WO2010076831A1 - Remote safe storing of digital documents with guarantee of privacy - Google Patents
Remote safe storing of digital documents with guarantee of privacy Download PDFInfo
- Publication number
- WO2010076831A1 WO2010076831A1 PCT/IT2008/000820 IT2008000820W WO2010076831A1 WO 2010076831 A1 WO2010076831 A1 WO 2010076831A1 IT 2008000820 W IT2008000820 W IT 2008000820W WO 2010076831 A1 WO2010076831 A1 WO 2010076831A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- document
- server
- local computer
- connection
- remote
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2143—Clearing memory, e.g. to prevent the data from being stolen
Definitions
- the present invention lies in the field of storage and protection of digital documents, with particular reference to remote management solutions.
- data backup techniques i.e., activities aimed at duplicating on different memory media information that is present on the hard disk, so as to allow its recovery in case of malfunctions or tampering
- traditional backup devices such as external hard disks, CDs, DVDs, USB pen drives
- online backup services which allow to store one's data on suitable remote servers via an Internet connection, are becoming increasingly popular.
- the advantages of online backup services are several: first of all, the data are physically in different locations with respect to the originals; moreover, they allow to access one's own data, with confidential credentials, from any station connected to the Internet, and facilitate the sharing of information among a plurality of users.
- deletion is not sufficient: all the files that are present on any storage medium, even when they are deleted by using the "traditional" controls made available by the operating system, continue to leave traces on the disk: the deleted items are simply flagged as no longer present, and the occupied space is made available again, but until such files are overwritten, they can be restored by using suitable data recovery programs.
- the aim of the present invention is to provide a system and a method for secure storing of documents that minimize the risks of third-party accessibility to private or confidential documents and at the same time allow immediate access to the owner of the documents or to authorized third parties.
- an object of the present invention is to provide a new storage technique that is simple to apply and provide and can be integrated easily with existing hardware and software devices.
- a system for storing documents which comprises means for selecting the document to be stored from a local computer, means for encrypting the document, means for connection between the local computer and a remote server and for saving
- the means for connection between the local computer and the remote server comprise an Internet connection and preferably a connection via a secure communication channel, such as FTPS or HTTPS.
- the means for deleting the document from the local computer comprise means for irreversible deletion of the document that are adapted to make it impossible to recover said document after its deletion by means of known methods.
- a method for remote management of digital documents comprises the steps that consist in: selecting a document to be transferred from a local computer to a server; encrypting said document; establishing a connection between said local computer and said server and transmitting the document to the remote computer; deleting said document from said local computer.
- Figure 1 is a block diagram related to the architecture of the system according to the present invention.
- Figure 2 is a block diagram that illustrates in greater detail an aspect of the architecture of the system according to the present invention
- Figure 3 is a block diagram that illustrates in greater detail another aspect of the architecture of the system according to the present invention.
- Figure 4 is a flowchart that illustrates an embodiment of the method for storing a document according to the present invention
- Figure 5 is a flowchart that illustrates an alternative embodiment of the method for storing a document according to the present invention
- Figure 6 is a flowchart that illustrates an embodiment of the method for sending an e-mail message according to the present invention
- Figure 7 is a flowchart that illustrates an embodiment of the method for sending an e-mail message with an attachment according to the present invention.
- Figure 1 illustrates an architecture of the client-server type, which comprises a plurality of client computers 10, 1 1 , 12, 13 and 14, which are connected via respective communication channels 4 to a computer network
- client computer is understood to reference any electronic computer provided with a CPU, memory means and a display, such as electronic computers of the fixed type, electronic computers of the portable type, PDAs, hand-held devices and smartphones.
- the network 5 in turn is connected by means of a communication channel 4' to a global server 50.
- the computer network 5 and the communication channels 4 and 4' are provided in such a manner as to establish a secure connection between the client computers 10-14 and the global server 50.
- the network 5 can be the
- Internet and the communication channels 4 and 4' can be provided by means of a secure connection, for example a connection that uses HTTPS or FTPS transmission protocols or in any case encrypted protocols, even proprietary ones.
- the network can also be a Virtual Private Network or an equivalent network.
- the clients 10- 14 represent any portable and non-portable electronic device that is adapted to establish a remote connection, either directly or by means of conventional gateways, to the global server 50, including fixed and portable personal computers, hand-held devices and smartphones.
- each one of the clients 10, 1 1 , 12, 13 and 14 in Figure 1 represents a possible configuration of a user device on the client side according to the present invention, illustrated merely by way of example.
- the client 10 comprises a storage device 20 according to the present invention and memory means 40, such as volatile memory and mass storage means, for example a hard disk, memory cards or USB pen drives.
- the client 1 1 in addition to the storage device 20 and the memory means 40, also comprises an e-mail client or a secure e-mail management device 30 according to the present invention.
- Such secure e-mail management device 30 can be installed or be present in a client computer 10-14 as an alternative to, or in addition to, one of the known e-mail management programs 31 , such as for example Microsoft OutlookTM or Mozilla ThunderbirdTM.
- the client computer 12 comprises only the secure e-mail management device 30, the client computer 13 comprises the storage device 20, the secure e-mail management device 30 according to the invention and a conventional e-mail program 31 , while the client computer 14 comprises only a conventional e-mail program 31.
- the global server 50 comprises a remote document storage system 51 according to the present invention and a remote e-mail storage system 52 according to the present invention.
- the global server 50 further comprises, or has access to, means for storing documents 60 and means for storing e-mail 61 , within which separate storage areas 70 and 71 for each user are shown.
- the e-mail storage means can further comprise a lookup table 72 or the like.
- the table 72 can contain an association between the public e-mail addresses of users and other information, such as their private addresses and their encryption keys, as will become better apparent hereafter.
- Figure 2 is a view, in greater detail, of the architecture of the system according to the invention, which comprises the storage device 20 and the remote document storage system 51 of Figure 1.
- the storage device 20 can comprise a selection module 21 , an encryption module 22, a connection module 23 and a deletion module 24.
- the storage device 20 can also comprise a splitter module 25.
