Personal DevicE e Encryption

Embodiments relate†o security of data on a device. In some embodiments the data may be backed up to a storage means.

Background;

With the proliferation of smart devices and increases in the number of options in the availability of personal digital devices, each consumer nowadays has his/her own "favourite" device. This has repercussions for example in the business environment in that an employee often would prefer to use their own personal device for business use as well as personal use. This has led to a so-called "bring your own device (BYOB)" to work scenario where more and more employees use the same device for both work and personal functionality.

This dual use of the device introduces challenges from a security perspective. Given the host of mobile platforms and applications that users of a device implement, it is a daunting task for system administrators to maintain devices and applications. In particular the protection of potentially sensitive business data and content comes to the fore when a business device is also used a personal context.

Summary:

According to a first aspect, there is provided a method comprising: encrypting a file comprising content and metadata for storage in a storage means by: encrypting the file content; and encrypting a first part of the metadata and at least a second part of the metadata; wherein the first part and the second part are encrypted independently of one another.

Encrypting a first part of the metadata may comprise providing a first encrypted value and encrypting the at least a second part of the metadata may further comprise providing a respective at least a second encrypted value. The method may further comprise: providing the encrypted file content, first encrypted value and the respective at least a second encrypted value for storage at the storage means.

The metadata may comprise a plurality of keywords and the first part may comprise a first keyword of the metadata and the at least a second part may comprise a respective at least a second keyword. Each keyword of the plurality of keywords may be one of an attribute, field and property of the file.

The first and at least second part of the metadata may be encrypted using a first encryption algorithm. The first encryption algorithm may be one of a: hashing algorithm and a probabilistic encryption algorithm.

The method may further comprise requesting the retrieval of the encrypted file content from the storage means by; encrypting the first part of the metadata using a seeond encryption algorithm; and providing the encrypted first part of the metadata to the storage means as part of a request for retrieval of the encrypted file content.

The method may further comprise: determining whether the encrypted first part of the metadata in the request corresponds to the encrypted first part of the metadata stored at the storage means; and providing the corresponding encrypted file content when the encrypted first part of the metadata in the request corresponds to the encrypted metadata stored at the storage means.

When it is determined that the first part of the metadata has changed, the method may further comprise: encrypting the changed first part of the metadata; and providing the encrypted changed first part of the metadata to the storage means. The method may further comprise: receiving the encrypted changed first part of the metadata; and updating the encrypted first part of the metadata stored at the storage means to correspond to the received encrypted changed first part of the metadata. When the encrypted changed first pari of the metadata is received from a first device, the method may further comprise: providing an indication of the updated metadata to at least one other device. At least one other device may be configured to access the file.

The first encryption algorithm may be a probabilistic encryption algorithm and may comprise encrypting the first and at least second part of the metadata in dependence on a public key and a reference to the location of the encrypted file content in the storage means.

According to a second aspect, there is provided an apparatus comprising: encryption means for encrypting a file comprising content and metadata for storage in a storage means by. encrypting the file content; and encrypting a first part of the metadata and at least a second part of the metadata; wherein the first part and the second part are encrypted independently of one another.

Encrypting a first part of the metadata may comprise providing a first encrypted value and encrypting the at least a second part of the metadata further comprises providing a respective at least a second encrypted value. The apparatus may further comprise: communicating means for providing the encrypted file content, first encrypted value and the respective at least a second encrypted value for storage at the storage means.

The metadata may comprise a plurality of keywords and the first part may comprise a first keyword of the metadata and the at least a second part may comprise a respective at least a second keyword. Each keyword of the plurality of keywords may be one of an attribute, field and property of the file. The encryption means may be further configured to encrypt the first and at least second part of the metadata using a first encryption algorithm. The first encryption algorithm may be one of: a hashing algorithm and a probabilistic encryption algorithm.

The apparatus may be configured to request the retrieval of the encrypted file content from the storage means, wherein the encryption means may be further configured to encrypt the first part of the metadata using a second encryption algorithm and the communication means may be further configured to provide the encrypted first part of the metadata to the storage means as part of a request for retrieval of the encrypted file content.

When it is determined that the first part of the metadata has changed, the encryption means may be further configured to encrypt the changed first part of the metadata; and the communicating means may be further configured to provide the encrypted changed first part of the metadata to the storage means, The first encryption algorithm may be a probabilistic encryption algorithm and may comprises encrypting the first and at least second part of the metadata in dependence on a public key and a reference to the location of the encrypted file content in the storage means.

According to a third aspect, there is provided an apparatus comprising: storage means for storing a file comprising encrypted file content, a first encrypted first part of the file metadata and an encrypted at least a second part of the file metadata; wherein the first part and the second part are encrypted independently of one another.

The apparatus may further comprise: communication means for receiving a request for retrieval of file content comprising a second encrypted first part of the file metadata encrypted using a second encryption algorithm; and determining means for determining whether the second encrypted first part of the metadata corresponds to first encrypted first part of the metadata; wherein the communication means is further configured to provide the corresponding encrypted file content when the second encrypted first part of the metadata corresponds to the second encrypted first part of the metadata.

