Claims:1. A decentralized network based system for distributed storage of an electronic file, the system comprising:
one or more processors communicatively coupled to a memory, the memory storing one or more instructions executable by the one or more processors, wherein the one or more processors upon execution of the one or more instructions causes the system to:
receive the electronic file;
extract one or more parameters associated with the electronic file;
obtain a hash of the electronic file;
generate a metadata associated with the electronic file, where the metadata comprises a combination of the extracted one or more parameters and the obtained hash of the electronic file;
encrypt the generated metadata, wherein the encrypted metadata is transmitted to a set of servers;
compress the received electronic file;
encrypt the compressed electronic file;
fragment the encrypted electronic file into a plurality of data fragments, where each of the plurality of data fragments are distributed across separate storage devices selected from a plurality of storage devices for storage;
retrieve the encrypted metadata, from the set of servers, wherein the encrypted metadata is decrypted to obtain a decrypted metadata of the received electronic file; and
combine the fragmented plurality of data fragments based on the obtained decrypted metadata to obtain a first electronic file associated with the electronic file.
2. The system of claim 1, wherein the obtained first electronic file is decrypted and decompressed.
3. The system of claim 2, wherein the decrypted and decompressed first electronic file is authenticated, at the server, by matching the obtained hash of the electronic file with a hash of the decrypted and decompressed first electronic file.
4. The system of claim 3, wherein upon the matching being successful the decrypted and decompressed first electronic file is similar to the received electronic file.
5. The system as claimed in claim 1, wherein the generated metadata is encrypted using a public key.
6. The system as claimed in claim 1, wherein the encrypted metadata is decrypted to obtaina decrypted metadata of the received electronic file using a private key.
7. The system as claimed in claim 1, wherein the public key and the private key are generated using asymmetric encryption cryptography.
8. The system as claimed in claim 1, wherein the set of servers is an immutable ledger accessible by an entity associated with a computing device.
9. The system as claimed in claim 1, wherein an access log of the received electronic file is maintained on the set of servers.
10. A method comprising:
receiving, at a server of a set of servers, an electronic file;
extracting, at the server, one or more parameters associated with the electronic file;
obtaining, at the server, a hash of the electronic file;
generating, at the server, a metadata associated with the electronic file, where the metadata comprises a combination of the extracted one or more parameters and the obtained hash of the electronic file;
encrypting, at the server, the generated metadata wherein the encrypted metadata is transmitted to the set of servers;
compressing, at the server, the received electronic file;
encrypting, at the server, the compressed electronic file;
fragmenting, at the server, the encrypted electronic file into a plurality of data fragments, where each of the plurality of data fragments are distributed across separate storage devices selected from a plurality of storage devices for storage;
retrieving, from the set of servers, the encrypted metadata, wherein the encrypted metadata is decrypted to obtain a decrypted metadata of the received electronic file; and
combining, at the server, the fragmented plurality of data fragments based on the obtained decrypted metadata to obtain a first electronic file associated with the electronic file.
, Description:TECHNICAL FIELD
[0001] The present disclosure relates to the field of data storage technology. More particularly, the present disclosure relates to a decentralized and secure data storage system.

BACKGROUND
[0002] Background description includes information that may be useful in understanding the present invention. It is not an admission that any of the information provided herein is prior art or relevant to the presently claimed invention, or that any publication specifically or implicitly referenced is prior art.
[0003] Modern computing devices often maintain a file system to organize storage of information in a storage medium. In the file system, blocks of data are typically grouped into files, which, in turn, may be placed into directories. In order to enable access to stored information, a file system may maintain various forms of metadata about the data being stored by the file system. The metadata may be accessed to determine where blocks of a file are located on the storage medium.
[0004] However, the prevalent concept of storing the metadata and the blocks of the file on a single server may lead to loss of the file when the server collapses or is attacked by a malicious entity. Further, the organizations maintaining these servers bill hefty maintenance and security charges, and are in complete control of the servers.
[0005] Hence, there is a need in the art for providing a solution that overcomes the above mentioned limitations by providing a decentralized and secured storage of the metadata and the blocks of the file across multiple servers so that failure of a single server may not impact storage and retrieval of the file and the metadata.

OBJECTS OF THE PRESENT DISCLOSURE
[0006] Some of the objects of the present disclosure, which at least one embodiment herein satisfies are as listed herein below.
[0007] It is an object of the present disclosure to facilitate providing a decentralized file storage leading to enhancing increased file data security and privacy.
[0008] It is an object of the present disclosure to facilitate providing decentralized file data storage that is difficult to attack than traditional centralized data.
[0009] It is an object of the present disclosure to facilitate providing a decentralized file data storage where files are encrypted with a private key which makes the file more secure preventing the file access from any other external entity.
