While a mobile device is personal, unexpected situations can occur, such as loss or theft of the same. If this device has any sensitive or confidential information, it might be disclosed or lost.
To ensure that such information is not lost, it would be necessary some kind of redundancy, for example, to keep a copy on a local hard drive and the other in a remote location accessible over the Internet. However, storing sensitive data in online servers also poses risks, such as the invasion and/or information theft.
Within this context, to increase the degree of information security, this data should be encrypted, both in online copy or in remote device. Thus, even in case of theft or intrusion device of the server, the information itself will not be stolen.
Several security issues are found in the prior art, as detailed below:
Problem 1
One company had a leak portfolio with incalculable loss because one of the employees consulted some company documents on their mobile device, but that device was stolen while he was at a bar or other public place.
Problem 2
The employee of a company using the Wi-Fi network provided by the hotel where he was staying, carries sensitive data that are in online storage. But he paid no attention to the Wi-Fi did not have any kind of encryption. An attacker capturing the packets that travel in the middle of Wi-Fi network can view the data traffic, obtaining thus the information.
Problem 3
Files of a company are exclusively stored in an online service that offers no data encryption. In this case, a group of hackers attacking this service over the Internet is very likely that the company's portfolio is stolen. To minimize the risk of problems of the examples presented above, it is possible to adopt the following improvements for each of these cases, respectively:                Improvement for Problem 1: to use virtual storage (cloud);        Improvement for Problem 2: to use a data connection encrypted (HTTPS for example);        Improvement for Problem 3: encrypted storage in the cloud and on the phone;        
However, these improvements do not provide a complete solution. Even with the addition of cryptographic techniques in the system other problems still need to be covered, as described below:
Problem 4
A system of online storage with encryption is deployed. In this type of system, controlling of data access is done by means of cryptographic keys. However, as this system uses keys that expire, each time a key expires, the entire file system should be re-encrypted, which, in turn, implies in great data traffic for all users because data stored on devices from other users will be invalid, requiring reloading the data stored in the cloud.
Problem 5
A company hires a group of hackers to steal information from another particular company. This group is one of the employees who have permission to take the documents home. The group, knowing that the mobile device that contains employee information they seek, steals your device. Although sensitive data is encrypted inside the device, hackers knowing the encryption key is stored within it, through a brute force attack on the hard drive of the phone can decrypt the data, thus achieving extract the desired information.
To overcome the above problems, some known solutions can be provided as follows:                Improvement for problem 4: each user has his account, with no need for directory access control, reducing the data traffic.        Improvement for Problem 5: Division of keys between online storage and device        
The patent document US2010235630 A1, published on May 20, 2010, holder UNISYS CORPORATION, describes a method and system for protecting data in a data storage network. The method comprises receiving data in a safe place for their respective storage. The method includes dividing the data received by means of cryptographically secure storage blocks in a variety of secondary data, and dividing cryptographic key to access data in a variety of key fragments. The method further includes encrypting each of the variety of data blocks with different keys, implementing a cloud that manages to retain a single IP for its infrastructure and using a secure bridge for communication between client and servers, preventing someone who is capturing the transmission has access to data transmitted. However, the storage protection still has flaws, and can be exploited.
The patent document WO2010057194 published on Sep. 16, 2010, holder: NOVELL, INC., describes a system to provide cloud computing services. This system comprises a cloud computing environment with resources for the data to be managed in the cloud, each load data having an address to the same cloud. Said system works so that a given data load to obtain a key from a first cryptographic key pair, said pair of keys for decrypting encrypted hosted storage within the cloud computing environment. The main purpose of this document is to increase the protection of the data stored in the cloud, using keys to this section by hard drive and dividing the file across multiple disks differently, complicating thus the theft of information in case of theft of the storage disk or theft of one of the keys, however, it is still extremely vulnerable to information theft on the client.
The document CN 201408416 published on Feb. 17, 2010, holder: TSINGHUA TONGFANG CO LTD, describes a mobile storage device with a storage mechanism and division keys. The device comprises an interface unit, a processing and control unit, a cryptographic service unit and a data storage unit. A decryption key used by the storage device is formed by the union of two or more segments of data or generated by an algorithm corresponding to this. Each segment has different forms of data storage and access mechanisms. The device is thus of broad protection provided by the adoption of the division of keys and storage mechanism, causing the device to be highly secure. This document relates to mobile storage devices that store the encrypted data and encryption key in separate pieces, spreading to the storage, hence impeding the theft. But the key is still in the entire device.
The document Wuala BY LACIE available on http://www.wuala.com/ is a commercial system that provides encrypted storage leaving the data encrypted on the client side (device). For this system has focused on several different users using the same cloud, it uses its own encryption and access control. This approach is advantageous for multiple users, but periodically causes the entire file system has to be encrypted and transmitted again consuming a large amount of processing and data transmission. We still have that as a key to decipher the data is still on the mobile device, it may be that an attacker breaks the encryption of stored data.
In order to overcome the disadvantages of the prior art, the present invention proposes a system focused on the security of data stored in a cloud infrastructure, as well as secure data in transfer, using a secure bridge (HTTPS), that also protects data stored. Furthermore, the system of the present invention uses asymmetric keys stored on the device and in the cloud, to ensure that even in case of theft of the device or hard disks will not be possible to obtain the key, since only with the two together can be calculated the symmetric key and without it you, it is not possible to decipher data. Moreover, since the system is not intended for use by multiple users, this is only one user on different devices, it is not necessary cipher again the file system and retransmit it, thereby minimizing the data exchange.
To provide the online storage of information, the present invention uses cloud storage service.