sender.
  • an ephemeral store link can be associated with the permanent store link and moreover the number of ephemeral store links is only limited by the available computing resources of the storage device and the electronic communication network, as will be readily understood by the skilled person.
  • metadata related to the digital file is received 108 and subsequently stored in a cache 110 that is in electronic communication with the storage device.
  • storage space is allocated in the local storage of the storage device 111. In some embodiments it is contemplated that if the exact required storage space cannot be allocated on the storage device, the store request can be rejected.
  • store response headers are precomputed for a store response 112.
  • the store response headers are HTTP headers (such as an ETag HTTP Header) and the store response is an HTTP message. It will be readily understood that precomputing the HTTP response headers prior to the storage of the digital file with the storage device permits the present method and system to expedite the subsequent storage of the digital file with the storage device and the provision of the store response to the uploading device, as the subsequent response can be sent to the storage device in an expeditious manner immediately once the digital file is stored on the storage device.
  • the digital file can be stored 114 with the storage device and the store response can be provided to the uploading device 16, as also can be seen in Figure 3.
  • the store response includes the store response headers and moreover that the store response can have a universally unique identifier (UUID) that has an entity tag and a secure hash digest (such as a SHA256 digest) of the content of the digital file.
  • UUID universally unique identifier
  • secure hash digest such as a SHA256 digest
  • the digital file can be retrieved from the storage device and securely downloaded to a suitable user device.
  • a method of securely retrieving and downloading a digital file is depicted.
  • the method starts 20 and the digital file is subsequently loaded 22.
  • metadata relating to the digital file can be obtained 24 from the cache of the storage device and provided to the user device.
  • the metadata can be obtained 24 by the user device over an authenticated connection between the user device and the storage device by way of a standard network socket. It is further contemplated that the authenticated connection provides direct memory access between the storage device and the user device.
  • the digital file can be downloaded 26 to the user device over an authenticated connection between the user device and the storage device by way of a standard network socket. It is further contemplated that the authenticated connection provides direct memory access between the storage device and the user device. In some embodiments, the authenticated connection is a HTTPS connection.
  • the digital file is loaded 22 in response to a load request that is sent from the user device to the storage device.
  • the load request is a HTTP GET request, as will be readily understood by the skilled person.
  • the load request includes an HTTP header that provides readable parameters for the load request (such as Etag).
  • the load request is associated with a dedicated central processing unit (CPU) of the storage device by way of a consistent hashing protocol, in order to properly distribute the load over the computing resources to the load request.
  • CPU central processing unit
  • the load request can optionally be authenticated 200 and authorized 202.
  • the parameters of the load request can be validated 204.
  • a load link between the uploading device and the storage device can be defined 206 in order to determine if the load link is a permanent load link or an ephemeral load link.
  • the store link is an ephemeral store link, it is contemplated in some embodiments that the ephemeral store link expires after a predetermined amount of time elapses or a predetermined number of clicks that can be defined by the sender.
  • an ephemeral store link can be associated with the permanent store link and moreover the number of ephemeral store links is only limited by the available computing resources of the storage device and the electronic communication network, as will be readily understood by the skilled person.
  • the digital file can be loaded 208 and downloaded to the user device, as also can be seen in Figure 5.
  • the operating system kernel is bypassed as the central processing unit of the storage device is not used to perform the task of copying the digital file from the storage device to the user device, in a zero copy manner, as will be readily understood by the skilled person.
  • a digital file can be securely and quickly uploaded to a storage device from an uploading device and subsequently securely and quickly transferred from the storage device to a user device. It is contemplated that a digital file can be uploaded from an uploading device in response to a store request, stored with the storage device and a store response provided to the uploading device, and subsequently the digital file can be downloaded to a user device in response to a load request.