[0010] It is an object of the present disclosure to facilitate providing decentralized file data storage where the file is fragmented and each of the fragments of the file are just a fraction of their original self leading to limiting access of entire content of the file.
[0011] It is an object of the present disclosure to facilitate preventing loss of file data by maintaining redundancy of the file data across multiple storage locations.

SUMMARY
[0012] The present disclosure relates to the field of data storage technology. More particularly, the present disclosure relates to a decentralized and secure data storage system.
[0013] An aspect of the present disclosure relates to a decentralized network based system for distributed storage of an electronic file, the system comprising: one or more processors communicatively coupled to a memory, the memory storing one or more instructions executable by the one or more processors, wherein the one or more processors upon execution of the one or more instructions causes the system to: receive the electronic file; extract one or more parameters associated with the electronic file; obtain a hash of the electronic file; generate a metadata associated with the electronic file, where the metadata comprises a combination of the extracted one or more parameters and the obtained hash of the electronic file; encrypt the generated metadata, wherein the encrypted metadata is transmitted to the set of servers; compress the received electronic file; encrypt the compressed electronic file; fragment the encrypted electronic file into a plurality of data fragments, where each of the plurality of data fragments are distributed across separate storage devices databases selected from a plurality of storage devices databases for storage; retrieve the encrypted metadata, from the set of servers, wherein the encrypted metadata is decrypted to obtain a decrypted metadata of the received electronic file; and combine the fragmented plurality of data fragments based on the obtained decrypted metadata to obtain a first electronic file associated with the electronic file.
[0014] In an embodiment, the obtained first electronic file is decrypted and decompressed.
[0015] In an embodiment, the decrypted and decompressed first electronic file is authenticated, at the server, by matching the obtained hash of the electronic file with a hash of the decrypted and decompressed first electronic file.
[0016] In an embodiment, upon the matching being successful the decrypted and decompressed first electronic file is similar to the received electronic file.
[0017] In an embodiment, the generated metadata is encrypted using a public key.
[0018] In an embodiment, the generated metadata is encrypted using a public key.
[0019] In an embodiment, the encrypted metadata is decrypted to obtain a decrypted metadata of the received electronic file using a private key.
[0020] In an embodiment, the public key and the private key are generated using asymmetric encryption cryptography.
[0021] In an embodiment, the set of servers is an immutable ledger accessible an entity associated with a computing device.
[0022] In an embodiment, an access log of the received electronic file is maintained on the set of servers.
Another aspect of the present disclosure relates to a method comprising: receiving, at a server of a set of servers, an electronic file; extracting, at the server, one or more parameters associated with the electronic file; obtaining, at the server, a hash of the electronic file; generating, at the server, a metadata associated with the electronic file, where the metadata comprises a combination of the extracted one or more parameters and the obtained hash of the electronic file; encrypting, at the server, the generated metadata wherein the encrypted metadata is transmitted to the set of servers; compressing, at the server, the received electronic file; encrypting, at the server, the compressed electronic file; fragmenting, at the server, the encrypted electronic file into a plurality of data fragments, where each of the plurality of data fragments are distributed across separate storage devices selected from a plurality of storage devices for storage; retrieving, from the set of servers, the encrypted metadata, wherein the encrypted metadata is decrypted to obtain a decrypted metadata of the received electronic file; and combining, at the server, the fragmented plurality of data fragments based on the obtained decrypted metadata to obtain a first electronic file associated with the electronic file.

BRIEF DESCRIPTION OF THE DRAWINGS
[0023] The accompanying drawings are included to provide a further understanding of the present disclosure, and are incorporated in and constitute a part of this specification. The drawings illustrate exemplary embodiments of the present disclosure and, together with the description, serve to explain the principles of the present disclosure.
[0024] The diagrams are for illustration only, which thus is not a limitation of the present disclosure, and wherein:
[0025] FIG. 1 illustrates a block diagram of a decentralized network based system in accordance with an embodiment of the present disclosure.
[0026] FIG. 2 illustrates exemplary functional components of a decentralized network based system in accordance with an embodiment of the present disclosure.
[0027] FIG. 3 illustrates exemplary representation for a decentralized network based system in accordance with an embodiment of the present disclosure.
[0028] FIG. 4 illustrates a flow diagram illustrating decentralized data storage in accordance with an embodiment of the present disclosure.
[0029] FIG. 5 illustrates a flow diagram illustrating storage of electronic file in a decentralized network based system in accordance with an embodiment of the present disclosure.
[0030] FIG. 6 illustrates an exemplary computer system to implement the proposed system in accordance with embodiments of the present disclosure.

DETAILED DESCRIPTION
[0031] In the following description, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the present invention. It will be apparent to one skilled in the art that embodiments of the present invention may be practiced without some of these specific details.