- the encryption module 22 comprises means for encrypting a document, which can implement any one of the known encryption algorithms.
- the encryption module 22 uses a private-key symmetric encryption algorithm, such as DES (Data Encryption Standard) or AES (Advanced Encryption Standard), as known in the background art, but can also use any encryption algorithm of an asymmetric type.
- DES Data Encryption Standard
- AES Advanced Encryption Standard
- the encryption module 22 can also use encryption algorithms of the asymmetric type and require the entry of a password or of an alphanumeric key.
- the encryption module 22 can perform sequentially multiple encryption algorithms, including repetitions of a same algorithm at successive times. Each one of these algorithms can require its own encryption key that is different from the key related to the other algorithms used in the sequence. The case is also considered in which the encryption key for an algorithm in the encryption sequence is in turn encrypted by means of another algorithm.
- the deletion module 24 can comprise means for the irreversible deletion of documents, so as to not allow recovery of deleted documents by using conventional programs for recovering deleted files.
- the means for secure deletion can implement so-called wiping algorithms, i.e., algorithms which, by overwriting data in one or more passes, make it impossible to retrieve the deleted information.
- the deletion means use the "pseudorandom" algorithm with 7 overwriting passes or the US DoD 5220.22. M algorithm with 7 overwriting passes.
- the storage device 20 is preferably a software program, which can be delivered on a client computer 10, 1 1 or 13 in a plurality of ways. For example, it can be stored on a mass storage medium and installed, or it can be downloaded from an Internet site. The program can be downloaded onto a number of computers or a number of times onto the same computer. The program may also not reside permanently on the client computer but might be downloaded at each connection or be embedded in a web page.
- the remote storage system 51 can comprise a connection module 53, an authentication module 54 and a transfer module 55.
- connection module 53 can comprise means of a known type for the interfacing with the connection module 23 of a client computer 10-14, in order to establish and maintain a secure connection between the client and the server.
- connection module 53 comprises means for providing an FTPS or HTTPS connection, or in any case a connection of the encrypted type, even a proprietary one.
- the authentication module 54 can comprise means for user access to their own private storage area 70, preferably, the authentication module 54 implements one of the known authentication protocols, for example of the type with entry of a personal password and user name.
- the transfer module 55 can comprise means for uploading and downloading files from a client computer 10-14 to the user's personal area.
- Figure 3 illustrates in greater detail the architecture of the secure e- mail management device 30 according to the invention and the remote e- mail storage system 52 of Figure 1.
- the secure e-mail management device 30 can comprise an encryption module 22', a connection module 23 and a deletion module 24'.
- the secure e-mail management device 30 is preferably a software program, which comprises means for providing the traditional functions of an e-mail program, such as the creation of messages, searching and sorting within messages, and so forth.
- the encryption module 22' comprises means for encrypting a message, which implement one of the known encryption algorithms, preferably a public-key asymmetric encryption algorithm, such as for example RSA, OpenPGP or S-MIME.
- a public-key asymmetric encryption algorithm such as for example RSA, OpenPGP or S-MIME.
- communication occurs exclusively with the remote e-mail storage system 52, so that the only public key that has to be stored by the e-mail client 30 is the key of the remote e-mail storage system 52; the remote e-mail storage system 52 will handle the encryption of the messages with the public keys of the actual recipients of an e-mail message.
- the deletion module 24 * comprises means that are similar to those of the deletion module 24, extended so that when the secure e-mail management device 30 closes, or on command of the user even while the program is open, all sent or received messages and/or the associated attachments are deleted, preferably in a secure manner as understood above.
- the remote e-mail storage system 52 can comprise a connection module 53, an authentication module 54, a transfer module 55, an encryption module 56 and a routing module 57.
- connection module 53 can comprise known means for interfacing with the connection module 23 of the client computer 10-14 in order to establish and maintain a secure connection between the client and the server, and comprises for example means for providing a connection with FTPS or HTTPS protocol.
- the authentication module 54 can comprise means for user access to their own private storage area 70; preferably, the authentication module 54 implements one of the known authentication protocols, for example of the type with entry of personal username and password.
- the transfer module 55 can comprise means for sending and receiving e-mail messages from a client computer 10-14 to the global server 50.
- the encryption module 56 can comprise means for decrypting the encrypted messages received by the server 50 by using the public key of a client computer 10- 14 as supplied to the server 50, means for finding in the lookup table 72 the public key of the client/recipient 10- 14, and means for encrypting the message with such public key.
- the routing module 57 can comprise means for identifying in the message the public address of the recipient, means for finding in the lookup table 72 the private address of the recipient, means for storing the message in the confidential area 71 or for sending the message to the client.
- step 100 the selection module 21 of the storage device 20 of a client computer 10, 1 1 or 13 selects from the memory means 40 a digital document to be stored, this expression being used to reference any file, including compressed files and folders, or a plurality of files or folders.
- step 1 10 the encryption module 22 encrypts the digital document selected in the preceding step by means of the selected encryption algorithm, by using a key of the alphanumeric type that is entered by the user or a private key of the user made available on the client.
- the encryption module performs encryption by using the key defined at the current algorithm or current step.
- connection module 23 establishes a secure connection 4, 4' with the remote document storage system 51 , by using for example an FTPS connection or an HTTPS connection.
- step 130 the connection module 23 sends the document selected previously in step 100 and encrypted in step 1 10 over the secure connection established in step 120.
- step 140 the deletion module 24 deletes securely the document from the memory means 40 by means of the selected wiping technique.
- step 200 begins in a manner similar to what has been described with reference to Figure 4, in which the document to be stored is selected.
- the splitter module 25 splits the document into a plurality of packets.
- step 220 the method considers the i-th packet, then in steps 230,
- the packet is encrypted, a connection to the server is established and the packet is sent to the server in a manner similar to what has been described in the corresponding steps of Figure 4.
- step 220 in which it is established whether another packet to be sent exists: if there is, steps 230, 240 and 250 are repeated until the packets are finished; otherwise, after all the packets have been sent, the method performs a step 260 for irreversible deletion that is similar to the one described in Figure 4. As an alternative, deletion can be performed progressively as one packet has been sent successfully.