Abstract

The present invention provides methods and systems for securely uploading and transferring a digital file from a storage device to a user device comprising the steps of uploading the digital file by way of a first cryptographic connection, allocating storage space on the storage device, storing the digital file by way of a store request, precomputing store response headers and providing a store response with the precomputed store response headers and having a universally unique identifier having an entity tag and a secure hash digest of the content of the digital file, loading the digital file for subsequent download, obtaining the metadata associated with the digital file from the cache by way of a second authenticated connection, the second authenticated connection providing direct memory access between the storage device and the user device, downloading the digital file from the storage device to the user device by way of the second authenticated connection.

Description

Method and System for Fast Secure File Transfer Service
Field
The present disclosure relates to information technology systems employed over an electronic communication network. More specifically, the present disclosure relates to methods and systems for securely serving and transferring digital files at high speeds with minimal hardware requirements.
Background
Countless of bytes of information are stored and transferred from one location to another on a constant basis in nearly every aspect of modem life, from personal data storage to e-commerce applications to on-demand streaming media services. As more and more industries are adapted to the digital economy, the need for increased digital storage and near instantaneous digital file service and transfer increases on an exponential scale.
As will be appreciated by the skilled person, when transferring a digital file from a storage location (such as but not limited to a remotely located, cloud-based database) to a user device, the digital file(s) being transferred may be vulnerable to corruption, loss or unauthorized copying. Moreover, users typically desire rapid file transfer in order to facilitate the pace that which many electronic interactions are performed at.
Known methods of digital file transfer are often rapid but insecure, or on the other hand, quite secure but slow. Moreover, many known technologies that enable secure and invulnerable file transfer are often unscalable to the exponential growth of stored data and the associated need to securely access and transfer this vast amount of data. Accordingly, there is need for a secure, rapid, scalable and invulnerable manner for serving and transferring digital files.
Brief Summary
It is contemplated that in at least one embodiment the present disclosure provides methods and systems for serving and transferring digital files in a secure, rapid, scalable and invulnerable manner.
In at least one embodiment, the present disclosure provides a method for securely uploading a digital file to a storage device and transferring a digital file from the storage device to a user device, the method including the steps of uploading the digital file to the storage device by way of a first cryptographic connection in electronic socket-based communication, storing the digital file in the storage device by way of an store request, storing the digital file including the steps of authenticating the store request, authorizing the store request, validating the parameters of the store request, defining a store link associated with the store request, the store link selected from the group consisting of: a persistent store link and an infinite number of ephemeral links, receiving metadata associated with the digital file, the metadata included in the store request, caching the metadata associated with the digital file, allocating storage space on the storage device, precomputing a store response headers for a store response, storing the digital file in the storage device prefixed by the store response headers, the store response having a universally unique identifier having an entity tag and a secure hash digest of the content of the digital file, the universally unique identifier providing access to the stored digital file, loading the digital file for subsequent download(s), loading the digital file including the steps of receiving load request, validating the parameters of the load request, and defining a load link associated with the load request, the load link selected from the group consisting of: a persistent load link and an infinite number (only limited by physical resources) of ephemeral load links associated to the persistent load link, obtaining the metadata associated with the digital file from the cache, the authenticated connection providing direct memory access between the storage device and the user device, downloading the digital file from the storage device to the user device by way of a secured an authenticated connection.
In at least one embodiment, the present disclosure provides a method for securely uploading a digital file to a storage device, including the steps of uploading the digital file to the storage device by way of a first cryptographic connection in electronic communication with a first TCP/IP network socket, storing the digital file in the storage device by way of a store request, storing the digital file including the steps of authenticating the store request, authorizing the store request, validating the parameters of the store request, defining a store link associated with the store request, the store link selected from the group consisting of: a persistent link and an infinite (i.e.: only limited by physical resources) number of ephemeral links associated to the persistent link, receiving metadata associated with the digital file, the metadata included in the store request, storing the metadata in a cache in electronic communication with the storage device, allocating storage space on the storage device, precomputing store response headers for a store response, storing the digital file in the storage device, providing the store response with the store response headers, the store response having a universally unique identifier having an entity tag and a secure hash digest of the content of the digital file, the universally unique identifier providing access to the stored digital file.