When the first part of the metadata is changed, the communication means may be further configured to receiving an encrypted changed first part of the metadata and the apparatus may be further configured to update the encrypted first part of the metadata stored at the storage means to correspond to the received encrypted changed first part of the metadata.

When the encrypted changed first part of the metadata Is received from a first device, the apparatus may be further configured to: provide an Indication of the updated metadata to at least one other device. At least one other device may be configured to access the file.

According to a fourth aspect, there is provided a computer program product comprising program instructions, when executed, performing the steps ofs encrypting a file comprising content and metadata for storage in a storage means bys encrypting the file content; and encrypting a first part of the metadata and at least a second part of the metadata; wherein the first part and the second part are encrypted independently of one another.

According to a fifth aspect, there is provided a computer program product comprising program instructions, when executed, performing the steps ofs storing a file comprising encrypted file content, a first encrypted first part of the file metadata and an encrypted at least a second part of the file metadata; wherein the first part and the second part are encrypted independently of one another.

According to a sixth aspect, there is provided an apparatus comprising a memory and at least one processor, the apparatus configured to: encrypt a file comprising content and metadata for storage In a storage means by: encrypting the file content; and encrypting a first pari of the metadata and at least a second part of the metadata; wherein the first part and the second part are encrypted independently of one another.

According to a seventh aspect, there is provided an apparatus comprising a memory and at least one processor, the apparatus configured to store a file comprising encrypted file content, a first encrypted first part of the file metadata and an encrypted at least a second part of the file metadata; wherein the first part and the second part are encrypted independently of one another.

Summary of the Figures:

For better understanding of the present application, reference will now be made by way of example to the accompanying drawings in which;

Figure 1 shows schematically an example of encrypted data being backed up;

Figure 2 shows schematically an example of a user interface according to some embodiments;

Figure 3 shows a flow diagram of a method of some embodiments;

Figure 4 shows schematically an example of encrypted data being backed up according to a first embodiment;

Figures 5a and b are flow diagrams depicting the method steps of storing and retrieving files according to a first embodiment;

Figures όα, b and c show schematically data being backed up, retrieved and updated according to a second embodiment;

Figures 7a, b and c are flow diagrams depicting the method steps for storing, retrieving and updating data in accordance with the second embodiment;

Figure 8 schematically shows and example of a multi-device environment;

Figures 9a and 9b are flow diagrams depicting the method of Initializing a device and synchronising devices of the multi-device environment; and

Figure 10 schematically shows an apparatus according to some embodiments.

Embodiments; Embodiments of the present application aim to provide a system for the encryption of business data on devices that may be used for both business and personal activities. Embodiments may back up such data while addressing potential security risks.

Secure storage solutions exist in which data on a device, for example a mobile phone or personal digital assistant {PDA}, may be backed up fa a remote storage location in order to protect against the corruption of the data. Before being backed up to the remote storage, the sensitive data or content on the device being may be encrypted in order to increase the security surrounding such data. A variety of encryption algorithms are available for encryption.

Devices that operate as business devices as well as personal deyices provide a unique security threat to any sensitive business data. These devices may be backed up using and interact with software programs selected by a user of the device and these programs may not adhere to the security requirements of a system administrator of the business. One approach to securing the sensitive data is to provide encryption on the device for encrypting the data for storage.

This encryption of sensitive data may be carried out in a variety of ways.

In one approach the sensitive data, for example data files on the device, may be encrypted with both the metadata and the content of the files being encrypted together. While this provides security of the files, it becomes difficult for a user to search for a specific file as both the file content and metadata identifying the file is encrypted.

Some systems may encrypt the data so that it can be searched by encrypting only the content of the file and storing the metadata associated with the file in an unencrypted or plain text form, in this way, while the content of the file is encrypted, a user may still search for specific file based on the metadata of that file. However metadata of a file may contain sensitive information and storing such information in plain text may comprise the security of the file.

In other systems, a file name may be associated with the file comprising metadata and content. The metadata and associated content may then both be encrypted and stored with the unencrypted file name being associated with the encrypted data. Searching of the encrypted data may be possible based on the unencrypted associated filename.

In some cases however, the file name may be descriptive of the contents of the file and a security risk. Additionally, the searching functionality is restricted as searches may be only carried out based on the filename and not on any attributes of a file stored in the metadata.

In embodiments of the present application a system may be provided where metadata associated with a file content may be encrypted such that the metadata is searchable.

In embodiments, file metadata may be broken up info one or more keywords. These keywords may correspond to an aspect, field or property of the file metadata. A keyword may be encrypted to form a first encrypted value or encrypted searchable keyword and stored in a file storage means. The encryption of the keyword before storage may prevent the file storage means (which may be provided by an untrusted third party) from being aware of the plaintext data in the keyword.

In some embodiments, an encrypted searchable keyword may be associated with a location of corresponding file content in the file storage means.

