The present invention relates to a computer-implemented method for performing anonymous read/write accesses of a set of user devices to a server. The set of user devices is associated to a user or user group. The present invention further relates to a corresponding server, corresponding user devices and a corresponding computer program product.
Many users of electronic devices have a set of multiple devices that they use to perform electronic transactions, e.g., one or more mobile phones, laptops, tablet computers and/or desktop computers. Such sets of devices may only be used by a single person or may be shared by a group of persons, e.g., by members of a family.
Electronic transactions usually involve authentication towards a service provider. The latter may include initially the establishment of an account and corresponding credentials with the respective service of the service provider operating the server and subsequently reconnecting to the service and identifying as the account holder. The transactions also resolve in electronic data that are processed and stored on the user devices. When using multiple devices of a set, it is a challenge to synchronize the data between these devices.
One possible solution is to store all data on a server in the cloud and then retrieve the information from the cloud onto the devices whenever the data is needed. After a transaction is done, the updated information is again deposited in the cloud. For such an approach all user devices of the set may share the same encryption/decryption key.
One problem with this approach is that a lot of collateral information may leak to the cloud provider. More particularly, the cloud provider may learn which users retrieve and deposit information at what time.
US 2015/0180905 A1 discloses a system and method for secure synchronization of data across multiple computing devices. The method comprises detecting a file content update on a first client computer system, the file to be synchronized on a plurality of different types of client computer systems in a plurality of formats. The method further comprises associating a security policy with the file, wherein the security policy includes restrictions to limit one or more actions that can be performed with the file, and synchronizing the file to a second client computing system while applying the security policy to provide controls for enforcement of the restrictions at the second client computer system.
US 2014/0068254 discloses systems and methods for upload and/or download streaming encryption to/from an online service, or cloud-based platform or environment. The encryption process includes upload encryption, download decryption, and a central piece of infrastructure called the Interval Key Server (IKS). During both upload and download, the encryption and decryption processes are performed while the files are being uploaded/downloaded.
U.S. Pat. No. 8,925,075 B2 discloses a method for protection of cloud computing including homomorphic encryption of data. The proposed scheme can be used with both an algebraic and analytical approaches. A cloud service is implemented on a server. A client encrypts data using fully homomorphic encryption and sends it to the server. The cloud server performs computations without decryption of the data and returns the encrypted calculation result to the client. The client decrypts the result, and the result coincides with the result of the same calculation performed on the initial plaintext data.
US 2010/0325441 discloses systems and methods for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user.
Accordingly there is a need to provide methods and corresponding user devices and servers that allow a privacy-enhanced storage of data at a central server. Furthermore, there is a need to provide methods and corresponding user devices allowing multiple user devices of a set to store synchronize and retrieve their data at/from such a central server in a privacy-enhanced way.