Secure data parser method and system

US 10,452,854 B2
Filed: 09/10/2018
Issued: 10/22/2019
Est. Priority Date: 11/18/2005
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A method for securely storing a data set, the method comprising:

receiving an external key from an external storage system,generating a plurality of data chunks based on the data set, such that the data set can be reconstructed using at least a minimum number of the plurality of data chunks, wherein generating the data chunks comprises;

distributing the data set into a plurality of shares, wherein each of the shares comprises less than all of the data set,accessing a plurality of distinct encryption keys,encrypting each of the shares with a respective one of the plurality of distinct encryption keys,performing an encryption operation based on the external key to further secure the plurality of data chunks; and

storing with the plurality of data chunks data indicative of at least one of the distinct encryption keys on a plurality of different storage devices.

View all claims

3 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

136 Citations

20 Claims

1. A method for securely storing a data set, the method comprising:
- receiving an external key from an external storage system,generating a plurality of data chunks based on the data set, such that the data set can be reconstructed using at least a minimum number of the plurality of data chunks, wherein generating the data chunks comprises;
  
  distributing the data set into a plurality of shares, wherein each of the shares comprises less than all of the data set,accessing a plurality of distinct encryption keys,encrypting each of the shares with a respective one of the plurality of distinct encryption keys,performing an encryption operation based on the external key to further secure the plurality of data chunks; and
  
  storing with the plurality of data chunks data indicative of at least one of the distinct encryption keys on a plurality of different storage devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein storing with the plurality of data chunks data indicative of at least one of the distinct encryption keys comprises storing each of the plurality of data chunks with at least one of the distinct encryption keys.
  - 3. The method of claim 1, wherein storing each of the plurality of data chunks with at least one of the distinct encryption keys comprises including with a particular data chunk of the plurality of data chunks data indicative of an encryption key that was used to encrypt a different data chunk of the plurality of data chunks.
  - 4. The method of claim 1, wherein distributing the data set into a plurality of shares comprises using a random technique or pseudorandom technique.
  - 5. The method of claim 1, wherein distributing the data set into a plurality of shares comprises using a deterministic technique or pseudorandom technique.
  - 6. The method of claim 1, wherein each share of the plurality of shares comprises a substantially random distribution of a subset of the data set.
  - 7. The method of claim 1, wherein performing an encryption operation based on the external key to further secure the plurality of data chunks comprises encrypting primary data with the external key.
  - 8. The method of claim 1, wherein distributing the data set into a plurality of shares comprises:
    - generating a split encryption key based on the external key; and
      
      distributing the data set based on the split encryption key.
  - 9. The method of claim 8, further comprising encrypting each of the shares with the external key.
  - 10. The method of claim 9, wherein the data set is recoverable using at least a minimum number of the plurality of data chunks and the external key.

11. A computer system for securing a data set, the system comprising:
- at least one hardware processor, configured to;
  
  receive an external key from an external storage system,generate a plurality of data chunks based on the data set, such that the data set can be reconstructed using at least a minimum number of the plurality of data chunks, wherein generating the data chunks comprises;
  
  distributing the data set into a plurality of shares, wherein each of the shares comprises less than all of the data set,accessing a plurality of distinct encryption keys, andencrypting each of the shares with a respective one of the plurality of distinct encryption keys,performing an encryption operation based on the external key to further secure the plurality of data chunks; and
  
  store with the plurality of data chunks data indicative of at least one of the distinct encryption keys on a plurality of different storage devices.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer system of claim 11, wherein while storing with the plurality of data chunks data indicative of at least one of the distinct encryption keys, the at least one hardware processor is configured to store each of the plurality of data chunks with at least one of the distinct encryption keys.
  - 13. The computer system of claim 11, wherein while storing each of the plurality of data chunks with at least one of the distinct encryption keys, the at least one hardware processor is configured to include, with a particular data chunks of the plurality of data chunks, data indicative of an encryption key that was used to encrypt a different data chunk of the plurality of data chunks.
  - 14. The computer system of claim 11, wherein when distributing the data set into a plurality of shares, the at least one hardware processor is configured to use a random technique or pseudorandom technique.
  - 15. The computer system of claim 11, wherein when distributing the data set into a plurality of shares, the at least one hardware processor is configured to use a deterministic technique or pseudorandom technique.
  - 16. The computer system of claim 11, wherein each share of the plurality of shares comprises a substantially random distribution of a subset of the data set.
  - 17. The computer system of claim 11, wherein, when performing an encryption operation based on the external key to further secure the plurality of data chunks, the at least one hardware processor is configured to encrypt primary data with the external key.
  - 18. The computer system of claim 11, wherein when distributing the data set into a plurality of shares, the at least one hardware processor is configured to:
    - generate a split encryption key based on the external key; and
      
      distribute the data set based on the split encryption key.
  - 19. The computer system of claim 18, wherein the data set is recoverable using at least a minimum number of the plurality of data chunks and the external key.
  - 20. The computer system of claim 19, wherein the data set can be reconstructed using at least two of the plurality of data chunks and the key received from the external storage system.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
O'Hare, Mark S., Orsini, Rick L., Davenport, Roger S., Winick, Steven
Primary Examiner(s)
Revak, Christopher A

Application Number

US16/127,077
Publication Number

US 20190197248A1
Time in Patent Office

407 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/62   Protecting access to data v...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

Secure data parser method and system

First Claim

3 Assignments

Litigations

1 Petition

Accused Products

Abstract

136 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Secure data parser method and system

First Claim

3 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others