A keyword may be encrypted to form a second encrypted value or trapdoor when the file contents stored by the file storage means are to be retrieved. The trapdoor may be compared to the encrypted searchable keyword to determine if the keyword used to generate the trapdoor matches the keyword used to generate the encrypted searchable keyword. If the keywords match, the comparison returns a reference to the location at which the corresponding file content has been stored.

In some embodiments, metadata keywords and file content are encrypted using a public key before being stored in the storage means. The file storage means may therefore not have access to the plaintext value of either the file content or the metadata. In some embodiments, each keyword may be individually encrypted by a first encryption algorithm†o provide encrypted searchable keywords, These searchable encrypted keywords may each be associated with the location of the file content associated with the keyword. The searchable encrypted keywords may be searchable using encrypted keywords to recover information associated with the location of the file content In the storage means.

Embodiments may deal with the back-up, retrieval and updating of files in a storage means. Embodiments may be implemented in a single active device environment and/or in a multiple device active environment.

Figure 1 shows an example of backing up a device according to one embodiment.

Figure 1 shows a first device 110 and a second device 1 20, in embodiments, the first device 110 may be a personal device that Is used for both personal and business purposes. For example, such a device may be a mobile telephone such as a smart phone, a PDA, laptop, netbook, tablet computer or any other device that may be used to process both personal and business data.

The first device 110 may comprise a storage area 114 which may store number of files 111 , 112 and 113. Each file 111 , 112 and 113 may comprise a metadata section 115 and a content section 116, For example the first file 111 comprises metadata M1 and content C1 . The second and third files 112 and 113 may comprise metadata M2 and M3 and content C2 and C3 respectively.

One or more of the files 111 , 112 and 113 stored on the device 110 may be backed up to a second device 1 20. In order to back up the data, the first device 110 may be connected to the second device 1 20 via any suitable means. This may be for example a wired connection for example a USB cable, or through a wireless interface, for example Wi-Fi or any access network. In order to protect the security of the files 111 , 112 and/or 113, these files may be encrypted or otherwise secured before or during the copying and transfer of the files to the second device 1 20. The files may transferred for storage to the second device 1 20.

It will be appreciated that the files 111 , 112 and 113 may be moved to the second device 1 20 for a variety of reasons for example for backing up of the data, for extra storage and/or for synchronisation of data among multiple devices.

The second device 1 20 may be any device suitable to store the secured data from the first device 110 or any other suitable device. It will be appreciated that while the second device 1 20 has been depicted as a passive device (providing storage of the data only), in some embodiments, the second device may edit and otherwise process the data. The second device 1 20 may be for example a database, network storage, personal computer, business computer or any other device suitable for the storage of data files.

The second device 1 20 may have a storage area 124 which may be operable to store the first, second and/or third files 111 , 112 and 113 in an encrypted or otherwise secured form.

The storage area 1 24 of the second advice 1 20 may compromise a first section 125 which stores secured metadata 115 of the files and a second section 126 which may store the encrypted contents 126 of the files 111 , 112 and/or 113.

if will be appreciated that the files 1 21 , 1 22 and 1 23 stored in the storage area 124 of the second device 1 20 correspond to the secured and encrypted files 111 , 112 and 113 stored in the storage area 114 of the first device 110.

It will be appreciated that the securing of the metadata and encryption of the contents of the files 111 , 112 and/or 113 may be done by the suitable software residing on one of the first device 110 and the second device 1 20, both of these devices and/or a third party device. In some embodiments, the securing of the files may be carried out by the first device 110 before being transferred to the second device. In other embodiments, the securing may be carried out by the second device 1 20 in communication with the first device 110. However it will be appreciated that in this case the second device 1 20 will be a trusted deyice. In other or additional embodiments, the securing may be carried out by a third device and/or a combination of the devices.

The functionality for the securing of the fifes may in some embodiments be provided by an application or program for backing up or storing data. In some embodiments the functionality may be provided by a computer program or software designed as a plug-in or wrapper to work with an existing backing up or storage solution. For example, a user may use their preferred software or application for the backing up of data on their device and the securing carried out by some embodiments may be provided as a plug-in wrapper for the existing backup application and/or storage solution.

For example a user may be making use of the mobile to PC synchronisation tool. It will be appreciated that embodiments of the present application may be used in conjunction with any backup storage solution.

in the foregoing, the first device 110 has been described as being used for both business and personal reasons, it will be appreciated that this is by way of example only and the device may be any device making use of data files having different security concerns. For example so-called "business" data may be associated with a higher security needs and personal data may be associated with lower security needs. Additionally or alternatively a user may designate data or a data type as being higher or lower security.

For example, in same embodiments, a user may select which documents are to be backed up securely. Additionally or alternatively, a system administrator may preeonflgure the system to have a default selection of files for securing in the manner of embodiments of the present application.

Figure 2 shows an example of an user interface for data securing in accordance with some embodiments. The securing system may be implemented on the first device 110. The system may be implemented as a standalone storage system or as a plugin for an existing storage solution. The interface may ask a user to select which files the user wishes to securely backup. In some embodiments, the user may be a system administrator and may set the default preferences to backing up a certain file type securely.

