Patent Application
20130185569
1. Technical Field
Embodiments of the present disclosure relate generally to data security technologies, and particularly to a data protection system and method implemented by a data protection device based on cloud storage.
2. Description of Related Art
Cloud storage services are used by individuals and companies for storing important data. Whether individual or company, all are concerned about security and privacy of the data that is stored over the cloud storage services. For companies especially, incalculable losses may occur if important or confidential data is discovered or released. Moreover, it is possible that the vendor of the cloud storage services may access data stored over the cloud storage services, which increases the worries of users about the data security and privacy.
The disclosure, including the accompanying drawings, is illustrated by way of example and not by way of limitation. It should be noted that references to “an” or “one” embodiment in this disclosure are not necessarily to the same embodiment, and such references mean at least one.
In one embodiment, the storage system 11 may be a random access memory (RAM) for the temporary storage of information, and/or a read only memory (ROM) for the permanent storage of information. In other embodiments, the storage system 11 may also be an external storage device, such as a hard disk, a storage card, or other data storage medium.
The data protection system 10 may include a plurality of programs in the form of one or more computerized instructions stored in the storage system 11 and executed by the processor 12 to perform operations of the data protection device 1. In the embodiment, the data protection system 10 includes a request module 101, a data processing module 102, and a data security module 103. In general, the word “module”, as used herein, refers to logic embodied in hardware or firmware, or to a collection of software instructions, written in a programming language, such as, Java, C, or assembly. One or more software instructions in the modules may be embedded in firmware, such as in an EPROM. The modules described herein may be implemented as either software and/or hardware modules and may be stored in any type of non-transitory computer-readable medium or other storage device. Some non-limiting examples of non-transitory computer-readable medium include CDs, DVDs, BLU-RAY, flash memory, and hard disk drives.
The request module 101 receives a first request message from a user who requests to store first data, such as images, videos, some important documents, or other kind of relevant information of the user, in the cloud storage device 3, and receives the first data to be stored through the first network 2. In one embodiment, the user may login onto the protection device 1 using a client device (such as a personal computer of the user) through the first network 2, and then send the request message using the client device.
The data processing module 102 divides the received first data into a plurality of data packets (each separate data packets referred to hereinafter as contained within the generic expression “second data”) and allots a sequential number to each second data. In one embodiment, the data processing module 102 may divide the first data using a known mathematical algorithm, such as the information dispersal algorithm (IDA).
The data security module 103 encrypts each of the second data in sequence according to the allotted numbers of the second data, and moves the encrypted second data from the data protection device 1 to the cloud storage device 3 through the second network 4. In one embodiment, the data security module 103 may automatically encrypt the second data using a first data encryption algorithm. In other embodiments, the data security module 103 receives an encryption key from the user for encrypting the second data, and then encrypts the second data using a second data encryption algorithm according to the encryption key.
The first data is stored into the cloud storage device 3 after the second data has been moved to the cloud storage device 3. Since the first data stored in the cloud storage device 3 has been divided and encrypted by the data protection device 1, the security and privacy of the first data can be better ensured. The user can request access to the data in the cloud storage device 3 by sending a second request message to the data protection device 1 through the first network 2. The request module 101 receives from the user the second request message.
The data security module 103 then obtains the second data from the cloud device 3 through the second network 4 according to the second request message, and decrypts the obtained second data. In one example, if the second data was automatically encrypted using the first data encryption algorithm, the data security module 103 may decrypt the second data using a data decryption algorithm corresponding to the first data encryption algorithm. If the second data was encrypted using the second data encryption algorithm according to the encryption key, the data security module 103 must receive a decryption key from the user, and decrypt the second data according to the decryption key using a data decryption algorithm corresponding to the second data encryption algorithm. The decryption key may be the same as or different from the encryption key, which is determined according to the second data encryption algorithm used by the data security module 103.
The data processing module 102 further integrates the decrypted output from the second data according to the allotted numbers of the second data to recover or effectively recreate the first data required, and transmits the recovered data to the user through the first network 2. Thus, the first data stored in the cloud storage device 3 can be conveniently accessed by the user, and only by the user, through the data protection device 1.
In step S01, the request module 101 receives a first request message from a user that requests the storage of data (first data) into the cloud storage device 3, and receives the first data from the user through the first network 2.
In step S02, the data processing module 102 processes the received first data into the second data as hereinbefore described. The second data may be defined as data packets of the first data. In one example, the data processing module 102 may divide the first data using the information dispersal algorithm (IDA) as described above.
In step S03, the data security module 103 encrypts the second data in sequence, and moves the encrypted second data from the data protection device 1 to the cloud storage device 3 through the second network 4. Details of encryption of the second data are in paragraph [0013] hereof.
In step S11, when the user wants to access the second data from the cloud storage device 3, the request module 101 receives the second request message requesting access of the second data.
In step S12, the data security module 103 obtains the second data from the cloud device 3 through the second network 4 according to the second request message, and decrypts the obtained second data. The decryption of the second data is described in paragraph [0015] hereof.
In step S13, the data processing module 102 integrates the decrypted output from the second data according to the allotted numbers of the second data to recover or effectively recreate the first data required by the user, and transmits the recovered data to the user through the first network 2.
Although certain embodiments of the present disclosure have been specifically described, the present disclosure is not to be construed as being limited thereto. Various changes or modifications may be made to the present disclosure without departing from the scope and spirit of the present disclosure.
| Number | Date | Country | Kind |
|---|---|---|---|
| 201210008181.3 | Jan 2012 | CN | national |