In at least one embodiment, the present disclosure provides a method for securely transferring a digital file from the storage device to a user device, the method including the steps of loading the digital file for subsequent download, loading the digital file including the steps of receiving a load request, validating the parameters of the load request, and defining a load link associated with the load request, the load link selected from the group consisting of: a persistent link and an infinite (i.e.: only limited by physical resources) number of ephemeral links associated to the persistent link, obtaining the metadata associated with the digital file from the cache by way of a secure and authenticated connection in electronic socket-based communication between the user device and the storage device, the authenticated connection providing direct memory access between the storage device and the user device, downloading the digital file from the storage device to the user device by way of an authenticated connection.
In at least one embodiment, the present disclosure provides a system for securely uploading and transferring a digital file, the system having a storage device having a processor, storage means and a communications subsystem adapted to electrically connect the storage device to an electronic communication network, a user device having a processor, user input means, local storage means, and a communication subsystem adapted to electrically connect the storage device to the electronic communication network, such that the storage device receives the digital file by way of a first cryptographic connection in electronic communication with a first network socket, the storage device stores the digital file in the storage means in response to a store request, storing the digital file including the steps of authenticating the store request, authorizing the store request, validating the parameters of the store request, defining a store link associated with the store request, the store link selected from the group consisting of: a persistent store link and an infinite (only limited by physical resources) number of ephemeral links associated to the persistent link, receiving metadata associated with the digital file, the metadata included in the store request, storing the metadata in a cache with the storage device, allocating storage space on the storage device, precomputing store response headers for a store response, storing the digital file in the storage means of the storage device, the storage device providing the store response with the store response headers, the store response having a universally unique identifier having an entity tag and a secure hash digest of the content of the digital file, the universally unique identifier providing access to the stored digital file, the storage device loading the digital file for subsequent downloads, loading including the steps of receiving an HTTP load request, validating the parameters of the load request, and defining a load link associated with the load request, the load link selected from the group consisting of: a persistent load link and an infinite (only limited by physical resources) number of ephemeral links associated to the persistent link, the user device obtaining the metadata associated with the digital file from the cache by way of an authenticated connection in electronic communication with a network socket, the authenticated connection providing direct memory access between the storage device and the user device, the user device obtaining downloading the digital file from the storage means of the storage device to the local storage means of the user device by way of a secure and authenticated connection.
Description of the Drawings
The present invention will be better understood in connection with the following Figures, in which:
FIGURE 1 is an illustration of a suitable system for use in accordance with at least one embodiment of the present disclosure;
FIGURE 2 is an illustration of a suitable user device for use in accordance with at least one embodiment of the present disclosure; FIGURE 3 is a diagram of a method for securely loading data to a storage device in accordance with at least one embodiment of the present disclosure;
FIGURE 4 is a diagram of a method for storing data based on a store request in accordance with at least one embodiment of the present disclosure;
FIGURE 5 is a diagram of a method for securely downloading data to a user device in accordance with at least one embodiment of the present disclosure;
FIGURE 6 is a diagram of a method for loading data for download based on a load request in accordance with at least one embodiment of the present disclosure; and
FIGURE 7 is a diagram of a method for securely loading data to a storage device and downloading the data to a user device in accordance with at least one embodiment of the present disclosure.
Detailed Description of the Embodiments
It is contemplated that the present disclosure provides methods and systems for serving and transferring digital files in a secure, rapid, scalable and invulnerable manner.
In the context of the present invention, a suitable “user device” and “uploading device” includes any suitable computing device such as but not limited to a mobile device, smart phone, a tablet, laptop, desktop terminal, server terminal, and application service. A suitable user device will have suitable local memory, input means and display means and will have an electronic communication module that enables electronic communication with other devices, either hard wired or wirelessly, over a suitable electronic communication network. In the context of the present invention, a suitable “storage device” includes any suitable data storage device such as but not limited to a remotely located server device and a user device as discussed herein. A suitable storage device will have suitable volatile and non-volatile memory (such as but not limited to SDD/HDD disk, Network Attached Storage (NAS) memory and RAMDISK memory), read/write means and will have an electronic communication module that enables electronic communication with other devices, either hard wired or wirelessly, over a suitable electronic communication network.
In the context of the present invention, a suitable “electronic communication network” includes any local area network (LAN) or wide area network (WAN) that enables electronic communication between suitably connected devices as required by the end-user application.
As will be appreciated by the skilled person, a suitable user device will be in electronic communication with suitable storage device as discussed herein. In some embodiments the user device has local data storage means and in other embodiments the user device additionally or alternatively will be in electronic communication with a remotely located storage device over an electronic communication network. As such, suitable data storage may be provided that can be located remotely (i.e. in the cloud and electronically accessed via typical wired or wireless communication protocols) or in a locally oriented server stored onsite (or in other words, on premises data storage) or in local storage on the user device and electronically accessed by way of standard wired or wireless communication protocols, as required by the end user application of the present disclosure.
It will further be appreciated by the skilled person that in some embodiments a suitable user device can be adapted and configured to run a suitable Application Programming Interface (API) that is suitable for sending and receiving encrypted electronic communications and managing, editing, storing, and accessing digital files in accordance with the present disclosure. In other embodiments, embodiments of the present disclosure can be accessed by a suitable user device through a web browser having access to a suitable electronic communication network, such as the Internet or a local area network.
In the context of the present invention, a suitable “digital file” can include any digital data in any format as required by the end user application of the present invention.
Turning to Figure 1, at least one embodiment of a system for use in connection with the present disclosure is illustrated. In this embodiment, a user device 2 and a storage device 4 are in electronic communication by way of an electronic communication network 6. In this embodiment user device 2 has visual display means and user interface means, as discussed herein. In this embodiment, storage device 6 is a remotely located server.
It is further contemplated that user device 2 and storage device 4 are in electronic communication with each other through an electronic communication network 6 that is a wireless communication network operated through remote servers, also known as a cloud-based network, although other arrangements such as hard-wired local networks are also contemplated as discussed herein.
Turning to Figure 2, at least one embodiment of user device 2 for use in connection with the present disclosure is illustrated. In this embodiment, user device 2 includes a processor 3, a communication subsystem 5 and local data storage 7, all of which are electronically connected by way of a bus 8. Communication subsystem 5 enables wireless electronic communication with electronic communication network 6, although other wired embodiments are also contemplated. Turning to Figures 3 and 7, at least one embodiment of a method of securely uploading a digital file to a storage device is depicted. In this embodiment, the method starts 10 and the digital file is subsequently uploaded 12 and stored 14 with the storage device. In at least one embodiment it is contemplated that the digital file is uploaded over a cryptographically secured connection between the uploading device and the storage device through a standard network socket (such as a TSL/SSL socket), although other arrangements are also contemplated. In at least one embodiment it is contemplated that the cryptographically secured connection is a Transport Layer Security (TLS)Secure Sockets Layer (SSL) protocol-enabled connection, as will be readily understood by the skilled person.
It is further contemplated that uploading the digital file 12 to the storage device further comprises the steps of encrypting the digital file using a key derivation function (such as but not limited to a scrypt function) and sending a password associated with the key derivation function from the uploading device to the storage device by way of a suitable electronic communication, including but not limited to a Short Message Service (SMS) message, an email, a facsimile or other suitably secure electronic communication as will be readily understood by the skilled person.
Once the digital file is successfully stored 14 with the storage device, a store response is provided 16 confirm that the digital file has been stored and providing further information that can be used to retrieve the stored digital file, as will be discussed in further detail herein.
Turning to Figure 4, it is contemplated that the digital file is stored 14 with the storage device by way of a store request. In some embodiments, it is contemplated that the store request is a HTTP POST request, as will be readily understood by the skilled person. In some embodiments, it is contemplated that the store request includes an HTTP header that provides readable parameters for the store request. In some embodiments, it is contemplated that the store request is associated with a dedicated central processing unit (CPU) of the storage device by way of a consistent hashing protocol, in order to evenly distribute load on computing resources to the storage request.
Next, it is contemplated that the storage request can subsequently be authenticated 100 and authorized 102. In some embodiments, the parameters of the store request can be validated 104. Next, a store link between the uploading device and the storage device can be defined 106 in order to determine if the store link is a permanent store link or an ephemeral store link. In the case where the store link is an ephemeral store link, it is contemplated in some embodiments that the ephemeral store link expires after a predetermined amount of time elapses or a predetermined number of clicks that can be defined by the sender. In the context of the present invention, it will be appreciated that an ephemeral store link can be associated with the permanent store link and moreover the number of ephemeral store links is only limited by the available computing resources of the storage device and the electronic communication network, as will be readily understood by the skilled person.
Next, it is contemplated that metadata related to the digital file is received 108 and subsequently stored in a cache 110 that is in electronic communication with the storage device. Next, storage space is allocated in the local storage of the storage device 111. In some embodiments it is contemplated that if the exact required storage space cannot be allocated on the storage device, the store request can be rejected.
Following this step, store response headers are precomputed for a store response 112. In some embodiments, it is contemplated that the store response headers are HTTP headers (such as an ETag HTTP Header) and the store response is an HTTP message. It will be readily understood that precomputing the HTTP response headers prior to the storage of the digital file with the storage device permits the present method and system to expedite the subsequent storage of the digital file with the storage device and the provision of the store response to the uploading device, as the subsequent response can be sent to the storage device in an expeditious manner immediately once the digital file is stored on the storage device.
Next, the digital file can be stored 114 with the storage device and the store response can be provided to the uploading device 16, as also can be seen in Figure 3.
It is further contemplated that the store response includes the store response headers and moreover that the store response can have a universally unique identifier (UUID) that has an entity tag and a secure hash digest (such as a SHA256 digest) of the content of the digital file. In this way, it is contemplated that the store response includes the necessary information for retrieving the stored digital file from the storage device.
Once the digital file is stored with the storage device, it is subsequently contemplated that the digital file can be retrieved from the storage device and securely downloaded to a suitable user device.
With reference to Figures 5 and 7, at least one embodiment of a method of securely retrieving and downloading a digital file is depicted. In this embodiment, the method starts 20 and the digital file is subsequently loaded 22. Once the digital file is loaded 22, metadata relating to the digital file can be obtained 24 from the cache of the storage device and provided to the user device. In some embodiments, it is contemplated that the metadata can be obtained 24 by the user device over an authenticated connection between the user device and the storage device by way of a standard network socket. It is further contemplated that the authenticated connection provides direct memory access between the storage device and the user device.
Next, it is contemplated that the digital file can be downloaded 26 to the user device over an authenticated connection between the user device and the storage device by way of a standard network socket. It is further contemplated that the authenticated connection provides direct memory access between the storage device and the user device. In some embodiments, the authenticated connection is a HTTPS connection.
Turning to Figure 6, it is contemplated that the digital file is loaded 22 in response to a load request that is sent from the user device to the storage device. In some embodiments, the load request is a HTTP GET request, as will be readily understood by the skilled person. In some embodiments, it is contemplated that the load request includes an HTTP header that provides readable parameters for the load request (such as Etag). In some embodiments, it is contemplated that the load request is associated with a dedicated central processing unit (CPU) of the storage device by way of a consistent hashing protocol, in order to properly distribute the load over the computing resources to the load request.
Next, the load request can optionally be authenticated 200 and authorized 202. In some embodiments, the parameters of the load request can be validated 204. Next, a load link between the uploading device and the storage device can be defined 206 in order to determine if the load link is a permanent load link or an ephemeral load link. In the case where the store link is an ephemeral store link, it is contemplated in some embodiments that the ephemeral store link expires after a predetermined amount of time elapses or a predetermined number of clicks that can be defined by the sender. In the context of the present invention, it will be appreciated that an ephemeral store link can be associated with the permanent store link and moreover the number of ephemeral store links is only limited by the available computing resources of the storage device and the electronic communication network, as will be readily understood by the skilled person.
Next, the digital file can be loaded 208 and downloaded to the user device, as also can be seen in Figure 5. In this way, the operating system kernel is bypassed as the central processing unit of the storage device is not used to perform the task of copying the digital file from the storage device to the user device, in a zero copy manner, as will be readily understood by the skilled person.
In this way, the present disclosure provides systems or methods wherein a digital file can be securely and quickly uploaded to a storage device from an uploading device and subsequently securely and quickly transferred from the storage device to a user device. It is contemplated that a digital file can be uploaded from an uploading device in response to a store request, stored with the storage device and a store response provided to the uploading device, and subsequently the digital file can be downloaded to a user device in response to a load request.
The embodiments described herein are intended to be illustrative of the present compositions and methods and are not intended to limit the scope of the present invention. Various modifications and changes consistent with the description as a whole and which are readily apparent to the person of skill in the art are intended to be included. The appended claims should not be limited by the specific embodiments set forth in the examples but should be given the broadest interpretation consistent with the description as a whole.

