SYSTEMS AND METHODS FOR SECURING DATA IN MOTION
First Claim
1. A method for securing data in motion comprising original data packets, the method comprising:
- establishing a secure communication channel;
establishing a plurality of secure communication tunnels within the secure communication channel, wherein each of the plurality of secure communication tunnels is established using a certificate issued by one of a plurality of unique certificate authorities;
dispersing each one of the original data packets into a plurality of shares based on multi-factored secret sharing;
encrypting each of the plurality of shares using a key associated with the establishment of a different one of the secure communication tunnels; and
transmitting each of the plurality of encrypted shares over one of the plurality of secure communication tunnels.
4 Assignments
0 Petitions
Accused Products
Abstract
Two approaches are provided for distributing trust among a set of certificate authorities. Both approaches are equally secure. In each approach, a secure data parser is integrated with any suitable encryption technology. Each approach may be used to secure data in motion. One approach provides methods and systems in which the secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach of the present invention provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.
-
Citations
41 Claims
-
1. A method for securing data in motion comprising original data packets, the method comprising:
-
establishing a secure communication channel; establishing a plurality of secure communication tunnels within the secure communication channel, wherein each of the plurality of secure communication tunnels is established using a certificate issued by one of a plurality of unique certificate authorities; dispersing each one of the original data packets into a plurality of shares based on multi-factored secret sharing; encrypting each of the plurality of shares using a key associated with the establishment of a different one of the secure communication tunnels; and transmitting each of the plurality of encrypted shares over one of the plurality of secure communication tunnels. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 20)
-
-
13. A method for computing at least one shared encryption key, the method comprising:
-
generating original secret information; obtaining public keys from unique certificate authorities; dispersing the secret information into shares; and encrypting each one of the shares based on, at least in part, the public key of a different one of the unique certificate authorities, wherein the shares are restorable from at least a subset of the shares by recombining at least a quorum of the shares. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
21. A system for securing data in motion comprising original data packets, the system comprising a first device comprising processing circuitry configured to:
-
establish a secure communication channel; establish a plurality of secure communication tunnels within the secure communication channel, wherein each of the plurality of secure communication tunnels is established using a certificate issued by one of a plurality of unique certificate authorities; disperse each one of the original data packets into a plurality of shares based on multi-factored secret sharing; encrypt each of the plurality of shares using a key associated with the establishment of a different one of the secure communication tunnels; and transmit each of the plurality of encrypted shares over one of the plurality of secure communication tunnels. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A system for computing at least one shared encryption key, the system comprising a first device comprising first processing circuitry configured to:
-
generate original secret information; obtain public keys from unique certificate authorities; disperse the secret information into shares; and encrypt each one of the shares based on the public key of a different one of the unique certificate authorities, wherein the shares are restorable from at least a subset of the shares by recombining at least a quorum of the shares. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41)
-
Specification