Search

US-20260127296-A1 - Server Inaccessible End-to-End Encrypted Data Protection

US20260127296A1US 20260127296 A1US20260127296 A1US 20260127296A1US-20260127296-A1

Abstract

System and method for a data environment using linked chains of data packages and logical packages to allow for identification of server data from a local machine without allowing access to unencrypted data by the server. The local machine may identify all data packages and all logical packages in the data environment without downloading all data packages and logical packages providing for faster remote data use with improved security. Data packages and logical packages may be organized by their unique checksums. Header information contained within the data packages and logical packages allows a local machine to identify all data packages in the data environment while only downloading and decrypting a minimal number of data packages or logical packages and data.

Inventors

  • Joshua Joseph Boutwell

Assignees

  • Joshua Joseph Boutwell

Dates

Publication Date
20260507
Application Date
20241105

Claims (12)

  1. 1 . An encrypted data environment system comprising: at least one local machine in communication with at least one server; wherein said at least one local machine partitions a set of data into data packages comprising a data package header and associates said data packagers based on logical relationships, assigns a data group GUID to each said logical relationship of said data packages, generates a logical package comprising a logical package header for each said data group GUID, assigns a logical GUID to each said logical package; encrypts each said data package and each said logical package into a generic package to form a generic package group, and uploads said generic package group to said server; said at least one server receives and stores said generic package group and wherein said at least one server serves up packages from said generic package group on request by said at least one local machine; said at least one local machine may request a listing of checksums of each said generic package of said generic package group and request one random generic package from said generic package group and decrypt a header of said one random generic package to identify said generic packages and generate a listing of all said data packages and said logical packages corresponding to said listing of checksums; said local machine manipulates one or more of said data packages to generate an updated data package, said local machine links said updated data package to said data package via a field in a header of said updated data package, and said local machine generates an updated logical package for said updated data package and links said updated logical package to said logical package via a field in a header of said updated logical package; and wherein said updated data package and said data package form a data chain and said logical package and said updated logical package form a logical chain.
  2. 2 . The encrypted data environment system of claim 1 , wherein said identification of said generic packages comprises: identifying said decrypted header of said one random generic package as a data header or logical header; reading a last logical package checksum field in said decrypted header of said one random generic package; identifying a specific generic package from said server corresponding to said last logical package checksum field in said decrypted header of said one random generic package and requesting said specific generic package from said server corresponding to said last logical package checksum field in said decrypted header of said one random generic package; and decrypting said specific generic package from said server and identifying all said generic packages on said listing of checksums by data from said specific generic package.
  3. 3 . The encrypted data environment system of claim 1 , wherein said data package header and said logical package header comprise a header buffer string such that each of said data package headers and said logical package headers comprise a standard header data length.
  4. 4 . The encrypted data environment system of claim 1 , wherein said data packages said logical packages comprise a package buffer string such that each of said data packages and said logical packages comprise a standard package data length.
  5. 5 . A method of data environment management comprising: partitioning a set of data into data packages, each said data package comprising a data package header; associating said data packages based on logical relationships; assigning a data group GUID to each said logical relationship of said data packages; generating a logical package comprising a logical package header for each said data group GUID; assign a logical GUID to each said logical package; encrypting each said data package and each said logical package into a generic package to form a generic package group; uploading said generic package group to a server; storing said generic package group on said server; serving up packages from said generic package group on request; requesting a listing of checksums of each said generic package of said generic package group and requesting one random generic package from said generic package group; decrypting a header of said one random generic package to identify said generic packages and generate a listing of all said data packages and said logical packages corresponding to said listing of checksums; manipulating one or more of said data packages to generate an updated data package; linking said updated data package to said data package via a field in a header of said updated data package; generating an updated logical package for said updated data package and linking said updated logical package to said logical package via a field in a header of said updated logical package; and generating a data chain from said data package and said updated data package and generating a logical chain from said logical package and said updated logical package.
  6. 6 . The method of data environment management of claim 5 , wherein said identification of said generic packages comprises: identifying said decrypted header of said one random generic package as a data header or a logical header; reading a last logical package checksum field in said decrypted header of said one random generic package; identifying a specific generic package by checksum from said listing of checksums corresponding to said last logical package checksum field in said decrypted header of said one random generic package and requesting said specific generic package from said server; and decrypting said specific generic package from said server and identifying all said generic packages on said listing of checksums by data from said specific generic package.
  7. 7 . The method of data environment management of claim 5 , further comprising generating a data package header buffer string for each said data package header and a logical package header buffer string for each said logical package header such that each of said data package headers and said logical package headers comprise a standard header data length.
  8. 8 . The method of data environment management of claim 5 , further comprising generating a data package buffer string for each said data package and generating a logical package buffer string for each said logical package such that each of said data packages and each of said logical packages comprises a standard package data length.
  9. 9 . At least one computer-readable storage medium having instructions recorded thereon which, when executed by a computer, cause the computer to perform a method for data environment management, the method comprising: partitioning a set of data into data packages, each said data package comprising a data package header; associating said data packages based on logical relationships; assigning a data group GUID to each said logical relationship of said data packages; generating a logical package comprising a logical package header for each said data group GUID; assign a logical GUID to each said logical package; encrypting each said data package and each said logical package into a generic package to form a generic package group; uploading said generic package group to a server; storing said generic package group on said server; serving up packages from said generic package group on request; requesting a listing of checksums of each said generic package of said generic package group and requesting one random generic package from said generic package group; decrypting a header of said one random generic package to identify said generic packages and generate a listing of all said data packages and said logical packages corresponding to said listing of checksums; manipulating one or more of said data packages to generate an updated data package; linking said updated data package to said data package via a field in a header of said updated data package; generating an updated logical package for said updated data package and linking said updated logical package to said logical package via a field in a header of said updated logical package; and generating a data chain from said data package and said updated data package and generating a logical chain from said logical package and said updated logical package.
  10. 10 . The computer-readable storage medium of claim 9 , wherein said identification of said generic packages comprises: identifying said decrypted header of said one random generic package as a data header or a logical header; reading a last logical package checksum field in said decrypted header of said one random generic package; identifying a specific generic package by checksum from said listing of checksums corresponding to said last logical package checksum field in said decrypted header of said one random generic package and requesting said specific generic package from said server; and decrypting said specific generic package from said server and identifying all said generic packages on said listing of checksums by data from said specific generic package.
  11. 11 . The computer-readable storage medium of claim 9 , further comprising generating a data package header buffer string for each said data package header and a logical package header buffer string for each said logical package header such that each of said data package headers and said logical package headers comprise a standard header data length.
  12. 12 . The computer-readable storage medium of claim 9 , further comprising generating a data package buffer string for each said data package and generating a logical package buffer string for each said logical package such that each of said data packages and each of said logical packages comprises a standard package data length.

Description

FIELD OF THE INVENTION The present invention relates generally to the field of data environments. More specifically, the invention is in the subfield of data environments in end-to-end encrypted environments with data auditing processes. BACKGROUND OF THE INVENTION Cloud-based data storage services provide a convenient and effective method for storing large amounts of data that may be accessed by an end user from a variety of locations or local machines. However, cloud-based data storage services are owned and operated by other persons or entities who may not be the owners of sensitive data stored on the cloud. These other persons or entities may have access to the operating system of the hardware storing the data, allowing access to any software applications running on the cloud based-storage. Furthermore, data is generally available to be compromised, altered, or exfiltrated by unauthorized third parties when on cloud storage and available for use by end users. Current methods of protecting data on cloud-based storage systems are to encrypt the data. However, a consequence of this encryption is that a user on a local machine cannot manipulate the data required for a particular user session without decryption and must download the entirety of the cloud-based storage. Alternatively, the server may be allowed to decrypt the data, but this necessarily increases the risk to data security. This places extra demands on hardware and data bandwidth. Furthermore, because of the weaknesses in cloud-based storage security, a user is often reliant on the cloud-based storage service provider to ensure that data is properly protected. As such, there is need in the art for a secure, remote database system that allows for enhanced security while reducing computational and hardware load on both the servers and local machines. SUMMARY OF THE INVENTION An aspect of an embodiment of the present invention provides for an end-to-end encrypted data protection system using linked chains of data packages and logical packages that allows for local use of remotely stored data without the requirement to download all of the data in the data environment for a user session. The secure chain data environment utilizes a server which is blind to the data held within the data pool and never allows access to any unencrypted data to the server machine. The secure chain data environment may comprise a data pool that is divided into logical groupings of data. These logical groupings of data are further subdivided into data packages which contain the encrypted data of the data pool and a header that provides bibliographic information regarding the data package and its relation to other packages in the secure chain data environment. Each logical grouping of data packages is tracked by a series of logical packages, which may also include a header and encrypted data that tracks the data packages associated with that logical group. The header of each data package and each logical package includes information on the preceding version of the data package or logical package to allow for the arrangement of data packages and logical packages into data chains and logical chains, which are linked lists of the version history of each series of data packages and logical packages. Data packages and logical packages are organized and identified by their unique checksums, which may be calculated from their encrypted state. This unique checksum identifier allows the server holding the data of the secure chain environment to maintain all data packages and logical packages with a simple list of checksums of all packages in the data pool without the ability to identify any data package or logical package and without access to the encrypted data contained therein. The listing of data packages and logical packages by checksum and with included header information allows a local machine to identify all data packages and logical packages without the need to download all data from the server. DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated into and form a part of the instant specification, illustrate several aspects and embodiments of the present invention and, together with the description herein, serve to explain the principles of the invention. The drawings are provided only for the purpose of illustrating select embodiments of the invention and are not to be construed as limiting the invention. FIG. 1 provides a block diagram of an exemplary embodiment of a secure chain data environment system. FIG. 2 provides a block diagram of the data structure of an exemplary embodiment of a secure chain data environment. FIG. 3 provides a block diagram of the nested data structure of an exemplary embodiment of a secure chain data environment. FIG. 4 provides a flowchart of an exemplary embodiment of a method for setting up or establishing a secure chain data environment. FIG. 5 provides a schematic depiction of an exemplary embodiment of the data st