Figure 2 shows the first device 110 and the second device 1 20. It will be appreciated that in figure 2, the first device 110 is shown as a smart phone and the second device 1 20 is shown as a personal computer. It will be appreciated that this is by way of example only and these devices may take a different form.

The first device 110 of figure 2 shows a user interface 201 providing a selection of file types to be backed up. In this example, the files may be documents, pictures, music and/or videos. It will be appreciated that any suitable file type or identification of a file may be used for the selection. In one embodiments, the selection may be based on a security need for a file, for example a low, medium or high security need.

in the case of figure 2, the user has selected documents and videos to be backed up securely. It will be appreciated that in some embodiments, only these files may be backed up. In other embodiments all the files may be backed up with only the selected files being backed up in accordance with the securing of embodiments of the present application.

Figure 3 shows an example of a method carried out by some embodiments of the present application.

At step 301 of figure 3, the contents C1 of the one or more selected files 111 , 112 and 113 are encrypted to E1 . It will be appreciated that the files to be encrypted may have previously been selected for example according to the user interface of figure 2.

The method then proceeds to step 302 where the metadata M1 associated with the selected content C 1 encrypted at step 301 is secured.

In a first embodiment, the metadata may be secured by generating a hash of the metadata Ml . In a second embodiment, the metadata Ml may be secured by encrypting the metadata. It will be appreciated that the secured metadata (via hashing or encryption) may be such that the metadata is searchable in the storage means 1 24 of the second device 1 20 in its secured form. The method then proceeds to step 303, where the encrypted content E1 and associated secured metadata S 1 is stored in the storage device, for example the storage means 124 of the second device 120. It will be appreciated that this is by way of example only and in some embodiments the secured metadata S 1 may be stored before or after the encrypted file content E1 is stored.

Metadata Ml , M2 and/or M3 of a file may comprise a plurality of aspects. An aspect may be for example a field or property of the metadata in some embodiments. For example, metadata may comprise aspects such as name, path, type, properties, access permissions, exchangeable Image file format (EXIF) metadata in the case of images and/or other information associated with the content of the file.

It will be appreciated that some aspects of the metadata may be constant. For example the type of data may remain unchanged even if the content of a file is edited or changed in some way. Other aspects of the metadata may change when the content associated with that metadata is changed. For example properties or access permissions of the content may be changed.

In some embodiments, the metadata may comprise a section of constant data and a section of variable data. The constant data may correspond to fixed aspects of the file, for example the type, and the variable data may correspond to the aspects of the metadata that change when the content or characteristics of the file is edited.

In some embodiments, the metadata may be divided into a constant data section and a variable data section and each section may be secured independently. In this manner, while a user of the data may change the metadata associated with the file, the constant part of the metadata remains unchanged and may be used to searchable information.

Figures 4a and 4b show the backup and retrieval of file contents according to a first embodiment of the present application.

In a first embodiment, file contents may be securely backed up by encrypting the contents of the file and hashing the metadata of the file. It will be appreciated that hashing is a deterministic encryption, in other words hashing the same value always produces the same value and the hashed value may be a function of the contents of data being hashed.

Figure 4a shows a first device 110 having a storage means 114 storing a first file 111 and a second file 112. The first and second files 111 and 112 may comprise a metadata section 115 and content section 116. A second device 120 has a storage means 124 where a back up of the first file 111 and the second file 112 may be stored.

The first and second files 111 and 112 may be backed up in the second device 120 having an encrypted content section 126 and a secured metadata section 125. It will be appreciated that the secured metadata section 125 may be considered as a key to the content. Each backed up file may therefore be stored as a key 125 and content 126 pair.

Each aspect of the metadata may be a keyword that can be used to search for a file. For example metadata may comprise one or more aspects or keywords and each of these keywords may be used to locate a file in the storage means 120.

In this first embodiment, a keyword may be stored in a hashed format in the storage means. The vendor of the storage means or of the backing up software may therefore not have access to the plaintext metadata. When a user wished to search the storage means, a plaintext keyword stored at the first device 110 may be hashed and matched against the hashed keywords in the storage means.

When a file, for example file 111 and/or 112 is securely backed up to the second device 120, the contents of the file, for example C1 , are encrypted and stored in the storage device 120. Additionally the metadata of the file is secured, in this example by hashing the metadata to provide H1 and stored as the key 125 in association with the encrypted content.

Figure 5a shows the method steps carried out in the backing up of a file according to this embodiment.

At step 501 a constant part or keyword of the metadata of the file 111 is hashed. The method then proceeds to step 502 where a second part or keyword of the metadata, namely the variable metadata !s hashed. The hashed first and second keywords may form the key H 1.

it will be appreciated that the metadata may comprise more than two aspects or keywords. Each keyword of the variable part of the metadata may be individually hashed in some embodiments. One or more keywords of the constant part of the metadata may be hashed together or separately.

