SYSTEMS AND METHODS FOR SECURING DATA USING MULTI-FACTOR OR KEYED DISPERSAL
First Claim
1. A method for securing a data set, the method comprising:
- generating a session key;
encrypting the data set using the session key to produce an encrypted data set;
encrypting the session key with a shared workgroup key;
distributing unique portions of the encrypted session key into two or more session key shares;
distributing unique portions of the encrypted data set into two or more encrypted data set shares;
forming two or more user shares by combining at least one session key share and at least one encrypted data set share; and
storing the two or more user shares separately on at least one data depository, whereby the data set is restorable from at least two of the two or more user shares and the shared workgroup key.
11 Assignments
0 Petitions
Accused Products
Abstract
A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. A keyed information dispersal algorithm (keyed IDA) may also be used. The key for the keyed IDA may additionally be protected by an external workgroup key, resulting in a multi-factor secret sharing scheme.
250 Citations
20 Claims
-
1. A method for securing a data set, the method comprising:
-
generating a session key; encrypting the data set using the session key to produce an encrypted data set; encrypting the session key with a shared workgroup key; distributing unique portions of the encrypted session key into two or more session key shares; distributing unique portions of the encrypted data set into two or more encrypted data set shares; forming two or more user shares by combining at least one session key share and at least one encrypted data set share; and storing the two or more user shares separately on at least one data depository, whereby the data set is restorable from at least two of the two or more user shares and the shared workgroup key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for securing a data set, the apparatus comprising:
-
at least one data depository; and a user system configured to; generate a session key; encrypt the data set using the session key to produce an encrypted data set; encrypt the session key using a shared workgroup key; distribute unique portions of the encrypted session key into two or more session key shares; distribute unique portions of the encrypted data set into two or more encrypted data set shares; form two or more user shares by combining at least one session key share and at least one encrypted data set share; and store the two or more user shares separately on the at least one data depository, whereby the data set is restorable from at least two of the two or more user shares and the shared workgroup key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A machine-readable medium comprising machine program logic recorded thereon for:
-
generating a session key; encrypting the data set using the session key to produce an encrypted data set; encrypting the session key with a shared workgroup key; distributing unique portions of the encrypted session key into two or more session key shares; distributing unique portions of the encrypted data set into two or more encrypted data set shares; forming two or more user shares by combining at least one session key share and at least one encrypted data set share; and storing the two or more user shares separately on at least one data depository, whereby the data set is restorable from at least two of the two or more user shares and the shared workgroup key.
-
Specification