[0032] Embodiments of the present invention include various steps, which will be described below. The steps may be performed by hardware components or may be embodied in machine-executable instructions, which may be used to cause a general-purpose or special-purpose processor programmed with the instructions to perform the steps. Alternatively, steps may be performed by a combination of hardware, software, firmware and/or by human operators.
[0033] Embodiments of the present invention may be provided as a computer program product, which may include a machine-readable storage medium tangibly embodying thereon instructions, which may be used to program a computer (or other electronic devices) to perform a process. The machine-readable medium may include, but is not limited to, fixed (hard) drives, magnetic tape, floppy diskettes, optical disks, compact disc read-only memories (CD-ROMs), and magneto-optical disks, semiconductor memories, such as ROMs, PROMs, random access memories (RAMs), programmable read-only memories (PROMs), erasable PROMs (EPROMs), electrically erasable PROMs (EEPROMs), flash memory, magnetic or optical cards, or other type of media/machine-readable medium suitable for storing electronic instructions (e.g., computer programming code, such as software or firmware).
[0034] Various methods described herein may be practiced by combining one or more machine-readable storage media containing the code according to the present invention with appropriate standard computer hardware to execute the code contained therein. An apparatus for practicing various embodiments of the present invention may involve one or more computers (or one or more processors within a single computer) and storage systems containing or having network access to computer program(s) coded in accordance with various methods described herein, and the method steps of the invention could be accomplished by modules, routines, subroutines, or subparts of a computer program product.
[0035] If the specification states a component or feature “may”, “can”, “could”, or “might” be included or have a characteristic, that particular component or feature is not required to be included or have the characteristic.
[0036] As used in the description herein and throughout the claims that follow, the meaning of “a,” “an,” and “the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise.
[0037] Exemplary embodiments will now be described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. These embodiments are provided so that this invention will be thorough and complete and will fully convey the scope of the invention to those of ordinary skill in the art. Moreover, all statements herein reciting embodiments of the invention, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future (i.e., any elements developed that perform the same function, regardless of structure).
[0038] While embodiments of the present invention have been illustrated and described, it will be clear that the invention is not limited to these embodiments only. Numerous modifications, changes, variations, substitutions, and equivalents will be apparent to those skilled in the art, without departing from the spirit and scope of the invention, as described in the claim.
[0039] The present disclosure relates to the field of data storage technology. More particularly, the present disclosure relates to a decentralized and secure data storage system.
[0040] An aspect of the present disclosure relates to a decentralized network based system for distributed storage of an electronic file, the system comprising: one or more processors communicatively coupled to a memory, the memory storing one or more instructions executable by the one or more processors, wherein the one or more processors upon execution of the one or more instructions causes the system to: receive the electronic file; extract one or more parameters associated with the electronic file; obtain a hash of the electronic file; generate a metadata associated with the electronic file, where the metadata comprises a combination of the extracted one or more parameters and the obtained hash of the electronic file; encrypt the generated metadata, wherein the encrypted metadata is transmitted to the set of servers; compress the received electronic file; encrypt the compressed electronic file; fragment the encrypted electronic file into a plurality of data fragments, where each of the plurality of data fragments are distributed across separate storage devices databases selected from a plurality of storage devices databases for storage; retrieve the encrypted metadata, wherein the encrypted metadata is decrypted to obtain a decrypted metadata of the received electronic file; and combine the fragmented plurality of data fragments based on the obtained decrypted metadata to obtain a first electronic file associated with the electronic file.
[0041] In an embodiment, the obtained first electronic file is decrypted and decompressed.
[0042] In an embodiment, the decrypted and decompressed first electronic file is authenticated, at the server, by matching the obtained hash of the electronic file with a hash of the decrypted and decompressed first electronic file.
[0043] In an embodiment, upon the matching being successful the decrypted and decompressed first electronic file is similar to the received electronic file.
[0044] In an embodiment, the generated metadata is encrypted using a public key.
[0045] In an embodiment, the encrypted metadata is decrypted to obtain a decrypted metadata of the received electronic file using a private key.
[0046] In an embodiment, the public key and the private key are generated using asymmetric encryption cryptography.
[0047] In an embodiment, the set of servers is an immutable ledger accessible an entity associated with a computing device.
[0048] In an embodiment, an access log of the received electronic file is maintained on the set of servers.
[0049] Another aspect of the present disclosure relates to a method comprising: receiving, at a server of a set of servers, an electronic file; extracting, at the server, one or more parameters associated with the electronic file; obtaining, at the server, a hash of the electronic file; generating, at the server, a metadata associated with the electronic file, where the metadata comprises a combination of the extracted one or more parameters and the obtained hash of the electronic file; encrypting, at the server, the generated metadata wherein the encrypted metadata is transmitted to the set of servers; compressing, at the server, the received electronic file; encrypting, at the server, the compressed electronic file; fragmenting, at the server, the encrypted electronic file into a plurality of data fragments, where each of the plurality of data fragments are distributed across separate storage devices selected from a plurality of storage devices for storage; retrieving, from the set of servers, the encrypted metadata, wherein the encrypted metadata is decrypted to obtain a decrypted metadata of the received electronic file; and combining, at the server, the fragmented plurality of data fragments based on the obtained decrypted metadata to obtain a first electronic file associated with the electronic file.
[0050] FIG. 1 illustrates a block diagram 100 of a decentralized network based system in accordance with an embodiment of the present disclosure.
[0051] Distributed ledgers use available cryptographic techniques to provide a secure, verifiable record of transactions or stream of data packets. The transactions or the stream of data packets may be related to financial transactions, identification records, or files that need to be stored and maintained. Blockchain is one example of such distributed ledgers (also referred to herein as a connected set of servers), and shall be used interchangeable in the description ahead. The distributed ledger may be public or private, distributed or non-distributed. Further, a blockchain storage device includes a storage media storing one or more blockchain data structures containing records related to the transactions or the stream of data packets, and the blockchain data structures are signed by a cryptographic key. The storage device may be configured to generate a blockchain data structure and store the objects and the transactions to the blockchain data structure. The storage device may transmit encrypted objects and transactions to other devices that are authorized to support the blockchain data structure. Also, each of the storage devices may be considered “nodes” that support the distributed blockchain data structure. The blockchain storage devices described herein may be any of a self-encrypting drive (SED), a kinetic drive, object storage drives, and so forth.
[0052] As illustrated in FIG. 1 is a storage device 114 that is configured to receive and store objects (herein, also referred to as an electronic file along with metadata) to a storage media 112. The storage media 112 may comprise various volatile or non-volatile memory storage types including recording discs, NAND flash memory, rewriteable semiconductor memory, hybrid memory structures, and so forth.
[0053] In an embodiment, the electronic file 104 along with the metadata 122 is shared with the storage device 114 for storage in the storage media 112. Various files transmitted to the storage device 114 may be represented as payloads (e.g., payloads 124) that are transmitted to the storage device 114. Each payload may include the file along with metadata associated with the file. Objects may be stored in (e.g., written to) one or more distributed ledgers created and managed by the storage device 114. Different distributed ledgers may be utilized to store different object types. For example, a first distributed ledger may be utilized to store access logs of the storage device, and second distributed ledger may be utilized to store documents, financial transactions, document hashes, entity objects including entity data, and so forth. It can be understood that other distributed ledgers may be used to store various other types of objects including image files, transactions, media files, transactions, etc. It should be understood that the term distributed ledger includes data structures that may be referred to as ledgers, distributed ledgers, distributed ledger technology, directed acyclic graphs with nodes cryptographically linked, etc.
[0054] In an embodiment, as illustrated in FIG. 1, the storage device 114 is configured to store the electronic file generated by a host computing device corresponding to an entity 106-1, an entity 106-2, and/or the entity N 106-N. The entity 106-1 is configured to a computing device 108-1, an entity 106-2 is configured to a computing device 108-2, and/or the entity N 106-N is configured to a computing device 108-N.The payload 124may includes the electronic file 104 and metadata 122 associated with the electronic file 104. The electronic file 104 may be cryptographically signed by a signing key (e.g., a public signing key) of an associated entity 106-1 configured with a computing device. The electronic file 104 may include information such as a document, an image, access logs, financial transactions, entity data, and so forth. The metadata 122 may include flag or field that indicates a level of importance of the electronic file, details of the electronic file and so forth.
[0055] In an embodiment, when the electronic file 104 is received by the storage device 114, the electronic file is stored in an object storage 110 of the storage media 112. The electronic file along with the metadata (also referred to as an object) is stored in the object storage 110 which stores the object to the requisite distributed ledger. For example, the object storage 110 may store the object to a distributed ledger A 116 or a distributed ledger B 118, or both, for example. The distributed ledger storage condition may also be determined based on the object type. For example, if the object is a document, a first distributed ledger storage condition may be selected, and if the object is one or more access logs, then a second distributed ledger storage condition may be selected. The distributed ledger storage condition may further depend on the metadata included in the payload. Such metadata may indicate a level of importance of the object, a level of redundancy, a pin, etc.
[0056] Before an object is stored to a distributed ledger, a cryptography manager 120 may sign the object to generate an object transaction. The cryptography manager 120 may be implemented as a cryptographic/trusted chip or secure platform firmware. The cryptography manager 120 may include a root of trust used to generate and manage cryptographic keys such as cryptographic key pairs (e.g., public and private keys). These keys may be generated using asymmetric encryption cryptography method, elliptic-curve cryptography methods, or another key generation method. The cryptography manager 120 may determine and manage storage of the public and the private keys.