At step 503, the content C1 associated with the hashed metadata is encrypted to produce E1 .

The method then proceeds to step 504 where the hashed metadata H 1 and the encrypted content E1 is stored at the storage device 120 in the storage means 124 as a key 125 and content 126 pair.

It will be appreciated that while the method steps of figure 5a have been shown in a specific order, this order may vary. Far example, the content of a file may be encrypted before the metadata is hashed in some embodiments. Additionally the constant and variable part of the metadata may be hashed in any order.

Figure 4b shows the retrieval of information stored at the second device 120 in accordance with the first embodiment. Similarly to figure 1 , figure 4b comprises a first device 110 and a second device 120 having a storage means 124 and a first and second securely stored file 121 and 122. The securely stored files comprise a key 125 and content 126 pair.

If the metadata Ml was hashed and stored as the key 125 without separate consideration of the constant and variable parts or of the different keywords, then any editing of the file resulting in changed metadata (for example one or more changed keywords) will render the file unsearchable as the metadata of the file in the first device 110 will no longer match the metadata of the file in the storage deyice 120

In the present embodiment, in order to retrieve a file, one or more keywords of the constant part of the metadata stored at the first device 110 is hashed and matched to the key 125 in the second device 120. This is shown by step 511 of figure 5b.

It will be appreciated that the key may comprise the hashed constant part of the backed up metadata and the hashed variable part of the backed up metadata and in retrieval the hashed constant part of the metadata of the first device 110 may be matched the that part of the key corresponding to the backed-up constant part of the metadata.

As the constant part of the metadata may remain unchanged even though a file may have been edited, this may be matched to the key content pair stored on the second device 120 regardless of any variable part of the metadata being changed. This is shown in step 512 of figure 5b,

When a match is found between the hashed constant part of the metadata and the key of the key content pair on the second device 120, the associated encrypted content 126 may be retrieved from the second device 120 and returned to the first device 110 at step 513.

it will be appreciated that the encrypted content may be decrypted for use of the user. The decryption may for example be carried out by the second device 120 or by the first in device 110. In other embodiments the decryption may be carried out by third party.

It will also be appreciated that in some embodiments, the hashed metadata at the storage device may be updated as changes occur. The first device may identify a file in the storage means by the hashed constant part of the metadata and provide and updated hashed variable part of the metadata to replace the outdated variable part.

It will be appreciated that while the data stored on the second device 120 is described as a key content pair, it will be apparent that the content may correspond to the encrypted content C1 of the first device and the key may correspond to the secured metadata Ml of the first device 110. It will be appreciated that key may comprise a hashed constant part of the metadata and a hashed variable part of the metadata.

The hashed constant part may comprise one or more keywords of the constant part of the metadata hashed together or separately. Similarly, the hashed cariable part may comprise one or more keywords of †he variable part of the metadata hashed together or separately.

As discussed above, it will be appreciated that hashing can be considered to be a deterministic encryption, In other words hashing the same value always produces the same hash value. While hashing may be simple operation that may be associated with performance, it will be appreciated that a hashing mechanism is not as secure as a probabilistic encryption mechanism.

In a second embodiment a probabilistic encryption may be applied to the metadata. In some embodiments the same encryption may be applied to the metadata and content and may make use of a public key infrastructure scheme, in probabilistic encryption, a same value encrypted twice may produce different cipherfexts. This may provide a higher security then the use of hashing algorithms.

Figures 6 and 7 show an example of a backup, retrieval and update of content stored at a second device 120 in accordance with the second embodiment. For example in accordance with a public key encryption scheme. The public key encryption scheme may further provide indexing and searching functionality for the stored content.

A public key encryption keyword based indexing and search (PEKIS) according to some embodiments, may make use of the following polynomials time randomised algorithms;

KGEN ( 1 k); outputs a public-private key pair (A_pb, A_pr),

ENC(A_pb, C l )s outputs the ciphertext E l corresponding to the content C1 encrypted under public key A__pb.

DEC(A_pb, E1 ): decrypts the cipher text E1 returning the corresponding plain text value C1 .

SENC(A_pb, w, refl ): outputs an encryption sw ₁ of value refl searchable by keyword w.

DOOR(A _{_} pr, w'): output a trapdoor tw' that allows to search by keyword w'.

TEST(A_pb, sw, tw'): outputs the value ref1 if w=w'.

In this embodiment, a reference to the location of encrypted file content E1 is encrypted together with a metadata keyword to form an searchable encrypted keyword sw _n which is stored in the storage means. When the file is to be located, the keyword w (stored at the first device) is encrypted to form a trapdoor tw. The trapdoor tw is compared to the searchable encrypted keyword using a test algorithm, if the keyword in the searchable encrypted keyword matches the keyword in the trapdoor, the test algorithm returns the reference refl to the location of the encrypted file content E1 of the associated file in plaintext.

Figures 6 and 7 show the backup, retrieval and updating of securely stored content by a first device 110 on a second device 120.

The first device may comprise storage means 114 for storing a first and second file 111 and 112. The first and second files 111 and 112 may comprise a metadata section 115 and a content section 116. The second device 120 may similarly comprises storage means 124 which may store encrypted content 126. It will be appreciated that the first and second devices 110 and 120 may be similar to those of figure 1 and like numerals may denote like.

The operation of backing up content is shown by figure 6a and method diagram 7a.

At step 701 of figure 7a, the content C1 of a file 111 may be encrypted. The content may be encrypted using the encryption algorithm ENC. The file contents C1 may be encrypted using the public key A__pb to form E1 . In this example the public private key pair A_pb, A__pv may not be symmetrical. It will be appreciated that the encrypted content E1 may be decrypted later using the private key A_pv. For example at step 701 :

E1 = ENC(A_pb, C1 )

At step 702, the encrypted content E1 may be stored in the storage means 124 of the second device 120. A reference ref l to the stored location of the encrypted content E1 may be provided. It will be appreciated that this reference may be provided by the a computer program being used †o back up the information and may for example be provided by software running on the first device 110, the second device 1 20 and/or a third device at.

At step 703, the reference ref ! to the stored location of the encrypted content E1 is provided.

As discussed, the metadata may comprise a set of attributes, fields or properties. These may be for example name, last modified date, creator, access permissions, content properties etc. it may be desired to be able to search the securely store content E1 based on one or more of these attributes, fields or properties. Each attribute may correspond †o a keyword and a search of the backed up file contents may be carried out based an that keyword.

in embodiments, one or more keywords of the metadata may be encrypted, it will be appreciated that in some embodiments, each keyword of the metadata may be independently searched while in other embodiments only some keywords may be chosen to be searchable. The remaining keywords may be encrypted together in some embodiments.

In this embodiment, each keyword may be encrypted using the searchable encryption (SENC) algorithm.

For example, W may denote the set of keywords of a file metadata and may comprise individual keywords w _1, w ₂ , w ₃ etc. One or more of the keywords may be individually encrypted. A keyword w _n may be encrypted to form a searchable encrypted keyword sw„. The searchable encrypted keyword sw _n may include information corresponding to the reference ref 1 to the location of the encrypted content E1 associated with the file.

In one w _n may be encrypted as follows:

sw _n =SENC(A_pd, w _n , ref 1 )

The metadata keywords may be encrypted at step 704. At step 705 the encrypted keywords may be sent for storage at the second storage device 120.

Figure 6b shows an example of the retrieval of encrypted content E1 stored at the second device 120 based on a keyword of the metadata of the file F1 .

If the user wishes to retrieve content stored at the second device 120, it is determined which keyword ( w ₁ , w ₂ , w ₃ etc) of the metadata is to be used for searching for the content. For example the keyword w' _n , may be selected for searching for the encrypted content E1 ,

At step 711 of figure 7b, the selected keyword w' _n is encoded using the private key to provide a trapdoor tw' _n . For example:

tw' _n = DOOR (A_pr, w' _n )

It may then be determined whether the keyword w' _n used to generate the trapdoor tw _n corresponds to the key word wn used to generate the searchable encrypted keyword sw _n . This may be carried out at step 71 2 of figure 7b.

in some embodiments, the encrypted selected keyword w' _n for searching, the so-called "trapdoor"†w' _n , may be compared against the metadata of the keys stored in the second storage device 1 20. When it is determined that the trapdoor matches a stored metadata keyword in the searchable encrypted keyword sw _n , a reference ref 1 to the storage location of the associated file content is provided. The reference may be used to return the encrypted content to the first device 110. This is shown at step 71 3 figure 7b.

For example, in some embodiments this comparison may be carried out using the test algorithm where the reference refl is output if w' _n in twV. matches w _n of sw _n .:

ref1 = TEST(A_pb, sw _n ,†w' _n )

The encrypted content E1 may be retrieved from the location indicated by the reference refl . It will be appreciated that any suitable algorithm for the test algorithm may be used.

St will be appreciated that one or more attributes or keywords of a file may be changed during the editing and/or manipulation of the content of a file, in some embodiments, the metadata itself may be directly changed through the editing of file characteristics, for example permissions of a file. Figure 6c and 7c shows the updating of a metadata attribute in the secure storage device 1 20 when such a change has occurred.

Figure 6c shows the first device 110 having a first and second file 111 and 112 in a storage means 114. Each file may comprise a metadata section 115 and a content section 116. The second device 1 20 may securely store encrypted content of a backed up file in the storage means 1 24. Stored encrypted metadata in the second device 1 20 of figure 6c may be updated in accordance with the method steps of figure 7c.

At the first step 721 In figure 7, it is determined whether a keyword of a file to be updated has changed, If the metadata has not been updated, the method proceeds to step 722 and the content of the file is encrypted and stored in storage means 124 of the second device 1 20. The encrypted content may replace previously stored content corresponding to that file in the second device 1 20, It will be appreciated that the updated content will be stored in the same location as the previous content and the reference to the location ref 1 will remain unchanged.