- This embodiment has the advantage of minimizing the consecutive time period in which the connection to the server remains open and accordingly the risks of intrusion into the local computer. Moreover, it offers an additional protection to the stored document, since even in case of intrusion into the server the document, by being archived in packets, is unusable.
- step 300 the e-mail management system 30 or 31 creates the message to be sent.
- step 310 the e-mail management system encrypts the message by adopting a public-key encryption algorithm and by using the public key of the server 50 for encryption.
- step 315 it is established whether the e-mail management system from which the message is being sent is a system according to the invention
- step 320 in the first case, in step 320 the message is transferred to the server 50 via the channel 4, 4' and the secure connection described earlier; in the second case, in step 330 the message is sent as a normal e-mail message and received by the server 50, using communication channels and security measures used conventionally in the transmission of e-mail.
- step 340 the e-mail management system 52 of the server 50 decrypts the message by using the private key of the server, then in step 350 it performs a search in the lookup table 72 to find the public key of the recipient.
- step 360 the e-mail management system 52 encrypts the message by using such public key.
- step 370 the e-mail management system 52 performs a search in the lookup table 72 to find the e-mail address of the recipient.
- step 380 on the basis of the found address, the e-mail management system 52 establishes whether the recipient is of the internal type, i.e., has available a reserved area on the server 50, or of the external type. In the first case, in step 390 the system saves the message in the reserved area of the recipient, otherwise in step 400 the system sends the message by e-mail to the recipient.
- step 300 the e-mail management system 30 or 31 creates the message to be sent.
- step 305 the e-mail management system selects the document to be attached to the message.
- step 310 the e-mail management system encrypts the message by using a public-key encryption algorithm and by using the public key of the server 50 for encryption.
- step 312 the e-mail management system encrypts the attached document by using a public-key encryption algorithm and by using the public key of the server 50 for encryption.
- step 315 it is established whether the system from which the message is being sent is an e-mail management system according to the invention 30 or a known type of e-mail management system 31 : in the first case, in step 320 the message is transferred to the server 50 via the channel 4, 4' and the secure connection described earlier; in the second case, in step 330 the message is sent as a normal e-mail message and received by the server 50.
- step 340 the e-mail management system 52 decrypts the message by using the private key of the server, and in step 345 the e-mail management system 52 decrypts the attached document by using the private key of the server.
- step 350 the e-mail management system 52 performs a search in the lookup table 72 to find the public key of the recipient and in step 360 it encrypts the message by using such public key.
- step 370 the system 52 performs a search in the lookup table 72 to find the e-mail address of the recipient.
- step 380 on the basis of the found address, the e-mail management system 52 establishes whether the recipient is of the internal type, i.e., has available a reserved area on said server, or of the external type, i.e., does not have an area of his own on said server.
- the system 52 can store the attachment in the private area 70 of the recipient, insert in the e-mail message a link to the saved attachment (step 387) and save the message in the reserved area 71 of the recipient (step 390).
- the system 52 sends, in step 400, both the message and the attachment by e-mail to the recipient.
- the e-mail message and/or the corresponding attachment are stored in the reserved e-mail area 71 to be then copied or transferred, when requested by the authorized user, to the private area 70 of said user.
- the messages sent by one user to another user are encrypted by using symmetric or asymmetric encryption algorithms, which are run by using personal keys that are known to the sender and the recipient and thus can also be unknown to the server 50.
- the server 50 does not perform the steps described above with reference to the decryption of the message of the sender with its own key and to the new encryption of the message with the key of the recipient, but merely stores the message and/or its attachment in the reserved e-mail area 71 or, if present, also or alternately in the private area 70 of the recipient.
- the recipient upon connection, works in the manners already described above to access and retrieve the information of interest to him.
- the invention further comprises means for performing the download of stored files.
- the document storage device 20 can connect to the server 50 by means of the network 5 and a secure connection 4, 4'.
- the user is required to enter suitable credentials and, after recognition by the server, the user can thus access his own reserved area 70.
- the user can now view all the stored documents and select the ones of interest.
- the selected documents are downloaded onto the client computer 10, 1 1 or 13, where the document storage device 20 decrypts the file by means of the encryption module 22 and makes it available to the user.
- each packet is downloaded and decrypted and then the splitter module 25 reassembles the original document according to the packets.
- the system can comprise means for viewing received e-mail messages.
- the e-mail management system 30 connects to the server 50 via the network 5 and the secure connection 4, 4'.
- the user enters suitable credentials, accesses his own reserved area
- the e-mail management system 30 decrypts the messages by means of the encryption module 22' and makes them available to the user.
- the messages contain a link that activates the document storage device 20 and the attachment is downloaded from the reserved area 70 of the user in the manner described above.
- the system according to the invention can be provided in a manner that is transparent for the user, activating it automatically on a given network volume or peripheral storage unit, for example by activating a so-called "service" in the operating system.
- a service in the operating system.
- dragging or copying a digital document, always understood as being one or more files, within the volume that has been mapped for secure use would activate automatically the secure remote storage procedure described above.
- a user might define a volume, for example
- the present invention achieves the intended aim and objects.
- the system and the method thus conceived allow to overcome the qualitative limitations of the background art thanks to the fact that they allow secure storage of documents and simultaneously their irreversible deletion from a local computer, so as to make it impossible to access confidential documents in case of intrusion or theft of the computers or hand-held devices or smartphones of the user.
- the documents to be stored might be compressed without losing information before sending to the server, so as to minimize the amount of band that is used.
- a client module that applies the method described above not only to a single file but also to multiple files or folders simultaneously.
- the system can be extended easily to a multi-user version, in which the stored documents are shared among a plurality of users.
- inventive concept on which the present invention is based is independent of the actual implementation of the software modules, which can be provided in any language and on any hardware platform, as well as firmware that can be applied to modern electronic devices.
- the secure e-mail management device 30 can also be provided as an e-mail module to access e-mail via the Web, in an execution mode known as "Webmail".