[0057] In an embodiment, the object may be subject to a hash function to retrieve the file metadata. Before an object is stored to a distributed ledger, the object may be signed by the public key. One or more objects may be stored in a block of the distributed ledger (e.g., a block N of the distributed ledger A 116). A block may include a nonce, a hash of a previous block, a timestamp, one or more objects, etc. The hash of the previous block may be used to link the blocks of objects together in a connected data structure. Once the object is stored to a distributed ledger data structure of the storage device 114, the storage of the object may be verified using the private key used associated to the public key. Further, a distributed ledger transaction facilitates to maintain a complete forensic history of the objects stored in the storage device 114.
[0058] In an embodiment, the distributed ledger data structures 116 and 118 managed by the object storage110 may be distributed or non-distributed. A distributed data structure is stored across various other storage devices 114. Accordingly, the storage device 114 may be networked to other storage devices that store copies of the distributed ledger. As such, when the storage device 114 signs a transaction/object and stores it to a distributed ledger stored in the storage media 112, the storage device 114 may transmit the signed object to other storage devices.
[0059] In an embodiment, the system 102 can be implemented using any or a combination of hardware components and software components such as a cloud, a server, a computing system, a computing device, a network device and the like. Further, the system 102 can interact with any of the entity devices 106 through a website or an application that can reside in the entity devices 106. In an implementation, the system 102 can be accessed by website or application that can be configured with any operating system, including but not limited to, AndroidTM, iOSTM, and the like. Examples of the computing devices 106 can include, but are not limited to, a computing device associated with industrial equipment or an industrial equipment based asset, a smart camera, a smart phone, a portable computer, a personal digital assistant, a handheld device and the like.
[0060] FIG. 2 illustrates exemplary functional components 200 of a decentralized network based system in accordance with an embodiment of the present disclosure.
[0061] In an aspect, the system 102 may comprise one or more processor(s) 202. The one or more processor(s) 202 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that manipulate data based on operational instructions. Among other capabilities, the one or more processor(s) 202are configured to fetch and execute computer-readable instructions stored in a memory 204 of the system 102. The memory 204 may store one or more computer-readable instructions or routines, which may be fetched and executed to create or share the data units over a network service. The memory 204 may comprise any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as EPROM, flash memory, and the like.
[0062] The system 102 may also comprise an interface(s) 206. The interface(s) 206 may comprise a variety of interfaces, for example, interfaces for data input and output devices, referred to as I/O devices, storage devices, and the like. The interface(s) 206 may facilitate communication of the system 102 with various devices coupled to the system 102 such as an input unit and an output unit. The interface(s) 206 may also provide a communication pathway for one or more components of the system 102. Examples of such components include, but are not limited to, processing engine(s) 208and database 210.
[0063] The processing engine(s) 208 may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processing engine(s) 208. In examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processing engine(s) 208 may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processing engine(s) 208 may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the machine-readable storage medium may store instructions that, when executed by the processing resource, implement the processing engine(s) 208. In such examples, the system 102 may comprise the machine-readable storage medium storing the instructions and the processing resource to execute the instructions, or the machine-readable storage medium may be separate but accessible to the system 102 and the processing resource. In other examples, the processing engine(s) 208 may be implemented by electronic circuitry. The database 210 may comprise data that is either stored or generated as a result of functionalities implemented by any of the components of the processing engine(s) 208.
[0064] In an exemplary embodiment, the processing engine(s) 208 may comprise an electronic file receiving and storing unit 212, encrypting and decrypting unit 214, electronic file authentication unit 216, and other units(s) 218. It would be appreciated that units being described are only exemplary units and any other unit or sub-unit may be included as part of the system 102. These units too may be merged or divided into super- units or sub-units as may be configured.
[0065] In an embodiment, the electronic file receiving and storing unit 212 may facilitate receiving of a first set of data packets from a first computing device 108-1 associated with an entity 106-1. The first set of data packets may pertain to an electronic file along with metadata. A hash function is applied on the received electronic file to obtain a hash of the file. As can be appreciated by one skilled in the art additional processing need be performed to obtain multiple other parameters of the metadata of the electronic file. . The hash of the received electronic file can be done using SHA512 (Secure Hash Algorithm 512) algorithm.
[0066] The retrieved metadata is stored across multiple servers of the set of servers (e.g., the set of servers represent the distributed ledger), where each of the retrieved metadata may be stored in a distributed form across various servers of the set of servers. In an embodiment, the electronic file may be compressed and encrypted using a symmetric encryption technique. The file compression may be done by using any of a ZLib algorithm, a Lempel–Ziv–Markov chain algorithm (LZMA) algorithm, a LZ4 algorithm and the like. The compressed file is encrypted using Symmetric Key Encryption algorithm such as an encryption using AES: Advanced Encryption Algorithm (Symmetric).
