Browse Prior Art Database

A Lightweight and Safe File Protection System

IP.com Disclosure Number: IPCOM000236659D
Publication Date: 2014-May-08
Document File: 4 page(s) / 64K

Publishing Venue

The IP.com Prior Art Database

Abstract

This article introduce a lightweight and safe file protection system. The core idea of this disclosure is reusing file directory as the password to encrypt and decrypt file when user needs to save or read it through application server.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 44% of the total text.

Page 01 of 4

A Lightweight and Safe File Protection System

Data security in modern distributed computing systems is a difficult problem. Network connections and remote file system services, while convenient, which often make it possible for an intruder to gain access to sensitive data by compromising the system.

Cryptographic techniques offer a promising approach for protecting files against unauthorized access. There are two types of cryptographic techniques, one is system-level cryptography, and the other is application-level cryptography. The disadvantages of these methods are:


1. No matter system-level cryptography or application-level cryptography, user needs to remember a password or store a key file to decrypt the cryptographic file. If use forgot the password that means the document can't be recovered.


2. Most of time, one user has one password or key file which is used to encrypt all of the files. So, if password or key is revealed, all of the files are revealed.


3. File system encryption is typical system-level cryptography. The limited of this way is only can be used on special platform. For example, EFS (Encrypting File System) only works on Windows and the file system must be NTFS, while eCryptfs is a stacked cryptographic file system based on the Linux kernel.


4. Application-level cryptography is cumbersome. No approach is entirely satisfactory in terms of security, generality, or convenience.

Most of users no need to care file path value on remote storage server, no need to be meaningful for human. So, besides as file's unique identification label, this path can be used to describe other information. The core idea of this disclosure is reusing it as the password to encrypt and decrypt file when user needs to save or read it through application server.

The advantages of this idea are:1. User no needs to remember a password or store a key file to decrypt the cryptographic file. They only need to remember the password used to login in the application server.


2. Each of file has its own password to protect the content. The file path is unique, so the password is unique.


3. This cryptographic system is embedded in the application server, so it can be generally used on different platform.


4. Authorized users no need to be aware of the existing of the cryptographic system. While for unauthorized users, as they can't access the cryptographic system, even they get the encryption file and the file path, they still can't get the ordinary file. It's a convenience and

1


Page 02 of 4

security system.


1. Two types of file paths:


A. Access Path

This path is file's logic address, user needs to supply this path when he/she downloads file from application server. In the following description, we will take "/files/7bdcf70d-2c24-4ca5-870f-7f0dc8d464a3" as sample.


B. Password Path

This path is file's physical address, which is generated from Access Path after necessary transformation. Different from Access Path, Password Path should not meaningful f...