Introduction#
Storage Devices are specialized devices that receive, store, and provide encrypted data on behalf of user profiles. They form a critical component of the distributed storage architecture, enabling secure, multi-device data access with offline capability.What Are Storage Devices?#
A Storage Device is a registered device that has been specifically configured to participate in data storage operations. Storage Devices:Receive encrypted data when data tokens are exchanged
Store encrypted data locally outside the Privicore environment
Provide encrypted data back to Privicore when requested via token
Participate in the multi-layer encryption/decryption chain
Operate independently and can function offline
Storage Registration Process#
After a device is registered and approved under a user's profile, it must be explicitly registered as a Storage device to participate in data storage operations.Registration Flow#
Device Registered & Approved
↓
Register as Storage Device → Storage Profile Created
↓
Device Begins Receiving Encrypted Data
↓
Device Stores Data Locally
↓
Device Provides Data on Request
How Storage Devices Work#
Data Distribution#
When an application exchanges data for a token:1.
Application encrypts data and sends to Privicore
2.
Privicore encrypts data with its own key
3.
Privicore identifies all registered Storage devices for the user
4.
Encrypted data is routed to each Storage device via RabbitMQ
5.
Each Storage device encrypts data again with its own key
6.
Storage device stores the multi-layer encrypted data locally
Data Retrieval#
When data is requested via token:1.
Application requests data using the token
2.
Privicore identifies which Storage devices have the data
3.
Privicore requests encrypted data from available Storage devices
4.
Storage device decrypts with its private key and sends to Privicore
5.
Privicore decrypts with its private key and sends to application
6.
Application decrypts with its private key to access plaintext
Storage Device Capabilities#
Distributed Redundancy#
All Storage devices under a user's profile receive the same source data from Privicore. However, each Storage device encrypts this data with its own private key, meaning the actual encrypted data stored on each device is unique. This provides:Redundancy: Data remains accessible even if individual devices are offline
Multi-device Access: Same source data available from multiple locations
Fault Tolerance: Device failure doesn't result in data loss
Device-Specific Encryption: Each device stores a uniquely encrypted version, preventing cross-device data compromise
Offline Operation#
Storage devices can operate without continuous connection to Privicore:Data is stored locally and persists during offline periods
Devices sync with Privicore when connectivity resumes
Local data remains encrypted and secure during offline operation
Synchronization#
Storage devices can synchronize their state with Privicore to:Update local storage with new data
Report storage capacity and status
Reconcile any data discrepancies
Storage Management Operations#
Register Storage Device#
Convert an approved device into a Storage device, enabling it to receive and store encrypted data.List Storage Devices#
Retrieve all Storage devices registered under the profile, including status and configuration.Synchronize Device#
Trigger synchronization between a Storage device and Privicore to ensure data consistency.Remove Storage#
Deregister a Storage device, preventing it from receiving new data. Existing data on the device remains encrypted but inaccessible.Multi-Layer Encryption with Storage#
Storage devices add an encryption layer to the data:Original Data
↓ [Application encrypts]
Application-encrypted Data
↓ [Privicore encrypts]
Privicore-encrypted Data
↓ [Storage Device encrypts with device-specific key]
Device-encrypted Data (stored locally - unique per device)
Device-encrypted Data
↓ [Storage Device decrypts with private key]
Privicore-encrypted Data
↓ [Privicore decrypts with private key]
Application-encrypted Data
↓ [Application decrypts with private key]
Original Data
Use Cases#
Personal Cloud Storage#
User registers their laptop, phone, and home server as Storage devices. All three receive the same source data but store uniquely encrypted versions, enabling access from any device.Distributed Backup#
Multiple Storage devices across different physical locations provide geographic redundancy. Each device stores its own encrypted version, so compromising one device doesn't compromise others.Offline Data Access#
Mobile devices function as Storage devices, caching encrypted data locally for offline access. Data syncs when connectivity is available.Enterprise Data Distribution#
Organization deploys Storage devices across regional offices, ensuring local data availability while maintaining centralized encryption control through Privicore.Security Considerations#
Storage devices must have registered public keys to receive encrypted data
Each Storage device encrypts data with its own key - stored data is unique per device
Removing a Storage device doesn't delete local data, but makes it inaccessible without the full decryption chain
Storage devices can only decrypt data they have stored - they cannot access other users' data
Compromising one Storage device doesn't compromise data on other devices
All data transmission between Privicore and Storage devices occurs over encrypted channels
Storage Device Lifecycle#
Device Approved → Register as Storage
↓
Receive RabbitMQ Configuration
↓
Listen for Encrypted Data
↓
Encrypt with Device Key & Store Locally
↓
Provide Data on Request (decrypt device layer)
↓
Synchronize Periodically
↓
Remove Storage (optional) → Stop Receiving New Data