- Webmail an execution mode
- access to a dedicated web page would allow or begin the download of a plug-in for the navigation program used by the user, which, even transparently for the user, would then allow the management of his messages like traditional Webmail, with the advantages described above that derive from the use of the management modes according to the invention.
- the encryption modes used by the server 50 can also comprise multiple steps or encryption algorithms that are performed in sequence, each option possibly requiring its own key.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A document storage system comprising means (21) for selecting at least one document to be stored from a local computer (10-14), means (22) for encrypting said document, means (23) for connection between said local computer (10-14) and a remote server (50), means (24) for automatic deletion of said document from said local computer (10-14).
Description
REMOTE SAFE STORING OF DIGITAL DOCUMENTS WITH GUARANTEE OF PRIVACY Technical field
The present invention lies in the field of storage and protection of digital documents, with particular reference to remote management solutions.
Effective management of digital documents is a strategic imperative for private individuals and organizations dealing with increasing volumes of personal or confidential information that requires protection throughout its life cycle.
Confidential data, as well as the skills and intellectual capital of companies, are constantly exposed to risks, such as unauthorized accesses or thefts. Not infrequently, indeed, computer criminals attempt to carry out disruptive attacks against users connected to the Internet or fraudulently access said computers to steal confidential documents or industrial secrets.
Likewise, unfaithful collaborators or ill-intentioned individuals who steal the computers themselves expose companies and individuals to similar risks.
Background art Currently there are document management technologies that allow to protect confidential information at least partially and control its use, by means of a permanent protection of the data. These technologies attempt to prevent confidential data, such as financial reports, product specifications, customer information or confidential e-mails, from accidentally or intentionally falling into the wrong hands. For example, it is possible to limit access to internal documents to specific employees, by preventing other unauthorized users from viewing them, printing them, forwarding them outside the company, or copying their content.
These technologies, despite being important, are however limited, since they do not protect against the risks that are inherent in local storage
of data, such as accidental deletion, data corruption, exposure to viruses, and hardware faults. According to statistics, every year over 40% of computer users lose files irreversibly.
In order to obviate these drawbacks, data backup techniques, i.e., activities aimed at duplicating on different memory media information that is present on the hard disk, so as to allow its recovery in case of malfunctions or tampering, have also been developed. Currently, traditional backup devices, such as external hard disks, CDs, DVDs, USB pen drives, are no longer capable of meeting the requirements of users. At the same time, online backup services, which allow to store one's data on suitable remote servers via an Internet connection, are becoming increasingly popular.
The advantages of online backup services are several: first of all, the data are physically in different locations with respect to the originals; moreover, they allow to access one's own data, with confidential credentials, from any station connected to the Internet, and facilitate the sharing of information among a plurality of users.
However, current online backup systems are not devoid of drawbacks. In particular, what happens to the local copies of documents once they have been stored online is not taken into consideration, leaving the files in their original locations open to the same risks of theft or unwanted access described above. In many situations, to avoid increasing risks linked to the duplication of confidential documents and to minimize vulnerability to intrusions, it is preferable to delete the local copies of documents. With known systems, however, the user has to take care autonomously to perform this operation, exposing himself to additional risks implicit in human action. On the one hand, he might in fact delete documents that have not yet been stored remotely; on the other hand, he might forget to delete transmitted documents. Moreover, in many cases deletion is not sufficient: all the files that
are present on any storage medium, even when they are deleted by using the "traditional" controls made available by the operating system, continue to leave traces on the disk: the deleted items are simply flagged as no longer present, and the occupied space is made available again, but until such files are overwritten, they can be restored by using suitable data recovery programs.
Similar problems are observed in the use of documents via e-mail. In particular, there is an increasing need to ensure that documents in transit via e-mail, as well as e-mail messages themselves, are exchanged and kept available without however running the risk of interception or unauthorized access by third parties.
Therefore, the provision of a remote storage service that exceeds the limitations of the background art noted above and solves the problem of the vulnerability of IT systems is a strongly felt need in the art. Disclosure of the invention
The aim of the present invention is to provide a system and a method for secure storing of documents that minimize the risks of third-party accessibility to private or confidential documents and at the same time allow immediate access to the owner of the documents or to authorized third parties.
Within this aim, an object of the present invention is to provide a new storage technique that is simple to apply and provide and can be integrated easily with existing hardware and software devices.
This aim, this object and others that will become better apparent from the description of the present invention are achieved by a system for storing documents, which comprises means for selecting the document to be stored from a local computer, means for encrypting the document, means for connection between the local computer and a remote server and for saving
• the document on the remote server, means for deleting the document from the local computer.
Conveniently, the means for connection between the local computer and the remote server comprise an Internet connection and preferably a connection via a secure communication channel, such as FTPS or HTTPS.
Preferably, the means for deleting the document from the local computer comprise means for irreversible deletion of the document that are adapted to make it impossible to recover said document after its deletion by means of known methods.
The intended aim and object are also achieved by a method for remote management of digital documents that comprises the steps that consist in: selecting a document to be transferred from a local computer to a server; encrypting said document; establishing a connection between said local computer and said server and transmitting the document to the remote computer; deleting said document from said local computer. Brief description of drawings Further characteristics and advantages of the invention will become better apparent from the description of a preferred but not exclusive embodiment of the system and method for storing documents, illustrated by way of non-limiting example in the accompanying drawings, wherein:
Figure 1 is a block diagram related to the architecture of the system according to the present invention;
Figure 2 is a block diagram that illustrates in greater detail an aspect of the architecture of the system according to the present invention;
Figure 3 is a block diagram that illustrates in greater detail another aspect of the architecture of the system according to the present invention; Figure 4 is a flowchart that illustrates an embodiment of the method for storing a document according to the present invention;
Figure 5 is a flowchart that illustrates an alternative embodiment of the method for storing a document according to the present invention;
Figure 6 is a flowchart that illustrates an embodiment of the method for sending an e-mail message according to the present invention;
Figure 7 is a flowchart that illustrates an embodiment of the method for sending an e-mail message with an attachment according to the present invention.
Ways of carrying out the invention Figure 1 illustrates an architecture of the client-server type, which comprises a plurality of client computers 10, 1 1 , 12, 13 and 14, which are connected via respective communication channels 4 to a computer network
5.
The expression "client computer" is understood to reference any electronic computer provided with a CPU, memory means and a display, such as electronic computers of the fixed type, electronic computers of the portable type, PDAs, hand-held devices and smartphones.
The network 5 in turn is connected by means of a communication channel 4' to a global server 50. The computer network 5 and the communication channels 4 and 4' are provided in such a manner as to establish a secure connection between the client computers 10-14 and the global server 50. In a preferred embodiment, the network 5 can be the
Internet and the communication channels 4 and 4' can be provided by means of a secure connection, for example a connection that uses HTTPS or FTPS transmission protocols or in any case encrypted protocols, even proprietary ones. The network can also be a Virtual Private Network or an equivalent network.
The clients 10- 14 represent any portable and non-portable electronic device that is adapted to establish a remote connection, either directly or by means of conventional gateways, to the global server 50, including fixed and portable personal computers, hand-held devices and smartphones.
Each one of the clients 10, 1 1 , 12, 13 and 14 in Figure 1 represents a possible configuration of a user device on the client side according to the present invention, illustrated merely by way of example. In Figure 1 , the client 10 comprises a storage device 20 according to
the present invention and memory means 40, such as volatile memory and mass storage means, for example a hard disk, memory cards or USB pen drives.
The client 1 1 , in addition to the storage device 20 and the memory means 40, also comprises an e-mail client or a secure e-mail management device 30 according to the present invention.
Such secure e-mail management device 30 can be installed or be present in a client computer 10-14 as an alternative to, or in addition to, one of the known e-mail management programs 31 , such as for example Microsoft Outlook™ or Mozilla Thunderbird™.
In particular, the client computer 12, as shown in the figure, comprises only the secure e-mail management device 30, the client computer 13 comprises the storage device 20, the secure e-mail management device 30 according to the invention and a conventional e-mail program 31 , while the client computer 14 comprises only a conventional e-mail program 31.
The person skilled in the art will easily understand that the storage devices 20, the secure e-mail management devices 30 and the conventional e-mail programs 31 can be combined at will in all possible configurations according to the requirements.
The global server 50 comprises a remote document storage system 51 according to the present invention and a remote e-mail storage system 52 according to the present invention.
The global server 50 further comprises, or has access to, means for storing documents 60 and means for storing e-mail 61 , within which separate storage areas 70 and 71 for each user are shown.
The e-mail storage means can further comprise a lookup table 72 or the like. In particular, the table 72 can contain an association between the public e-mail addresses of users and other information, such as their private addresses and their encryption keys, as will become better apparent
hereafter.
Figure 2 is a view, in greater detail, of the architecture of the system according to the invention, which comprises the storage device 20 and the remote document storage system 51 of Figure 1. The storage device 20 can comprise a selection module 21 , an encryption module 22, a connection module 23 and a deletion module 24. Optionally, the storage device 20 can also comprise a splitter module 25.
The encryption module 22 comprises means for encrypting a document, which can implement any one of the known encryption algorithms. Preferably, the encryption module 22 uses a private-key symmetric encryption algorithm, such as DES (Data Encryption Standard) or AES (Advanced Encryption Standard), as known in the background art, but can also use any encryption algorithm of an asymmetric type.
The person skilled in the art easily understands that the encryption module 22 can also use encryption algorithms of the asymmetric type and require the entry of a password or of an alphanumeric key.
Moreover, in one embodiment, the encryption module 22 can perform sequentially multiple encryption algorithms, including repetitions of a same algorithm at successive times. Each one of these algorithms can require its own encryption key that is different from the key related to the other algorithms used in the sequence. The case is also considered in which the encryption key for an algorithm in the encryption sequence is in turn encrypted by means of another algorithm.
The deletion module 24 can comprise means for the irreversible deletion of documents, so as to not allow recovery of deleted documents by using conventional programs for recovering deleted files. For this purpose, the means for secure deletion can implement so-called wiping algorithms, i.e., algorithms which, by overwriting data in one or more passes, make it impossible to retrieve the deleted information. For example, in a preferred embodiment, the deletion means use the "pseudorandom" algorithm with 7
overwriting passes or the US DoD 5220.22. M algorithm with 7 overwriting passes.
The storage device 20 is preferably a software program, which can be delivered on a client computer 10, 1 1 or 13 in a plurality of ways. For example, it can be stored on a mass storage medium and installed, or it can be downloaded from an Internet site. The program can be downloaded onto a number of computers or a number of times onto the same computer. The program may also not reside permanently on the client computer but might be downloaded at each connection or be embedded in a web page. On the server side, the remote storage system 51 can comprise a connection module 53, an authentication module 54 and a transfer module 55.
The connection module 53 can comprise means of a known type for the interfacing with the connection module 23 of a client computer 10-14, in order to establish and maintain a secure connection between the client and the server. For example, the connection module 53 comprises means for providing an FTPS or HTTPS connection, or in any case a connection of the encrypted type, even a proprietary one.
The authentication module 54 can comprise means for user access to their own private storage area 70, preferably, the authentication module 54 implements one of the known authentication protocols, for example of the type with entry of a personal password and user name. The transfer module 55 can comprise means for uploading and downloading files from a client computer 10-14 to the user's personal area. Figure 3 illustrates in greater detail the architecture of the secure e- mail management device 30 according to the invention and the remote e- mail storage system 52 of Figure 1. The secure e-mail management device 30 can comprise an encryption module 22', a connection module 23 and a deletion module 24'. The secure e-mail management device 30 is preferably a software
program, which comprises means for providing the traditional functions of an e-mail program, such as the creation of messages, searching and sorting within messages, and so forth.
The encryption module 22' comprises means for encrypting a message, which implement one of the known encryption algorithms, preferably a public-key asymmetric encryption algorithm, such as for example RSA, OpenPGP or S-MIME. As will be described hereinafter, communication occurs exclusively with the remote e-mail storage system 52, so that the only public key that has to be stored by the e-mail client 30 is the key of the remote e-mail storage system 52; the remote e-mail storage system 52 will handle the encryption of the messages with the public keys of the actual recipients of an e-mail message.
The deletion module 24* comprises means that are similar to those of the deletion module 24, extended so that when the secure e-mail management device 30 closes, or on command of the user even while the program is open, all sent or received messages and/or the associated attachments are deleted, preferably in a secure manner as understood above.
On the server side, the remote e-mail storage system 52 can comprise a connection module 53, an authentication module 54, a transfer module 55, an encryption module 56 and a routing module 57.
The connection module 53 can comprise known means for interfacing with the connection module 23 of the client computer 10-14 in order to establish and maintain a secure connection between the client and the server, and comprises for example means for providing a connection with FTPS or HTTPS protocol.
The authentication module 54 can comprise means for user access to their own private storage area 70; preferably, the authentication module 54 implements one of the known authentication protocols, for example of the type with entry of personal username and password. The transfer module 55 can comprise means for sending and receiving
e-mail messages from a client computer 10-14 to the global server 50.
The encryption module 56 can comprise means for decrypting the encrypted messages received by the server 50 by using the public key of a client computer 10- 14 as supplied to the server 50, means for finding in the lookup table 72 the public key of the client/recipient 10- 14, and means for encrypting the message with such public key.
The routing module 57 can comprise means for identifying in the message the public address of the recipient, means for finding in the lookup table 72 the private address of the recipient, means for storing the message in the confidential area 71 or for sending the message to the client.
Operation of the system according to the invention is now described with reference to Figure 4.
In step 100, the selection module 21 of the storage device 20 of a client computer 10, 1 1 or 13 selects from the memory means 40 a digital document to be stored, this expression being used to reference any file, including compressed files and folders, or a plurality of files or folders.
In step 1 10, the encryption module 22 encrypts the digital document selected in the preceding step by means of the selected encryption algorithm, by using a key of the alphanumeric type that is entered by the user or a private key of the user made available on the client. In the case of use of multiple encryption algorithms in sequence, the encryption module performs encryption by using the key defined at the current algorithm or current step.
In step 120, the connection module 23 establishes a secure connection 4, 4' with the remote document storage system 51 , by using for example an FTPS connection or an HTTPS connection.
In step 130, the connection module 23 sends the document selected previously in step 100 and encrypted in step 1 10 over the secure connection established in step 120. Once confirmation that the digital document has been transferred
correctly is received, in step 140 the deletion module 24 deletes securely the document from the memory means 40 by means of the selected wiping technique.
One variation of the sending of digital documents for storage according to the invention is shown in the flowchart of Figure 5: this method is particularly suitable for storing large documents.
The method begins in step 200 in a manner similar to what has been described with reference to Figure 4, in which the document to be stored is selected. In step 210, the splitter module 25 splits the document into a plurality of packets.
In step 220, the method considers the i-th packet, then in steps 230,
240 and 250 the packet is encrypted, a connection to the server is established and the packet is sent to the server in a manner similar to what has been described in the corresponding steps of Figure 4.
Subsequently, control returns to step 220, in which it is established whether another packet to be sent exists: if there is, steps 230, 240 and 250 are repeated until the packets are finished; otherwise, after all the packets have been sent, the method performs a step 260 for irreversible deletion that is similar to the one described in Figure 4. As an alternative, deletion can be performed progressively as one packet has been sent successfully.
This embodiment has the advantage of minimizing the consecutive time period in which the connection to the server remains open and accordingly the risks of intrusion into the local computer. Moreover, it offers an additional protection to the stored document, since even in case of intrusion into the server the document, by being archived in packets, is unusable.
With reference to Figure 6, the method for sending an e-mail message according to the present invention is now shown in detail. In step 300, the e-mail management system 30 or 31 creates the
message to be sent.
In step 310, the e-mail management system encrypts the message by adopting a public-key encryption algorithm and by using the public key of the server 50 for encryption. In step 315, it is established whether the e-mail management system from which the message is being sent is a system according to the invention
30 or a system of a known type 31 : in the first case, in step 320 the message is transferred to the server 50 via the channel 4, 4' and the secure connection described earlier; in the second case, in step 330 the message is sent as a normal e-mail message and received by the server 50, using communication channels and security measures used conventionally in the transmission of e-mail.
In step 340, the e-mail management system 52 of the server 50 decrypts the message by using the private key of the server, then in step 350 it performs a search in the lookup table 72 to find the public key of the recipient.
In step 360, the e-mail management system 52 encrypts the message by using such public key.
In step 370, the e-mail management system 52 performs a search in the lookup table 72 to find the e-mail address of the recipient.
In step 380, on the basis of the found address, the e-mail management system 52 establishes whether the recipient is of the internal type, i.e., has available a reserved area on the server 50, or of the external type. In the first case, in step 390 the system saves the message in the reserved area of the recipient, otherwise in step 400 the system sends the message by e-mail to the recipient.
With reference to Figure 7, the method for sending an e-mail message with an attached document according to the present invention is now illustrated in detail. In step 300, the e-mail management system 30 or 31 creates the
message to be sent.
In step 305, the e-mail management system selects the document to be attached to the message.
In step 310, the e-mail management system encrypts the message by using a public-key encryption algorithm and by using the public key of the server 50 for encryption.
In step 312, the e-mail management system encrypts the attached document by using a public-key encryption algorithm and by using the public key of the server 50 for encryption. In step 315, it is established whether the system from which the message is being sent is an e-mail management system according to the invention 30 or a known type of e-mail management system 31 : in the first case, in step 320 the message is transferred to the server 50 via the channel 4, 4' and the secure connection described earlier; in the second case, in step 330 the message is sent as a normal e-mail message and received by the server 50.
In step 340, the e-mail management system 52 decrypts the message by using the private key of the server, and in step 345 the e-mail management system 52 decrypts the attached document by using the private key of the server.