Claims

WHAT IS CLAIMED IS:
1. A method for securely uploading a digital file to a storage device and transferring a digital file from the storage device to a user device, the method comprising the steps of:
Uploading the digital file to the storage device by way of a first cryptographic connection in electronic communication with a first network socket;
Storing the digital file in the storage device by way of a store request, storing the digital file comprising the steps of:
Authenticating the store request;
Authorizing the store request;
Validating the parameters of the store request;
Defining a store link associated with the store request, the store link selected from the group consisting of: a persistent store link and an ephemeral store link;
Receiving metadata associated with the digital file, the metadata included in the store request;
Storing the metadata in a cache in electronic communication with the storage device,
Allocating storage space on the storage device;
Precomputing store response headers for a store response; Storing the digital file in the storage device,
Providing the store response with the store response headers, the store response having a universally unique identifier having an entity tag and a secure hash digest of the content of the digital file, the universally unique identifier providing access to the stored digital file;
Loading the digital file for subsequent download, loading the digital file comprising the steps of:
Receiving a load request;
Validating the parameters of the load request; and
Defining a load link associated with the load request, the load link selected from the group consisting of: a persistent load link and an ephemeral load link;
Obtaining the metadata associated with the digital file from the cache by way of a second authenticated connection in electronic communication with a second network socket, the second authenticated connection providing direct memory access between the storage device and the user device, and
Downloading the digital file from the storage device to the user device by way of the second authenticated connection.
2. The method of claim 1 wherein the step of uploading the digital file to the storage device further comprises the steps of:
Encrypting the digital file using a key derivation function; Sending a password associated with the key derivation function by way an electronic communication
3. The method of claim 1 or 2 wherein the step of loading the digital file for subsequent download further comprises the steps of:
If the load link is an ephemeral load link;
Authenticating the load request; and
Authorizing the load request;
4. The method of any claims 1 to 3 further comprising the step of:
Associating at least one of the store request and the load request to a dedicated computer processing unit by way of a consistent hashing protocol.
5. The method of any one of claims 1 to 4 wherein the first cryptographic connection is a TLS/SSL connection.
6. The method of any one of claims 1 to 5 wherein second authenticated connection is a HTTPS connection.
7. The method of any one of claims 1 to 6 wherein the store request is a HTTP POST request.
8. The method of any one of claims 1 to 7 wherein the store response headers are HTTP headers.
9. The method of any one of claims 1 to 8 wherein the load request is a HTTP GET request.
10. The method of any one of claims 1 to 9 wherein the secure hash digest is a SHA256 digest.
11. The method of any one of claims 1 to 10 wherein if the store link is an ephemeral store link, the ephemeral store link expiring after at least one of a predetermined period of time elapses and a predetermined number of clicks occurs.
12. The method of any one of claims 1 to 11 wherein if the load link is an ephemeral load link, the ephemeral load link expiring after at least one of a predetermined period of time elapses and a predetermined number of clicks occurs.
13. A method for securely uploading a digital file to a storage device, comprising the steps of:
Uploading the digital file to the storage device by way of a first cryptographic connection in electronic communication with a first network socket;
Storing the digital file in the storage device by way of a store request, storing the digital file comprising the steps of:
Authenticating the store request;
Authorizing the store request;
Validating the parameters of the store request;
Defining a store link associated with the store request, the store link selected from the group consisting of: a persistent link and an ephemeral link; Receiving metadata associated with the digital file, the metadata included in the store request;
Storing the metadata in a cache in electronic communication with the storage device,
Allocating storage space on the storage device;
Precomputing store response headers for a store response;
Storing the digital file in the storage device,
Providing the store response with the store response headers, the store response having a universally unique identifier having an entity tag and a secure hash digest of the content of the digital file, the universally unique identifier providing access to the stored digital file.
14. The method of claim 13 wherein the step of uploading the digital file to the storage device further comprises the steps of:
Encrypting the digital file using a key derivation function;
Sending a password associated with the key derivation function by way an electronic communication
15. The method of claim 13 and 14 further comprising the step of:
Associating the store request to a dedicated computer processing unit by way of a consistent hashing protocol.
16. The method of any one of claims 13 to 15 wherein the first cryptographic connection is a TLS/SSL connection.
17. The method of any one of claims 13 to 16 wherein the store request is a HTTP POST request.
18. The method of any one of claims 13 to 17 wherein the store response headers are HTTP headers.
19. The method of any one of claims 13 to 18 wherein the secure hash digest is a SHA256 digest.
20. The method of any one of claims 13 to 19 wherein if the store link is an ephemeral store link, the ephemeral store link expiring after at least one of a predetermined period of time elapses and a predetermined number of clicks occurs.
21. A method for securely transferring a digital file from the storage device to a user device, the method comprising the steps of:
Loading the digital file for subsequent download, loading the digital file comprising the steps of:
Receiving a load request;
Validating the parameters of the load request; and
Defining a load link associated with the load request, the load link selected from the group consisting of: a persistent link and an ephemeral link; Obtaining the metadata associated with the digital file from the cache by way of a second authenticated connection in electronic communication with a second network socket, the second authenticated connection providing direct memory access between the storage device and the user device, and
Downloading the digital file from the storage device to the user device by way of the second authenticated connection.
22. The method of claim 21 wherein the step of loading the digital file for subsequent download further comprises the steps of:
If the load link is an ephemeral load link;
Authenticating the load request;
Authorizing the load request;
23. The method of claims 21 or claim 22 further comprising the step of:
Associating the load request to a dedicated computer processing unit by way of a consistent hashing protocol.
24. The method of any one of claims 21 to 23 wherein the load request is a HTTP GET Request
25. The method of any one of claims 21 to 24 wherein second authenticated connection is a
HTTPS connection.
26. The method of any one of claims 21 to 25 wherein if the load link is an ephemeral load link, the ephemeral load link expiring after at least one of a predetermined period of time elapses and a predetermined number of clicks occurs.
27. A system for securely uploading and transferring a digital file, the system comprising: a storage device having a processor, storage means and a communications subsystem adapted to electrically connect the storage device to an electronic communication network;
A user device having a processor, user input means, local storage means, and a communication subsystem adapted to electrically connect the storage device to the electronic communication network;
Wherein the storage device receives the digital file by way of a first cryptographic connection in electronic communication with a first network socket, the storage device stores the digital file in the storage means in response to a store request, storing the digital file comprising the steps of:
Authenticating the store request;
Authorizing the store request;
Validating the parameters of the store request;
Defining a store link associated with the store request, the store link selected from the group consisting of: a persistent store link and an ephemeral store link; Receiving metadata associated with the digital file, the metadata included in the store request;
Storing the metadata in a cache in electronic communication with the storage device;
Allocating storage space on the storage device;
Precomputing store response headers for a store response;
Storing the digital file in the storage means of the storage device; the storage device providing the store response with the store response headers, the store response having a universally unique identifier having an entity tag and a secure hash digest of the content of the digital file, the universally unique identifier providing access to the stored digital file; the storage device loading the digital file for subsequent download, loading comprising the steps of:
Receiving a load request;
Validating the parameters of the load request; and
Defining a load link associated with the load request, the load link selected from the group consisting of: a persistent load link and an ephemeral load link; the user device obtaining the metadata associated with the digital file from the cache by way of a second authenticated connection in electronic communication with a second network socket, the second authenticated connection providing direct memory access between the storage device and the user device, and the user device obtaining downloading the digital file from the storage means of the storage device to the local storage means of the user device by way of the second authenticated connection.
PCT/CA2019/051654 2019-11-20 2019-11-20 Method and system for fast secure file transfer service WO2021097550A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CA2019/051654 WO2021097550A1 (en) 2019-11-20 2019-11-20 Method and system for fast secure file transfer service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2019/051654 WO2021097550A1 (en) 2019-11-20 2019-11-20 Method and system for fast secure file transfer service

Publications (1)

Publication Number Publication Date
WO2021097550A1 true WO2021097550A1 (en) 2021-05-27

Family

ID=75980232

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2019/051654 WO2021097550A1 (en) 2019-11-20 2019-11-20 Method and system for fast secure file transfer service

Country Status (1)

Country Link
WO (1) WO2021097550A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140181041A1 (en) * 2012-12-21 2014-06-26 Zetta, Inc. Distributed data store
US20140181021A1 (en) * 2012-12-21 2014-06-26 Zetta, Inc. Back up using locally distributed change detection
WO2019103913A1 (en) * 2017-11-22 2019-05-31 Arterys Inc. Systems and methods for longitudinally tracking fully de-identified medical studies

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140181041A1 (en) * 2012-12-21 2014-06-26 Zetta, Inc. Distributed data store
US20140181021A1 (en) * 2012-12-21 2014-06-26 Zetta, Inc. Back up using locally distributed change detection
WO2019103913A1 (en) * 2017-11-22 2019-05-31 Arterys Inc. Systems and methods for longitudinally tracking fully de-identified medical studies

Similar Documents

Publication Publication Date Title
US10979489B2 (en) Systems and methods for aggregation of cloud storage
US11960486B2 (en) Systems and methods for secure file management via an aggregation of cloud storage services
US10735184B2 (en) Secure storage of hashes within a distributed ledger
US11818211B2 (en) Aggregation and management among a plurality of storage providers
US10264072B2 (en) Systems and methods for processing-based file distribution in an aggregation of cloud storage services
US10404798B2 (en) Systems and methods for third-party policy-based file distribution in an aggregation of cloud storage services
EP3078179B1 (en) Data transfer optimizations
US10375166B2 (en) Caching device and method thereof for integration with a cloud storage system
CN105612716B (en) System and method for providing access to data
US11388218B2 (en) Cloud file transfers using cloud file descriptors
US20160065677A1 (en) System and method for a reliable content exchange of a ccn pipeline stream
JP6957407B2 (en) Secure transfer of files inside network-based storage
WO2017200881A1 (en) Systems and methods for aggregation of cloud storage
CN116941215A (en) High availability cryptographic key
WO2019134248A1 (en) Video file processing method, application server, and computer readable storage medium
CN108259609B (en) Family cloud data management method and cloud server
CN110677429A (en) File storage method and system, cloud device and terminal device
WO2021097550A1 (en) Method and system for fast secure file transfer service
US20210096753A1 (en) Cloud secured storage system
WO2019033751A1 (en) Method and system for performing security processing on data file
US9882956B1 (en) Network-backed mass storage device
CN114363397A (en) Session processing method, device, electronic equipment and storage medium
CN117749424A (en) Transmission method, system, electronic device and medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19953329

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19953329

Country of ref document: EP

Kind code of ref document: A1