If it is determined that the metadata has been updated at step 721 , then each keyword of the metadata that has been updated is re-encrypted with the searchable encryption. This is shown in step 723. The method then progresses to step 724 where an old keyword is used to identify the file being updated. It will be appreciated that the old keyword may correspond to the metadata at the previous backup of a file. In other words the old keyword corresponds to the keyword before it was changed.

The metadata and content of the identified file stored at the second device 1 20 is then updated by storing the new searchable encrypted keyword and encrypted file content at step 725.

The foregoing has been described with reference to an environment having an active device 110 and a passive device 1 20. The active device 110 may edit and/or change information held in files whereas the passive device 1 20 merely stores this information. It will be appreciated however that embodiments may be applicable to multi-device environments comprising more than one active device. Such an environment is shown for example in figure 8.

The multi-device environment 800 may comprise a first active device 110, a second actiye device 801 , a third active device 802, a fourth active device 803 and file storage ] 20, While four active devices have been exemplified in figure 8, it will be appreciated that the environment 800 may comprise more or less devices.

The active devices may be a variety of devices, for example a mobile telephone, such as a smart phone, a personal digital assistant (PDA), a tablet computer, a laptop or other personal or business computer or any other suitable device for the communication of information for remote storage.

Furthermore while the file storage 1 20 has been depicted as a cloud, it will be appreciated that the file storage 1 20 may be one or more devices or storage systems providing backup and storage of files of the actiye devices. For example, the storage system 1 20 may comprise one or more processors and a memory as well as, in some embodiments, encryption and decryption capabilities and communication interfaces.

It will be appreciated that the file storage 1 20 of figure 8 may have similar functionality to the storage device 1 20 of figure 1.

It will also be appreciated that the file storage 1 20 may comprise a device that may not only provide storage of sensitive information but also edit and change such information, in other words the file storage 1 20 may additionally act as an active device.

In the example of the multi-device environment 800, the first active device 110, second active device 801 , third active device 802 and fourth active device 803 may be related in that they may have permissions to access the same or similar files stored in the file storage 1 20. For example the active devices may be all associated with a specific user or group of users. The actiye devices may have been registered and, in some embodiments, verified as belonging to a particular user or as having access permissions. It will be appreciated that each device may backup, retrieve and/or update data stored in the file storage 1 20 in accordance with one or more of the preceding embodiments.

When an active device joins the multi-device environment 800, the joining device may be initialised. This initialisation is shown in method step 901 figure 9 A,

Irt order to initialise with the system, a joining device may be synchronised with encryption information of the system and file metadata stored in the file storage 1 20. This encryption information may be, for example, the information used to encrypt and/or secure data when it Is stored in the file storage 120 and may be for example a hashing algorithm or a key pair.

During the Initialisation, the joining device may be made aware of the metadata of the files that if can access in the file storage 120. The joining device is made aware of this metadata so that it may search, retrieve and update the information (including the metadata and file contents) stored at the file storage 1 20. During initialisation at step 901 of figure 9a, the joining device is synchronised with the metadata stored in the file storage 1 20. it will be appreciated that the foining device need not be synched to all the metadata held in the file storage 1 20 but only selected metadata and/or metadata of files which the joining device is allowed to access.

This synchronisation of the metadata and encryption/securing information may be performed using a secure direct transfer mechanism, for example via a USB cable or other physical transfer method. In one embodiment, the initialisation may be carried out using a crypto protocol (for example proxy re~encryption) If the initialisation is fa be carried via a cloud (for example the cloud 120).

For example, in some embodiments a public private user key pair (A _pb , A _pr ) and the file metadata for each file to be synchronised between the joining device and other devices of the environment 800 may be transferred to the foining device. In some embodiments this may be via a USB cable or a physical information transfer such as a flashcard or memory stick. It will be appreciated that the transfer itself may be further secured via for example password protection or other authentication mechanism.

Once a device has joined the multi-device environment 800, the joining device may update and/or retrieve file content and information from the file storage 1 20 using the security information and the metadata provided to the foining device during the initialisation, it will be appreciated that the retrieval and update of information may be in accordance with the described embodiments.

In a multi-device environment such as the environment 800, more than one active device may edit or change the file metadata. In such a case, the file metadata in the file storage 1 20 may be updated to reflect the changes made by the active device.

For example, if the second active device 801 of environment 800 edits a files metadata and updates the corresponding metadata in the file storage 1 20, the updated metadata in the file storage 120 may no longer match the metadata stored In the other active devices 110, 802 and 803. In this case, a search issued by one of the other active devices 110, 802 and 803 using a metadata based keyword would not return the desired result as the corresponding metadata keyword at the file storage 120 has changed. Therefore when the metadata at the file storage 1 20 is updated by an active device, the metadata of all the active devices with access to that file In the multi-device environment should be updated.

Some embodiments of the present application provide the synchronisation of updated metadata amongst active devices of a multi-device system. One example of the method of synchronisation is depicted in figure 9b. In one embodiment, the file storage 1 20 may provide the updated metadata to the other devices in the multi-device environment when it is determined that metadata has been updated at the file storage by one of the active devices.

The other active devices may then update their metadata accordingly to be in line with the updated metadata,

In some embodiments, after a second active device has updated the metadata at the file storage 1 20, a first active device may try to retrieve a file based on the old (prior to the update) metadata keyword before the file storage 1 20 has Informed the first active device that the metadata keyword has been updated, in this case, the file storage may store both the old metadata keyword and the updated metadata keyword In association with each other. When the first device sends a request using the old metadata keyword, the old metadata keyword may be matched to the old metadata keyword at the storage device 120 and the associated new or updated metadata keyword may be returned to the first active device. The first active device may then generate a request using the new or updated metadata keyword.

For example, the second active device 801 may store metadata W1 associated with a first file Fl . The metadata W1 may comprise a plurality of keywords w ₁ , w ₂ , w ₃ ect. Similarly searchable keywords sw ₁ , sw ₂ , sw ₃ etc. comprising the encrypted keyword may be stored in the file storage 1 20 and associated with the location of the encrypted file content E1 of the first file Fl stored at the file storage 1 20.

One or more keywords corresponding to fields or aspect of the metadata W ₁ may be changed at the second active device. For example the keyword w ₁ may be changed to w ₁ '. It will of course be appreciated that the file content and other fields of the metadata may also have been changed. This can been seen by step 911 of figure 9b.

The second device may then update the metadata keyword held at the file storage 1 20 to correspond to the updated metadata keyword w ₁ '. The second device 1 20 may provide an encrypted version of the updated metadata keyword E w ₁ ^' to the file storage. This may be in accordance with step 91 2 of figure 9b.

For example, the second active device 801 may encrypt the updated metadata keyword ws' to create a new searchable keyword s w ₁ '. This may be done by, for example, using the algorithm SENC and provide the updated searchable keyword sw ₁ ' to the file storage to replace the previous searchable keyword s w ₁ . The second active device may further encrypt the updated metadata keyword w ₁ ' to be provided to the file storage 1 20. This may done for example using the encryption algorithm ENC to provide Ew ₁ '. It will be appreciated that the different in the encryption of the searchable keyword and the encrypted keyword is that the searchable keyword is encrypted using both the updated metadata and a location reference for the file contents.

The file storage 120 may then send the encrypted updated metadata keyword Ew ₁ ' to the remaining active devices in the multi-device environment 800. This can be seen at step 913 of figure 9b. The remaining devices may then update their locally stored metadata keywords in accordance with the updated metadata. Now when the remaining active devices wish to issue a search query, they may encrypt the updated metadata keyword w ₁ ' to form a trapdoor tw' ₁ to access the content of the file at the file storage 1 20.

In some embodiments situation may arrive where an active device attempts to retrieve the file contents based on an outdated metadata keyword, for example before that device has been informed of the updated metadata keyword from the file storage 1 20. In one example the file storage 1 20 may store both the previous value of the searchable keyword sw ₁ as well as the updated version of the searchable keyword s w ₁ '. On reception of a search request using the old metadata keyword, for example a trapdoor tw based on the old metadata keyword, the search may be carried out against the old metadata sw ₁ . If it is determined that the search matches old metadata in the form of the old searchable keyword sw ₁ , the file storage 1 20 may request the device to retry requesting a search and provide the device with the updated encoded metadata keyword E w ₁ '.

Figure 10 shows an example of an apparatus of some embodiments. The apparatus 1000 comprises a memory or other storage means 1001 and one or more processors 1002. It will be appreciated that the apparatus may form part of the first device 110 and/or second device 120 and may carry out the functionality of with these devices. The apparatus 1000 may further comprise a user interface and/or a communication means for communicating with further devices in any suitable form.

In general, the various embodiments of the invention may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. For example, some aspects may be implemented In hardware; while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing apparatus, although the invention is not limited thereto. While various aspects of the invention may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.

The embodiments of this invention may be implemented by computer software executable by a data processor of the mobile device, such as in the processor entity, or by hardware, or by a combination of software and hardware. Further in this regard it should be noted that any blocks of the logic flow as in the Figures may represent program steps, or interconnected logic circuits, blocks and functions, or a combination of program steps and logic circuits, blocks and functions. The software may be stored on such physical media as memory chips, or memory blocks implemented within the processor, magnetic media such as hard disk or floppy disks, and optical media such as for example DVD and the data variants thereof, CD.

The memory may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor-based memory devices, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory. The data processors may be of any type suitable to the local technical environment, and may include one or more of general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs), application specific integrated circuits (ASIC), gate level circuits and processors based on multi-core processor architecture, as non-limiting examples.

The foregoing description has provided by way of exemplary and non-limiting examples a full and informative description of the exemplary embodiment of this invention. However, various modifications and adaptations may become apparent to those skilled in the relevant arts In view of the foregoing description, when read in conjunction with the accompanying drawings and the appended claims. However, all such and similar modifications of the teachings of this invention will still fail within the scope of this invention as defined in the appended claims.