SECURE DATA PARSER METHOD AND SYSTEM
First Claim
Patent Images
1. A method for securely storing and retrieving data, the method comprising:
- receiving, at an electronic computing system, a primary write request that specifies a primary data unit to be written to a primary storage location;
cryptographically splitting, at the electronic computing system, the primary data unit into a plurality of secondary data units such that the primary data block can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than or equal to a total number of the secondary data units; and
storing each of the secondary data units at secondary storage locations of different storage devices in a set of storage devices at a plurality of geographically separated sites.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.
-
Citations
22 Claims
-
1. A method for securely storing and retrieving data, the method comprising:
-
receiving, at an electronic computing system, a primary write request that specifies a primary data unit to be written to a primary storage location; cryptographically splitting, at the electronic computing system, the primary data unit into a plurality of secondary data units such that the primary data block can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than or equal to a total number of the secondary data units; and storing each of the secondary data units at secondary storage locations of different storage devices in a set of storage devices at a plurality of geographically separated sites. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An electronic computing device for securely storing and retrieving data, the electronic computing system comprising:
-
a primary interface that receives a primary write request that specifies a primary data unit to be written to a primary storage location; a write module that causes the electronic computing device to cryptographically split the primary data unit into a plurality of secondary data units such that the primary data unit can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than or equal to a total number of the secondary data units; and a secondary interface that sends secondary write requests to a plurality of storage devices at a plurality of geographically-separated sites, each of the secondary write requests instructing a different one of the storage devices to store a different one of the secondary data units. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable storage medium comprising instructions that, when executed by an electronic computing device, cause the electronic computing device to:
-
receive a first primary write request from a client computing device via an electronic communications network, the first primary write request specifying a first primary data unit to be written to a first primary storage location of a first volume; cryptographically split the first primary data unit into a first plurality of secondary data units such that the first primary data units can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units in the first plurality of secondary data units and cannot be reconstructed using any subset of the secondary data units in the first plurality of secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than a total number of the secondary data units in the first plurality of secondary data units; and send secondary write requests to different storage devices in a plurality of storage devices at a plurality of geographically-separated sites, each of the sites storing fewer than the minimum number of secondary data units in the first plurality of secondary data units. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification