SYSTEMS AND METHODS FOR SECURING DATA IN MOTION
First Claim
1. A method for rebuilding a set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first split key, the method comprising:
- receiving at least a minimum number of data shares necessary for rebuilding the set of data shares; and
rebuilding the set of data shares from the minimum number of data shares without decrypting the minimum number of data shares.
4 Assignments
0 Petitions
Accused Products
Abstract
The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access.
-
Citations
54 Claims
-
1. A method for rebuilding a set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first split key, the method comprising:
-
receiving at least a minimum number of data shares necessary for rebuilding the set of data shares; and rebuilding the set of data shares from the minimum number of data shares without decrypting the minimum number of data shares. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for rekeying a set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first encryption key, the method comprising:
-
receiving at least a minimum number of data shares necessary for rebuilding the set of data shares; associating the minimum number of data shares with a first authentication key; rebuilding the set of data shares from the minimum number of data shares without decrypting the minimum number of data shares; and rekeying the rebuilt set of data shares by associating the rebuilt set of data shares with a second encryption key. - View Dependent Claims (7, 8, 9)
-
-
10. A method for rekeying a set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first split key, the method comprising:
-
receiving at least a minimum number of data shares necessary for rekeying the set of data shares; rebuilding the set of data shares from the minimum number of data shares without decrypting the minimum number of data shares; and rekeying the rebuilt set of data shares by associating the rebuilt set of data shares with a second split key. - View Dependent Claims (11, 12, 13)
-
-
14. A method for associating stubs with a set of data shares on the file system of a storage network, the method comprising
generating the set of data shares from an encrypted data set by an information dispersal algorithm; -
generating a set of stubs associated with the generated data shares, wherein each stub corresponds to a respective data share, and wherein each stub includes information associated with the respective data share; and storing the set of stubs in a location on the storage network. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A coprocessor acceleration device for acceleration of secure data processing, comprising:
-
a memory for storing data; a main processor coupled to the memory; and a coprocessor coupled to the main processor and the memory configured to perform dedicated secure parsing functions including at least one of encrypting data, splitting data, and decrypting data. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A method for securing data using a portable device, the method comprising:
-
generating at least two portions of data from a set of data based at least in part on a key, wherein the at least two portions of data and the key are sufficient to reconstruct the set of data; and storing the key on the portable device. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A method for securing data using a portable device, the method comprising:
-
generating at least two portions of data from a set of data based at least in part on a key, wherein the at least two portions of data and the key are sufficient to reconstruct the set of data; and storing at least one of the generated data portions on the portable device. - View Dependent Claims (39, 40, 41, 42, 43)
-
-
44. A method for securing the file name of a file to be split and stored on a storage network, the method comprising:
-
processing the file name of the file using an authentication algorithm to obtain an authentication value; and retrieving the data shares corresponding to the file by searching the share locations on the storage network for file names of data shares with authentication values that match the authentication value of the file. - View Dependent Claims (45, 46, 47, 48, 49)
-
-
50. A method for securing the file name of a file to be split and stored on a storage network, the method comprising:
-
encrypting the file name of the file using an encryption algorithm; generating one or more data shares associated with the encrypted file name using an information dispersal algorithm; storing the generated data shares on one or more data share locations in the storage network; and regenerating the file name of the file by decrypting the file name of one of the generated data shares. - View Dependent Claims (51, 52, 53, 54)
-
Specification