최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0928982 (1997-09-12) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 826 인용 특허 : 9 |
A solution to the general problem of Secure Storage and Retrieval of Information (SSRI) guarantees that also the process of storing the information is correct even when some processors fail. A user interacts with the storage system by depositing a file and receiving a proof that the deposit was corr
A solution to the general problem of Secure Storage and Retrieval of Information (SSRI) guarantees that also the process of storing the information is correct even when some processors fail. A user interacts with the storage system by depositing a file and receiving a proof that the deposit was correctly executed. The user interacts with a single distinguished processor called the gateway. The mechanism enables storage in the presence of both inactive and maliciously active faults, while maintaining (asymptotical) space optimailty. This mechanism is enhanced with the added requirement of confidentiality of information; i.e., that a collusion of processors should not be able to learn anything about the information. Also, in this case space optimality is preserved.
[ Having thus described our invention, what we claim as new and desire to secure by Letters Patent is as follows:] [1.] A computer implemented method for the secure distributed storage and retrieval with confidentiality of information of a user in a storage system including a plurality of servers co
[ Having thus described our invention, what we claim as new and desire to secure by Letters Patent is as follows:] [1.] A computer implemented method for the secure distributed storage and retrieval with confidentiality of information of a user in a storage system including a plurality of servers comprising:for a given transaction, designating one server of said plurality of servers as a gateway server for the user;depositing an encrypted file from the user and a file encrypting key encrypted under a public key of the user to the storage system via the gateway server;distributing by the gateway server by dispersing the file among a plurality of storage elements attached to servers within said storage system;receiving by the gateway server a partial signature from each of the servers in the storage system receiving the parts of the dispersed file;generating by the gateway server an authenticated proof that the storage system received and correctly stored the file, the proof being provided even when at least one of said servers malfunctions due to a malicious fault;responding by the gateway server to a user request for a previously stored file by forwarding the request to all servers in the storage system, the user request including an encryption under the user's public key of a user generated random number temporarily stored by the user, the random number serving as a blinding factor;checking by each server to determine if the user making the request has permission to access the requested file;if the user making the request has permission to access the requested file, computing by each server a partial decryption of their respective share of the requested file encrypting key multiplied by the encrypted blinding factor using a threshold decryption algorithm;sending by each server in the storage system the computed partial decryption their respective shares of the stored file and hashes of all shares to the gateway server;determining by the gateway server good shares from a majority of hashes received from other servers and reconstituting the encrypted file using an information dispersal algorithm;determining by the gateway server the file-encrypting key multiplied by the blinding factor;sending the reconstituted file and the product of the encrypting key multiplied by the blinding factor to the user;obtaining the file-encrypting key by the user by dividing out the blinding factor;receiving from the user an authenticated acknowledgment message;forwarding by the gateway server an acknowledgment message to all servers in the storage system; andechoing by the servers the acknowledgment message.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.