The subject matter described herein relates generally to systems, methods, and computer-readable media for remote data storage, and more particularly, to systems, methods, and computer-readable media for encrypted remote data storage carried out from a computer system, even more particularly from a client computer.
In recent years, providers of online storage accessible over the internet, also called remote storage providers or online storage providers, have been very successful both in the consumer market and in the corporate market. An example of the services provided are simple, easy-to-use backup and/or storage services that predominantly target the consumer segment, also called “cloud” services. Examples for such services are Dropbox, Onedrive offered by Microsoft, and Drive offered by Google. These services offer ease of use, simple and relatively similar user interfaces, online/offline content synchronization, and pricing plans. However, the offered convenience comes at a cost—users must leave the supervision over their files to the service provider, leaving the security and integrity of the files in the hands of the vendor. As the user uploads his files to the service provider of choice, he loses control over the security of his data and has to rely on the integrity and ability of the service provider to safeguard his files. This leaves room for improvement, as it would be desirable to not have to rely on trust and good faith only.
In the cases above, the user has no influence or control what the company actually does with his data, at which geographical locations and in which countries the data is stored, or which safety mechanisms and standards are employed against data loss, manipulation and intrusion, etc. To sum up, the user is entirely dependent on at least one third party, namely the service provider, but also on his internet service provider to take good care of his data. In particular with sensitive personal data, financially relevant data or other sensitive information like business information or financial account data, this trust-based approach is not satisfactory with respect to a number of aspects and leaves room for improvements.
As long as the user's data to be stored, embodied as files, is stored in a plain, non-encrypted format, there are plenty of risks in that an unauthorized intruder might gain access to the stored data, which is generally known as computer related crime or computer crime. Therefore, it has become good practice, which is nevertheless followed only by a minority of the providers of remote storage services, to encrypt the customer data prior to storing it on a storage facility of the service provider. However, this method also has a number of drawbacks and potential risks for customers, be it consumers or corporate customers: Even if the customer's data is stored in an encrypted form at a facility of the service provider—that is, when the data is stored in a scrambled, non-readable form and is only readable with the knowledge of the employed encryption method and, for example, an encryption key—intruders may for example gain electronic access to a location of a company's storage network where the cryptographic information needed for accessing the data is stored. Also, even employees of the service provider might behave inappropriately and thus gain access to the customer's data. Thus, it is desirable to have a method for securely storing data remotely, without the potential for intrusion or data theft by an unauthorized private individual or other instance.
Furthermore, it has become common knowledge that government agencies in various countries have more or less direct access to the data of major companies, in most cases on a legal basis. This pertains to hardware and software companies, and also to storage service providers. Further, it is known that a significant part of the internet traffic is monitored on a regular basis, or in some cases even nearly continuously, by the authorities in a number of countries. Consequently, storage service providers may be able to protect files belonging to their customers from ordinary attackers, but may for example be obliged by law to collaborate with government agencies to give them access to the data—even full access to originally encrypted data—that users have stored with their storage services.
This is particularly relevant as in today's globalized economy embodied in the internet, no one person can be sure which governments might want access to his data. For example, an American citizen might store his data with a company which operates data storage centers physically located in various other countries, e.g., for economic, tax or other business related reasons. At least one of these countries might grant access via covert cooperation—probably unknown to the public, regardless in which country—to its own government's authorities or even to the authorities of a yet further foreign country. This might result in the authorities of a country hardly known to the private or even corporate US customer having full access to his sensitive personal or business related files. That data might in turn, for example, even contain information relevant to the security of the US or be potentially damaging to the business interests of US companies, such as to the employer of the individual using the storage service, or directly to a private business using the storage service. Thus, it would be desirable to have a method for securely storing data remotely which offers enhanced security against intrusion or manipulation by, for example, cryptographic attacks or the well-known “social engineering” attacks used by professional attackers against individuals and companies.
One approach for safeguarding the privacy of personal or business data against the above cited and other risks is to locally encrypt files on the user's computer (client computer) before transferring them to an online storage provider over the internet. Such a service is, for example, provided by the German company boxcryptor.de. However, also this method leaves room for improvement. For example, it is typically only a question of time until a known encryption algorithm will be broken, for example by specialized branches of government agencies which are known to take such action, and it may be years before such a security breach becomes public knowledge. Thus, in the meantime, the authorities of various countries might continuously inspect the encrypted personal or business data remotely stored, which is falsely considered to be safely encrypted by both the customer and even by the respective storage service provider. Also, the described method for the file encryption prior to the upload also prohibits users from benefiting from one of the desirable useful effects of storing files online, that is to easily and conveniently share personal files, such as photographs and the like, with friends, family or coworkers.
Hence, it would be desirable to have methods, systems or services for the remote storage of data which provide enhanced safety against a great number of attacks and against any kind of attacker, while at the same time providing ease of use and at least some or all of the advantages for users known from remote online storage services.
For the reasons cited above and for other reasons, there is a need for the present invention.