SECURE DATA PARSER METHOD AND SYSTEM

US 20110179271A1
Filed: 02/10/2011
Published: 07/21/2011
Est. Priority Date: 09/20/1999
Status: Active Grant

First Claim

Patent Images

1. A method for securely storing and retrieving data, the method comprising:

receiving, at an electronic computing system, a primary write request that specifies a primary data unit to be written to a primary storage location;

cryptographically splitting, at the electronic computing system, the primary data unit into a plurality of secondary data units such that the primary data block can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than or equal to a total number of the secondary data units; and

storing each of the secondary data units at secondary storage locations of different storage devices in a set of storage devices at a plurality of geographically separated sites.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.

Citations

22 Claims

1. A method for securely storing and retrieving data, the method comprising:
- receiving, at an electronic computing system, a primary write request that specifies a primary data unit to be written to a primary storage location;
  
  cryptographically splitting, at the electronic computing system, the primary data unit into a plurality of secondary data units such that the primary data block can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than or equal to a total number of the secondary data units; and
  
  storing each of the secondary data units at secondary storage locations of different storage devices in a set of storage devices at a plurality of geographically separated sites.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the secondary data units are secured based on a workgroup key associated with a group of users.
  - 3. The method of claim 2, further comprising storing the workgroup key on a key management server separate from the electronic computer system and the plurality of geographically-separated sites.
  - 4. The method of claim 1, wherein the plurality of secondary data units contain a substantially random distribution of the primary data unit.
  - 5. The method of claim 1, further comprising encrypting the primary data unit prior to splitting the primary data unit into the plurality of secondary data units.
  - 6. The method of claim 1, further comprising encrypting each of the secondary data units with a respective encryption key and storing each of the encryption keys together with the data encrypted using said encryption key.
  - 7. The method of claim 1, further comprising encrypting each of the secondary data units with a respective encryption key and storing each of the encryption keys separately from the data encrypted using said encryption key.

8. An electronic computing device for securely storing and retrieving data, the electronic computing system comprising:
- a primary interface that receives a primary write request that specifies a primary data unit to be written to a primary storage location;
  
  a write module that causes the electronic computing device to cryptographically split the primary data unit into a plurality of secondary data units such that the primary data unit can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than or equal to a total number of the secondary data units; and
  
  a secondary interface that sends secondary write requests to a plurality of storage devices at a plurality of geographically-separated sites, each of the secondary write requests instructing a different one of the storage devices to store a different one of the secondary data units.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The electronic computing device of claim 8, wherein the write module encrypts each of the secondary data blocks with a different key.
  - 10. The electronic computing device of claim 8, wherein the secondary data units are secured based on a workgroup key associated with a group of users.
  - 11. The electronic computing device of claim 10, further comprising a key management interface that stores the workgroup key on a key management server separate from the electronic computer system and the plurality of geographically-separated sites.
  - 12. The electronic computing device of claim 8, wherein the write module causes the electronic computing device to split the primary data unit into a plurality of secondary data units, wherein the plurality of secondary data units contain a substantially random distribution of the primary data unit.
  - 13. The electronic computing device of claim 8, wherein the write module causes the electronic computing device to encrypt the primary data unit prior to splitting the primary data unit into the plurality of secondary data units.
  - 14. The electronic computing device of claim 8, wherein the write module causes the electronic computing device to encrypt each of the secondary data units with a respective encryption key and store each of the encryption keys together with the data encrypted using said encryption key.
  - 15. The electronic computing device of claim 8, wherein the write module causes the electronic computing device to encrypt each of the secondary data units with a respective encryption key and store each of the encryption keys separately from the data encrypted using said encryption key.

16. A computer-readable storage medium comprising instructions that, when executed by an electronic computing device, cause the electronic computing device to:
- receive a first primary write request from a client computing device via an electronic communications network, the first primary write request specifying a first primary data unit to be written to a first primary storage location of a first volume;
  
  cryptographically split the first primary data unit into a first plurality of secondary data units such that the first primary data units can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units in the first plurality of secondary data units and cannot be reconstructed using any subset of the secondary data units in the first plurality of secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than a total number of the secondary data units in the first plurality of secondary data units; and
  
  send secondary write requests to different storage devices in a plurality of storage devices at a plurality of geographically-separated sites, each of the sites storing fewer than the minimum number of secondary data units in the first plurality of secondary data units.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The computer-readable storage medium of claim 16, further comprising instructions that, when executed by the electronic computing device, cause the electronic computing device to secure the secondary data units based on a workgroup key associated with a group of users.
  - 18. The computer-readable storage medium of claim 17, further comprising instructions that, when executed by the electronic computing device, cause the electronic computing device to store the workgroup key on a key management server separate from the electronic computer device and the plurality of storage devices.
  - 19. The computer-readable storage medium of claim 16, further comprising instructions that, when executed by the electronic computing device, cause the electronic computing device to cryptographically split the first primary data unit into a first plurality of secondary data units, wherein the plurality of secondary data units contain a substantially random distribution of the primary data unit.
  - 20. The computer-readable storage medium of claim 16, further comprising instructions that, when executed by the electronic computing device, cause the electronic computing device to encrypt the primary data unit prior to splitting the primary data unit into the plurality of secondary data units.
  - 21. The computer-readable storage medium of claim 16, further comprising instructions that, when executed by the electronic computing device, cause the electronic computing device to encrypt each of the secondary data units with a respective encryption key and store each of the encryption keys together with the data encrypted using said encryption key.
  - 22. The computer-readable storage medium of claim 16, further comprising instructions that, when executed by the electronic computing device, cause the electronic computing device to encrypt each of the secondary data units with a respective encryption key and store each of the encryption keys separately from the data encrypted using said encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
VanZandt, John, O'Hare, Mark S., Orsini, Rick L., Davenport, Roger S.

Granted Patent

US 9,613,220 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/167
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/41   where a single sign-on prov...

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2115   Third party

G06F 2221/2117   User registration

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G07F 7/1016   Devices or methods for secu...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/68 : Special signature format, e...

H04L 2209/805 : Lightweight hardware, e.g. ...

H04L 63/0428 : wherein the data content is...

H04L 63/0853 : using an additional device,...

H04L 63/10 : for controlling access to d...

H04L 63/105 : Multiple levels of security

H04L 9/0816 : Key establishment, i.e. cry...

H04L 9/085 : Secret sharing or secret sp...

H04L 9/0894 : Escrow, recovery or storing...

H04L 9/3231 : Biological data, e.g. finge...

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

View All

SECURE DATA PARSER METHOD AND SYSTEM

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE DATA PARSER METHOD AND SYSTEM

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links