Secure and Authenticated Data Storage, Access and Retrieval - Optimized (Case 1928)

Principal Investigator:  


Roberto Tamassia, PhD, Professor

Department of Computer Science

Brown University

Providence, RI


Brief Description:


Online storage of data (e.g., Amazon’s S3 storage service) is becoming increasingly popular for both corporations and consumers.  Clients can create virtual drives consisting of online storage units that are operated by remote and geographically dispersed servers.  In addition to being a convenient solution for data archiving or backups, remote storage allows for load-balanced distributed data management (e.g., database outsourcing).  The ability to check the integrity of remotely stored data is an important security property, in order to detect both data corruption caused by a faulty server – hardware issues or software errors – and data tampering performed by an attacker that compromises the server via deliberate deletion/modification of files.  Thus, clients need to ensure the integrity of the stored data by authenticating their data through verification of the correctness of queries answered by the server.  This is crucial, as a server, physically outside the administrative control of the client, can be malicious, and without a verification mechanism, errors or attacks cannot be detected.  Indeed, cyber attacks and/or information and identity theft are major global concerns and problems, not only for corporations and individuals, but also for national defense, and new and improved dynamic data storage and protection technologies continue to be in demand.


The timely invention is an apparatus, which includes a memory to store data, a processor to perform operations, and a method in the form of a computer program – algorithms and instructions.  Broadly, the apparatus generates and/or maintains an accumulation tree for the stored data – an ordered tree structure with a root node, leaf nodes and internal nodes.  The novel and practical method optimally incorporates secure protocols - a new cryptographic construction – and hash tables and any suitable hash function.  As such, a level of increased efficiency, consistency, cost containment and flexibility to a verification operation or lookup structure involving dynamic datasets is achieved regardless of dataset size.  Constant time and communication complexities are attained, and the constructions are applicable to both two- and three- party data authentication models.  Also, the innovative authentication schemes may be tailored for an application of interest and implemented in a variety of media such as hardware, software, logic, special purpose circuits, or any combination of, and with any appropriate data storage technology, e.g., optical, magnetic, semiconductor, etc.  In summary, this invention is an improvement over previous techniques that use cryptographic accumulators.


The relevant market niches are commercial computer software for cryptography, cyber security, and remote server implementation/maintenance, and scientific R&D tools in the fields of computer science, programming and engineering.  Applications include those that relate to data storage, access, updating, retrieval, and/or security involving an untrusted agent – remote server or other entity.




US patent 8,726,034 is issued (05/13/2014)

US patent 9,098,725 is issued (08/14/2015)
Corresponding foreign applications are granted

Patent Information:
Research Tools
For Information, Contact:
Brown Technology Innovations
350 Eddy Street - Box 1949
Providence, RI 02903
Roberto Tamassia
Nikos Triandopoulos
Charalampos Papamanthou
© 2022. All Rights Reserved. Powered by Inteum