Randomized bit dispersal of sensitive data sets

US 20030167408A1
Filed: 03/01/2002
Published: 09/04/2003
Est. Priority Date: 03/01/2002
Status: Abandoned Application

First Claim

Patent Images

1. A system for distributed storage and reconstruction of a data set containing sensitive information, said system comprising:

an array of multiple stores; and

logic for randomly dispersing successive granular portions of data in said set into said stores, each said granular portion containing only information of a non-sensitive nature;

whereby extraction of sensitive information in said data set from unauthorized access to data contained in said stores is extremely unlikely to occur.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure storage of sensitive data sets in virtually insecure storage facilities is accomplished presently by storing small granular portions of the data (e.g. bits or bytes) in a randomly dispersed manner. The data sets contain information which requires secure handling. However, the granular portions are sufficiently small to ensure that they do not per se reveal any sensitive information, and they are so dispersed in storage that the probability of unauthorized access to useful information in any data set is extremely small. As an example of sensitive data subject to handling as presently contemplated, consider information pertaining to credit card accounts including cardholder, names and addresses associated with account numbers and cardholder identifying information such as social security numbers, etc. The present selection and dispersal of granular portions of this data effectively co-mingles portions of different data sets in storage in a random manner. Thus it would be extremely difficult if not impossible for a party acquiring unauthorized access to blocks of storage containing such data portions to be able to extract any useful or sensitive information therefrom.

122 Citations

22 Claims

1. A system for distributed storage and reconstruction of a data set containing sensitive information, said system comprising:
- an array of multiple stores; and
  
  logic for randomly dispersing successive granular portions of data in said set into said stores, each said granular portion containing only information of a non-sensitive nature;
  
  whereby extraction of sensitive information in said data set from unauthorized access to data contained in said stores is extremely unlikely to occur.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A system in accordance with claim 1 wherein said logic for randomly dispersing comprises:
    - logic to transfer successive said granular portions into randomly selected block queues in an array of multiple block queues;
      
      each block queue holding multiple granular portions;
      
      logic to detect when any of said block queues becomes filled;
      
      contents of each said filled block queue having only non-sensitive information; and
      
      logic responsive to detection that a said block queue has become filled to transfer contents of the respective filled block queue to a randomly selected one of said stores in said array of stores.
  - 3. A system in accordance with claim 1 wherein said processing subsystem is connected to said storage subsystem through a data communication network.
  - 4. A system in accordance with claim 3 wherein said network comprises a local area network (LAN).
  - 5. A system in accordance with claim 3 wherein said network extends through the Internet.
  - 6. A system in accordance with claim 2 comprising:
    - logic for retaining metadata indicating locations of said granular portions of said data set within said array of stores; and
      
      logic for using said retained metadata to retrieve said randomly dispersed granular portions from said stores and to reassemble the retrieved portions into their original positional relations in said data set.
  - 7. A system in accordance with claim 6 wherein said retained metadata is enciphered and said logic for using said metadata to retrieve said granular portions includes logic for deciphering said retained metadata.
  - 8. A system in accordance with claim 6 wherein said metadata contains representations of storage file names assigned to blocks of data in said stores containing randomly dispersed portions of said data set, and information indicating locations within said blocks of specific portions of said data set.
  - 9. A system in accordance with claim 6 wherein said data set is in the form of a table having rows and columns, said dispersed portions are located originally at intersections of said rows and columns, and said retained metadata includes information for repositioning retrieved granular portions of said data set into specific row and column intersects of said table at which said portions were originally located prior to their dispersal into said stores.
  - 10. A system in accordance with claim 6 wherein said retained metadata includes information defining storage locations of associated stored data blocks and of locations within each block of randomly dispersed granular elements of sensitive data contained in the respective block;
    - and wherein said metadata is stored in an encrypted form.
  - 11. A system in accordance with claim 2 wherein said logic is embodied in software for executing respective logical functions.
  - 12. A system in accordance with claim 6 wherein each said filled block is stored in plural selected ones of said stores in said array of stores;
    - whereby failure of any one of said plural stores would not prevent retrieval of the respective filled block.

13. A method for storing and reconstructing a set of data containing sensitive information, in a manner such that unauthorized access to the data as stored would not reveal any of said sensitive information, said method comprising:
- transferring successive granular components of said set into randomly selected block queues in an array of multiple block queues;
  
  each said component being void of said sensitive information;
  
  each said block queue having capacity to store multiple said components;
  
  monitoring said block queues to detect when they are full;
  
  transferring content of each said full block queue to a randomly selected store in an array of multiple stores;
  
  retaining metadata defining locations of said blocks of data in said stores and locations of individual said granular components within each said block; and
  
  reassembling said data set by using said retained metadata to;
  
  (a) retrieve blocks of data containing all of the randomly dispersed granular components of said data set;
  
  (b) extract all of said randomly dispersed granular components of said data set from said retrieved data blocks; and
  
  (c) rearrange the extracted components into their original format within said data set.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The method of claim 13 wherein transferral of said full block queues to said stores is performed through a data communication network.
  - 15. The method of claim 14 wherein said network includes a local area network.
  - 16. The method of claim 14 wherein said network extends through the Internet.
  - 17. The method of claim 13 wherein said retained metadata is ordered in correspondence to positions of said granular components within said data set as originally constituted.
  - 18. The method of claim 17 wherein said retained metadata is enciphered and requires deciphering to be useful for locating said granular components.
  - 19. The method of claim 17 wherein said data and said metadata are organized in tables having corresponding rows and columns.
  - 20. The method of claim 13 wherein said transfers of said granular components to said block queues and transfers of said full block queues to said stores are performed by software.
  - 21. The method of claim 13 wherein content of each said full block queue is stored redundantly in plural said stores, so that failure of access to any one of said stores would not prevent retrieval of the respective block queue contents contained in the respective store, and therefore would not prevent reassembly of said data set.

22. For a data handling and storage system, in which granular portions of data sets containing sensitive information are randomly dispersed in stores subject to orderly retrieval and reconstruction of respective sets, software installable in said system via computer-readable media, said software comprising:
- elements for controlling functions requisite to said random dispersal of said granular portions; and
  
  elements for controlling functions requisite to said orderly retrieval of said granular portions and reconstruction of said data sets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Heming, Jeffrey, Fitzpatrick, Gregory P.

Application Number

US10/086,401
Publication Number

US 20030167408A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/62 Protecting access to data v...

G06F 21/6245 Protecting personal data, e...

Randomized bit dispersal of sensitive data sets

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

122 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Randomized bit dispersal of sensitive data sets

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

122 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links