[0067] The encrypted file may be fragmented into multiple fragments. The fragments may be stored on multiple disparate storage devices. The disparate storage devices may be located in a same location or across multiple locations. In an embodiment, the encrypted file is fragmented into multiple fragments where (a) the size of each fragment is calculated through : size of the fragment = Total file size/Number of fragments, and (b) the file is divided into ‘n’ number of parts and are stored into multiple folders/buckets as .aes files. As can be appreciated by one skilled in the art, based on the type of fragmenting algorithm used the file extension of the received file may vary. For example, when n=10 for file size < 25Kb, and when n=20 for file size >25Kb. In an embodiment, the encrypting and decrypting unit 214 facilitates encrypting the obtained metadata using an asymmetric encryption cryptography technique. The asymmetric encryption cryptography may be used to generate a public-private key. The generated public key may be used to encrypt the metadata. The metadata may be stored across the set of servers. In an embodiment, the metadata may be created by techniques such as but not limited to: (a) calculating timestamp of the file creation time, (b) calculate hash of the original received file using SHA512, and (c) get the secret key used for AES encryption. Further, the metadata stored across the set of servers may be retrieved by decrypting the encrypted metadata using the determined private key. In an embodiment, the fragments from all servers of the set of servers are combined into a single file. This is done by importing all the .aes file from all the servers of the set of servers.
[0068] The private key is as generated using the asymmetric cryptographic key. Further, metadata payload is encrypted using an asymmetric key encryption algorithm and is stored in multiple connected set of servers. This is done by (a) encrypting payload using RSA Algorithm (Asymmetric), and (b) send the encrypted metadata to the connected set of servers.
[0069] In an embodiment, a symmetric cryptographically encrypted file also referred to herein as a first electronic file is obtained by combining accumulated encrypted fragments based on the decrypted metadata. The symmetric cryptographically encrypted file is decrypted using a symmetric secret key to obtain a compressed file. The decryption may be done by using such as a secret key of AES algorithm where the .aes file is decrypted. The compressed file may be decompressed to obtain the decompressed electronic file. The decompression of the retrieved decrypted file is done by using for example a ZLIB decompressor. Further, the decompressor to be used may correspond to the compression algorithm used for compression of the files. The authentication unit 216 may facilitate matching the hash of the decompressed file with the hash of the received electronic file. Upon a successful matching of the hash values it can determined that the decompressed file is similar to the received electronic file, and no tampering or attack or loss of data is observed. However, upon unsuccessful matching it can be determined that the decompressed file is not similar to the received electronic file, and some form of tampering or attack or loss of data is observed.
[0070] In an embodiment, the hash value is calculated by applying hash functions over the electronic file data. A hash function is the function that can be used to map data of arbitrary size to fixed-size values. The hash function ensures the immutability of the data. Even if single character changes then the hash of the file changes. For example when File data content is d1: “Hello World!”, the obtained Hash(d1) is db9b1cd3262dee37756a09b9064973589847caa8e53d31a9d142ea2701b1b28abd97838bb9a27068ba305dc8d04a45a1fcf079de54d607666996b3cc54f6b6
[0071] Further, if the data content is modified: d2: “Hello World” (removed ‘!’). The Hash(d2) obtained is 309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f. As can be observed there is a complete change in the hash as shown in Hash(d1) and Hash(d2).
[0072] FIG. 3 illustrates exemplary representation for a decentralized network based system and FIG. 4 illustrates a flow diagram illustrating decentralized data storage in accordance with an embodiment of the present disclosure.
[0073] In an embodiment, at block 302 and 418 a file is received and uploaded at a server of a set of servers. The file can be any of a text file, an image file, an audio file, a video file, excel pages and so forth. At 304 and at 420 the received file is compressed, and at block 306 and at 422 the compressed file is encrypted. The compression of the file is done by using a 100% lossless compression algorithm. This implies that the file compression algorithm facilitates no data is lost between compression and decompression. At block 424, the encrypted file is fragmented into multiple fragments 306-1, 306-2, 306-3…306-N such that the multiple fragments are stored at N different storage servers that may be located at disparate locations (Decentralized File storage). At block 428, the multiple generated fragments are combined receive a cryptographically encrypted file 314.
[0074] In an embodiment, at block 402 and at block 308, a hash function is applied on the uploaded file data. The hash function is the function that can be used to map data of arbitrary size to fixed-size values that is a fixed sized string. Hash function ensures immutability of the file data. Even if a single character of the file changes the hash of the file will change. At block 404 and at block 310 a file metadata is obtained from the uploaded file. At block 406 a public-private key is generated using asymmetric encryption cryptography technique. The file metadata is encrypted using public key at block 408. At block 312 and at block 410 the encrypted file metadata is stored at the distributed ledger or described herein as the set of servers that are connected together. This makes the metadata secure and robust. Further, in an embodiment, the stored encrypted metadata is retrieved at block 412. The retrieved encrypted metadata is decrypted using asymmetric encryption cryptography (private key 414, available with the entity 106). At block 314 and at block 416, the file metadata is received.
[0075] In an embodiment, the received file metadata at block 416 and the encrypted fragments at block 428 are combined to obtain the first electronic file and where the file is an encrypted file. Further, at block 430 the encrypted file is decrypted using a symmetric secret key to obtain a compressed decrypted file at block 316. The decrypted file is decompressed at block 432 to obtain a decompressed file at block 318. Thus at block 434 the decrypted and the decompressed file is received. The decrypted and the decompressed file thus received is checked for authenticity by comparison with the original received file. At block 320 and at block 436, a matching of hash of the original file and that of hash of the decrypted and the decompressed file is performed. Upon the matching of the hash the matching of the two compared files is determined successful and is declared at block 322 and at block 440 that ascertains that the original file is retrieved with no tampering and loss of data. Further, if the matching of the hash values is unsuccessful the match is declared unsuccessful at block 324, and at block 438 the original file retrieved is declared as with tampered data and loss of original data.
[0076] FIG. 5 illustrates a flow diagram illustrating storage of electronic file in a decentralized network based system in accordance with an embodiment of the present disclosure.
[0077] In an embodiment, at block 502 an electronic file is received at a server of a set of servers. At block 504, one or more parameters associated with the electronic file are extracted at the server. At block 506, a hash of the electronic file is obtained at the server. At block 508, a metadata associated with the electronic file is generated. The metadata comprises a combination of the extracted one or more parameters and the obtained hash of the electronic file. At block 510, the generated metadata is encrypted at the server. Subsequently the encrypted metadata is transmitted to the set of servers. At block 512, the received electronic file is compressed at the server. At block 514, the compressed electronic file is encrypted at the server. At block 516, the encrypted electronic file is fragmented, at the server, into a plurality of data fragments. The each of the plurality of data fragments are distributed across separate storage devices selected from a plurality of storage devices for storage. At block 518, the encrypted metadata is retrieved, from the set of servers. The encrypted metadata is decrypted to obtain a decrypted metadata of the received electronic file. At block 520, the plurality of stored data fragments are retrieved from the plurality of storage devices and are combined based on the decrypted metadata to obtain a first electronic file associated with the electronic file.
[0078] In an embodiment, the present disclosure facilitates providing a lossless compression and decompression of the electronic file. The system further facilitates providing storage of the electronic file across multiple decentralized, transparent servers that ensures security of the electronic file. Further, the disclosed invention facilitates permanently storing blocks of the electronic file such that every new block can be verified and traced back throughout history of the set of servers. In addition, accessing and modifying the data of the electronic file cannot be done without notifying and seeking consensus from entire network of the set of servers. Further, storage of electronic file on the set of servers is highly resilient to hacking and other forms of external attacks and there is minimal to no risk of data loss
[0079] FIG. 6 illustrates an exemplary computer system 500 to implement the proposed system in accordance with embodiments of the present disclosure.
[0080] As shown in FIG. 6, computer system can include an external storage device 610, a bus 620, a main memory 630, a read only memory 640, a mass storage device 650, communication port 660, and a processor 670. A person skilled in the art will appreciate that computer system may include more than one processor and communication ports. Examples of processor 670 include, but are not limited to, an Intel® Itanium® or Itanium 2 processor(s), or AMD® Opteron® or Athlon MP® processor(s), Motorola® lines of processors, FortiSOC™ system on a chip processors or other future processors. Processor 670 may include various modules associated with embodiments of the present invention. Communication port 660 can be any of an RS-232 port for use with a modem based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports. Communication port 660 may be chosen depending on a network, such a Local Area Network (LAN), Wide Area Network (WAN), or any network to which computer system connects.
[0081] Memory 630 can be Random Access Memory (RAM), or any other dynamic storage device commonly known in the art. Read only memory 640 can be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chips for storing static information e.g., start-up or BIOS instructions for processor 670. Mass storage 650 may be any current or future mass storage solution, which can be used to store information and/or instructions. Exemplary mass storage solutions include, but are not limited to, Parallel Advanced Technology Attachment (PATA) or Serial Advanced Technology Attachment (SATA) hard disk drives or solid-state drives (internal or external, e.g., having Universal Serial Bus (USB) and/or Firewire interfaces), e.g. those available from Seagate (e.g., the Seagate Barracuda 7102 family) or Hitachi (e.g., the Hitachi Deskstar 7K1000), one or more optical discs, Redundant Array of Independent Disks (RAID) storage, e.g. an array of disks (e.g., SATA arrays), available from various vendors including Dot Hill Systems Corp., LaCie, Nexsan Technologies, Inc. and Enhance Technology, Inc.
[0082] Bus 620 communicatively couples processor(s) 670 with the other memory, storage and communication blocks. Bus 620 can be, e.g. a Peripheral Component Interconnect (PCI) / PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), USB or the like, for connecting expansion cards, drives and other subsystems as well as other buses, such a front side bus (FSB), which connects processor 670 to software system.
[0083] Optionally, operator and administrative interfaces, e.g. a display, keyboard, and a cursor control device, may also be coupled to bus 620 to support direct operator interaction with computer system. Other operator and administrative interfaces can be provided through network connections connected through communication port 660. External storage device 610 can be any kind of external hard-drives, floppy drives, IOMEGA® Zip Drives, Compact Disc - Read Only Memory (CD-ROM), Compact Disc - Re-Writable (CD-RW), Digital Video Disk - Read Only Memory (DVD-ROM). Components described above are meant only to exemplify various possibilities. In no way should the aforementioned exemplary computer system limit the scope of the present disclosure.
[0084] Embodiments of the present disclosure may be implemented entirely hardware, entirely software (including firmware, resident software, micro-code, etc.) or combining software and hardware implementation that may all generally be referred to herein as a “circuit,” “module,” “component,” or “system.” Furthermore, aspects of the present disclosure may take the form of a computer program product comprising one or more computer readable media having computer readable program code embodied thereon.
[0085] Thus, it will be appreciated by those of ordinary skill in the art that the diagrams, schematics, illustrations, and the like represent conceptual views or processes illustrating systems and methods embodying this invention. The functions of the various elements shown in the figures may be provided through the use of dedicated hardware as well as hardware capable of executing associated software. Similarly, any switches shown in the figures are conceptual only. Their function may be carried out through the operation of program logic, through dedicated logic, through the interaction of program control and dedicated logic, or even manually, the particular technique being selectable by the entity implementing this invention. Those of ordinary skill in the art further understand that the exemplary hardware, software, processes, methods, and/or operating systems described herein are for illustrative purposes and, thus, are not intended to be limited to any particular named.
[0086] As used herein, and unless the context dictates otherwise, the term "coupled to" is intended to include both direct coupling (in which two elements that are coupled to each other contact each other) and indirect coupling (in which at least one additional element is located between the two elements). Therefore, the terms "coupled to" and "coupled with" are used synonymously. Within the context of this document terms "coupled to" and "coupled with" are also used euphemistically to mean “communicatively coupled with” over a network, where two or more devices are able to exchange data with each other over the network, possibly via one or more intermediary device.
[0087] It should be apparent to those skilled in the art that many more modifications besides those already described are possible without departing from the inventive concepts herein. The inventive subject matter, therefore, is not to be restricted except in the spirit of the appended claims. Moreover, in interpreting both the specification and the claims, all terms should be interpreted in the broadest possible manner consistent with the context. In particular, the terms “comprises” and “comprising” should be interpreted as referring to elements, components, or steps in a non-exclusive manner, indicating that the referenced elements, components, or steps may be present, or utilized, or combined with other elements, components, or steps that are not expressly referenced. Where the specification claims refers to at least one of something selected from the group consisting of A, B, C …. and N, the text should be interpreted as requiring only one element from the group, not A plus N, or B plus N, etc.
[0088] While the foregoing describes various embodiments of the invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof. The scope of the invention is determined by the claims that follow. The invention is not limited to the described embodiments, versions or examples, which are included to enable a person having ordinary skill in the art to make and use the invention when combined with information and knowledge available to the person having ordinary skill in the art.

ADVANTAGES OF THE INVENTION
[0089] The present disclosure relates to the field of data storage technology. More particularly, the present disclosure relates to a decentralized and secure data storage system.
[0090] The present disclosure provides a system and method for providing decentralized file data storage leading to enhancing increased file data security and privacy.
[0091] The present disclosure provides a system and method for decentralized file data storage that is difficult to attack than traditional centralized data.
[0092] The present disclosure provides a system and method for the decentralized file data storage where files are encrypted with a private key which makes the file more secure preventing the file access from any other external entity.
[0093] The present disclosure provides a system and method for providing decentralized file data storage where the file is fragmented such that each of the fragments of the file are just a fraction of their original self leading to limiting access of entire content of the file.
[0094] The present disclosure provides a system and method for preventing loss of file data by maintaining redundancy of the file data across multiple storage locations.