In step 350, the e-mail management system 52 performs a search in the lookup table 72 to find the public key of the recipient and in step 360 it encrypts the message by using such public key.
In step 370, the system 52 performs a search in the lookup table 72 to find the e-mail address of the recipient.
In step 380, on the basis of the found address, the e-mail management system 52 establishes whether the recipient is of the internal type, i.e., has available a reserved area on said server, or of the external type, i.e., does not have an area of his own on said server. In the first case, in step 385 the system 52 can store the attachment in
the private area 70 of the recipient, insert in the e-mail message a link to the saved attachment (step 387) and save the message in the reserved area 71 of the recipient (step 390). In the second case, the system 52 sends, in step 400, both the message and the attachment by e-mail to the recipient. In one embodiment, the e-mail message and/or the corresponding attachment are stored in the reserved e-mail area 71 to be then copied or transferred, when requested by the authorized user, to the private area 70 of said user.
In a further embodiment, the messages sent by one user to another user are encrypted by using symmetric or asymmetric encryption algorithms, which are run by using personal keys that are known to the sender and the recipient and thus can also be unknown to the server 50. In this case, the server 50 does not perform the steps described above with reference to the decryption of the message of the sender with its own key and to the new encryption of the message with the key of the recipient, but merely stores the message and/or its attachment in the reserved e-mail area 71 or, if present, also or alternately in the private area 70 of the recipient. In this case, the recipient, upon connection, works in the manners already described above to access and retrieve the information of interest to him. The invention further comprises means for performing the download of stored files.
In particular, the document storage device 20 can connect to the server 50 by means of the network 5 and a secure connection 4, 4'. The user is required to enter suitable credentials and, after recognition by the server, the user can thus access his own reserved area 70.
The user can now view all the stored documents and select the ones of interest. The selected documents are downloaded onto the client computer 10, 1 1 or 13, where the document storage device 20 decrypts the file by means of the encryption module 22 and makes it available to the user. In the case of a document that is stored split into packets or is split during
transmission, as according to the embodiment described earlier with reference to Figure 5, each packet is downloaded and decrypted and then the splitter module 25 reassembles the original document according to the packets. Likewise, the system can comprise means for viewing received e-mail messages. In particular, the e-mail management system 30 connects to the server 50 via the network 5 and the secure connection 4, 4'.
The user enters suitable credentials, accesses his own reserved area
71 and can now view all the received messages and download them onto the client computer 1 1 , 12 or 13, where the e-mail management system 30 decrypts the messages by means of the encryption module 22' and makes them available to the user.
In the case of messages containing attachments, the messages contain a link that activates the document storage device 20 and the attachment is downloaded from the reserved area 70 of the user in the manner described above.
The embodiments described above can be implemented in many different manners and the present invention is not limited to any particular implementation. For example, according to a particular embodiment, the system according to the invention can be provided in a manner that is transparent for the user, activating it automatically on a given network volume or peripheral storage unit, for example by activating a so-called "service" in the operating system. In this case, dragging or copying a digital document, always understood as being one or more files, within the volume that has been mapped for secure use would activate automatically the secure remote storage procedure described above.
As a practical example, a user might define a volume, for example
"S:", as a secure volume. When he drags or copies a document to "S:", or into a folder thereof, the document is transferred to his area 70 in the
manner already described without leaving physical trace on the local computer from which the user is working.
Likewise, the person skilled in the art easily understands the applicability and convenience of such a system in a company context, where a certain volume might be defined for each user to create separate and secure user areas, or to create an area that is shared among a plurality of users who are authorized to access confidential information.
It has thus been shown that the present invention achieves the intended aim and objects. In particular, it has been shown that the system and the method thus conceived allow to overcome the qualitative limitations of the background art thanks to the fact that they allow secure storage of documents and simultaneously their irreversible deletion from a local computer, so as to make it impossible to access confidential documents in case of intrusion or theft of the computers or hand-held devices or smartphones of the user.
It has also been shown that the invention is practical to provide, since the steps of the method consist of simple operations for selection, encryption, sending and irreversible deletion of documents, which can be performed by means of technologies that are known to the person skilled in the art.
Clearly, numerous modifications will be evident and can be promptly performed by the person skilled in the art without abandoning the scope of the protection of the present invention.
For example, the documents to be stored might be compressed without losing information before sending to the server, so as to minimize the amount of band that is used.
It is further possible to conceive a client module that applies the method described above not only to a single file but also to multiple files or folders simultaneously. The system can be extended easily to a multi-user version, in which
the stored documents are shared among a plurality of users.
It is also evident that the inventive concept on which the present invention is based is independent of the actual implementation of the software modules, which can be provided in any language and on any hardware platform, as well as firmware that can be applied to modern electronic devices.
For example, the secure e-mail management device 30 can also be provided as an e-mail module to access e-mail via the Web, in an execution mode known as "Webmail". In this case, access to a dedicated web page would allow or begin the download of a plug-in for the navigation program used by the user, which, even transparently for the user, would then allow the management of his messages like traditional Webmail, with the advantages described above that derive from the use of the management modes according to the invention. With reference to the server, moreover, it is evident from the above description that the encryption modes used by the server 50 can also comprise multiple steps or encryption algorithms that are performed in sequence, each option possibly requiring its own key.
Therefore, the scope of the protection of the claims must not be limited by the illustrations or by the preferred embodiments illustrated in the description by way of example, but rather the claims must comprise all the patentable novelty characteristics that reside within the present invention, including all the characteristics that would be treated as equivalent by the person skilled in the art.
Claims
1. A system for remote management of digital documents, comprising means for selecting a document to be transferred from a local computer to a server, means for encrypting said document, means for establishing a connection between said local computer and said server, and means for automatic deletion of said document from said local computer.
2. The system according to claim 1 , characterized in that said encryption means comprise means for executing at least one private-key symmetric encryption algorithm selected among DES, IDEA, 3DES or RC2.
3. The system according to one or more of the preceding claims, characterized in that said means for establishing a connection between said local computer and said remote server comprise an Internet connection.
4. The system according to claim 3, characterized in that said means for connection between said local computer and said remote server comprise an FTPS connection or an HTTPS connection.
5. The system according to one or more of the preceding claims, characterized in that said means for deleting said document from said local computer comprise means for the irreversible deletion of said document.
6. The system according to one or more of the preceding claims, characterized in that it comprises means for splitting said document into parts, means for the encryption of said parts, and means for saving said parts on said remote server.
7. The system for remote management of digital documents according to one or more of the preceding claims, characterized in that said means "for selecting a document to be transferred comprise an e-mail client.
8. The system for remote management of digital documents according to the preceding claim, characterized in that said server comprises means for decrypting said message and forwarding said message to a recipient.
9. The system for remote management of digital documents according to one or more of the preceding claims, characterized in that said local computer is an electronic computer of the fixed type, an electronic computer of the portable type, a handheld device or a smartphone.
10. A method for remote digital document management, comprising the steps that consist in: selecting a document to be transferred from a local computer to a server; encrypting said document; establishing a connection between said local computer and said server and transmitting the document to the remote computer; deleting said document from said local computer.
1 1. The method according to claim 10, characterized in that said step of deleting said document from said local computer comprises deleting said document irreversibly.
12. The method according to claim 10 or 1 1 , characterized in that said step of establishing a connection comprises establishing an FTPS or HTTPS connection.
13. The method according to one or more of claims 10 to 12, further comprising the step of splitting and transmitting said document in parts.
14. The method according to one or more of claims 10 to 13, further comprising the storage, on the part of said server, of the transmitted document without any modification and its sending to a local computer without any modification.
15. The method according to one or more of claims 10 to 13, further comprising the step of reencrypting, on the part of said server, the transmitted document on the basis of an encryption key that belongs to a recipient of said document.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IT2008/000820 WO2010076831A1 (en) | 2008-12-30 | 2008-12-30 | Remote safe storing of digital documents with guarantee of privacy |
EP08876169A EP2370927A1 (en) | 2008-12-30 | 2008-12-30 | Remote safe storing of digital documents with guarantee of privacy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IT2008/000820 WO2010076831A1 (en) | 2008-12-30 | 2008-12-30 | Remote safe storing of digital documents with guarantee of privacy |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010076831A1 true WO2010076831A1 (en) | 2010-07-08 |
Family
ID=40793630
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IT2008/000820 WO2010076831A1 (en) | 2008-12-30 | 2008-12-30 | Remote safe storing of digital documents with guarantee of privacy |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP2370927A1 (en) |
WO (1) | WO2010076831A1 (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020033838A1 (en) | 2000-05-15 | 2002-03-21 | Scott Krueger | Method and system for seamless integration of preprocessing and postprocessing functions with an existing application program |
US20080177811A1 (en) | 2007-01-22 | 2008-07-24 | David Maxwell Cannon | Method and system for policy-based secure destruction of data |
-
2008
- 2008-12-30 EP EP08876169A patent/EP2370927A1/en not_active Withdrawn
- 2008-12-30 WO PCT/IT2008/000820 patent/WO2010076831A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020033838A1 (en) | 2000-05-15 | 2002-03-21 | Scott Krueger | Method and system for seamless integration of preprocessing and postprocessing functions with an existing application program |
US20080177811A1 (en) | 2007-01-22 | 2008-07-24 | David Maxwell Cannon | Method and system for policy-based secure destruction of data |
Non-Patent Citations (2)
Title |
---|
"Digital File Shredder Pro -- Military and Professional Grade Data Shredding For Consumers", INTERNET CITATION, 7 October 2005 (2005-10-07), pages 1, XP002503226, Retrieved from the Internet <URL:http://www.ccnmag.com/article/digital_file_shredder_pro_--_military_a nd_professional_grade_data_shredding_for_consumers> [retrieved on 20081110] * |
GUTMANN P: "Secure Deletion of Data from Magnetic and Solid-State Memory", PROCEEDINGS OF THE USENIX SECURITY SYMPOSIUM, XX, 22 July 1996 (1996-07-22), pages 14COMPLETE, XP002190890 * |
Also Published As
Publication number | Publication date |
---|---|
EP2370927A1 (en) | 2011-10-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6383019B2 (en) | Multiple permission data security and access | |
CN104662870B (en) | Data safety management system | |
US9070112B2 (en) | Method and system for securing documents on a remote shared storage resource | |
US9432346B2 (en) | Protocol for controlling access to encryption keys | |
US20190205317A1 (en) | Systems and methods for secure storage and retrieval of data objects | |
US8984611B2 (en) | System, apparatus and method for securing electronic data independent of their location | |
US20070005974A1 (en) | Method for transferring encrypted data and information processing system | |
US9015483B2 (en) | Method and system for secured data storage and sharing over cloud based network | |
JP5000658B2 (en) | Processing of protective electronic communication | |
KR20080095866A (en) | Computer session management device and system | |
EP3035641A1 (en) | Method for file upload to cloud storage system, download method and device | |
WO2008088400A1 (en) | Digital information protection system | |
US20080044023A1 (en) | Secure Data Transmission | |
CN114175580B (en) | Enhanced secure encryption and decryption system | |
JP4755737B2 (en) | Portable storage medium encryption system, data carrying method using the system, and portable storage medium | |
CN101083524A (en) | Method and system for encrypting and deciphering E-mail | |
EP3282670B1 (en) | Maintaining data security in a network device | |
US10623400B2 (en) | Method and device for credential and data protection | |
JP4471129B2 (en) | Document management system, document management method, document management server, work terminal, and program | |
KR101497067B1 (en) | Electric document transfer method and apparatus based digital forensic | |
CN103379133A (en) | Safe and reliable cloud storage system | |
CN105187379B (en) | Password based on multi-party mutual mistrust splits management method | |
WO2019216847A2 (en) | A sim-based data security system | |
JP5162396B2 (en) | Storage service system and file protection program | |
CN110417638B (en) | Communication data processing method and device, storage medium and electronic device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08876169 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2008876169 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |