Increasingly so, protecting data on computers connected to the Internet or over any other digital network has become a mainstay industry in the field of digital communications. A critical aspect of security, moreover, is protecting data transferred over a network.
There are a number of commands and/or programs that permit a user on one computer to access data on a remote computer over a network, such as the Internet. One such command is a UNIX command, RLOGIN, that allows an authorized user to login to other UNIX computers having the RLOGIND service (or daemon) across a network. A user connected to a remote computer through this command can interact with the computer in the same way as if she/he were physically present. Another such program is remote shell (RSH) that allows a user to execute non-interactive programs on a remote system running a remote shell daemon (rshd) and returns the remote program's standard output and standard error output. Remote copy (RCP) allows a user to transfer multiple files and recursively copy entire directory trees files to and from another system running a remote shell daemon (rshd) that supports RCP over the network. An anonymous File Transfer Protocol (FTP) is a file transfer between locations that does not require users to identify themselves with a password or log-in. An anonymous FTP is not secure, because it can be accessed by any other user of the WWW. RCP is another command that does not require a user to log in or specify a password for the remote system. Yet another example of a program accessing other programs on remote computers is the RDist program that maintains identical copies of files on multiple hosts and, if possible, RDist preserves the owner, group, mode, and time of files and may further update programs that are executing.
Secure Shell (ssh) is a replacement program for RLOGIN, RSH, RCP, AND RDIST programs discussed above. SSH provides strong authentication and secure communications over insecure channels and allows one user to log into another computer over a network, execute commands in the remote machine, and move files from one machine to another. SSH, moreover, protects a network from attacks such as Internet Protocol (IP) spoofing, IP source routing, and Domain Name System (DNS) spoofing. An attacker who has managed to take over a network can only force SSH to disconnect and cannot play back the traffic or hijack the connection when encryption is enabled.
While SSH does a fine job protecting a connection, once the data reaches its destination generally it is no longer encrypted so that in the case of a shared backup server the data could be retrieved if the server were hacked into. The simple solution to this problem would be to encrypt the data before backing it up. But doing this then means that a user must maintain a key with which to decrypt the data in order to retrieve it. Losing a key might seem a trivial problem to solve; after all, SSH is widely used and keys are simply replaced if one is lost. When dealing with a file which has been locked with an encrypted key, however, the problem is much different because an administrator can't access a data file as she/he might log into or otherwise access a system to replace the key. Thus, if a user loses the key with the original system or makes a backup of it to a workstation, or even electronically mails it to her/himself, the key can easily get lost. So, the irony is that data loss can occur when trying for greater data protection; all the data which was so carefully archived and encrypted might become worthless because without the key, there is no backup way to decrypt the data.
There are several techniques that use passwords and special questions to recover the key or a special key recovery file but the integrity of the system can still be compromised if the key recovery file is found and a password is known. On the other hand, a user can still suffer from a massive data loss if the password or passphrase information for the Certification Authority (CA) key recovery file is also lost. The problem with any password or passphrase tied to an encrypted file is that the password or passphrase must be remembered. Finally, sometimes encryption keys are separated and distributed on different nodes with a certain level of redundancy. There is still a need, however, to provide a method and a machine to store split data securely across a network of servers.
These needs and other that will become apparent are solved by the invention as stated below: