SECURE DATA PARSER METHOD AND SYSTEM

US 20120221854A1
Filed: 05/10/2012
Published: 08/30/2012
Est. Priority Date: 10/25/2004
Status: Active Grant

First Claim

Patent Images

1. A secure storage network comprising:

a client;

a plurality of physical storage devices having stored thereon a plurality of shares; and

a secure storage appliance configured to present to the client a virtual disk, the virtual disk associated with a volume mapped to the plurality of shares stored on the plurality of physical storage devices; and

an IP network connection connecting the client to the secure storage appliance;

wherein the secure storage appliance is configured to;

receive a request from the client to connect to the volume via the IP network connection;

receive a request from the client to store a block of data to the volume via the IP network connection,receiving the block of data via the IP network connection; and

storing the block of data to the volume by splitting and encrypting the block of data into a plurality of secondary data blocks and storing the plurality of secondary data blocks in the plurality of shares.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.

102 Citations

View as Search Results

20 Claims

1. A secure storage network comprising:
- a client;
  
  a plurality of physical storage devices having stored thereon a plurality of shares; and
  
  a secure storage appliance configured to present to the client a virtual disk, the virtual disk associated with a volume mapped to the plurality of shares stored on the plurality of physical storage devices; and
  
  an IP network connection connecting the client to the secure storage appliance;
  
  wherein the secure storage appliance is configured to;
  
  receive a request from the client to connect to the volume via the IP network connection;
  
  receive a request from the client to store a block of data to the volume via the IP network connection,receiving the block of data via the IP network connection; and
  
  storing the block of data to the volume by splitting and encrypting the block of data into a plurality of secondary data blocks and storing the plurality of secondary data blocks in the plurality of shares.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The secure storage network of claim 1, wherein the secure storage appliance is further configured to:
    - receive a request from the client to read a second block of data from the volume via the IP network connection, wherein the secure storage appliance responds by;
      
      reading the second block of data from the volume by reconstituting the second block of data from at least a portion of a second plurality of secondary blocks of data stored in the plurality of shares on the plurality of physical storage devices; and
      
      sending the second block of data via the IP network connection to a client device.
  - 3. The secure storage network of claim 1, wherein the secure storage appliance performs a cryptographic splitting operation to store data to the plurality of shares.
  - 4. The secure storage network of claim 1, wherein the secure storage appliance includes a network attached storage module within an application layer.
  - 5. The secure storage network of claim 4, wherein the network attached storage module communicates with the client via the IP network connection.
  - 6. The secure storage network of claim 4, wherein the virtual disk is presented to the application layer as a local disk.

7. A secure storage appliance configured to present to a client a virtual disk, the virtual disk associated with a volume mapped to a plurality of shares stored on a plurality of physical storage devices, the secure storage appliance capable of executing program instructions configured to:
- receive a request from the client to connect to the volume via an IP network connection;
  
  receive a request from the client to store a block of data to the volume via the IP network connection, wherein the secure storage appliance responds by;
  
  receiving the block of data via the IP network connection; and
  
  storing the block of data to the volume by splitting and encrypting the block of data into a plurality of secondary data blocks and storing the plurality of secondary data blocks in the plurality of shares.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The secure storage appliance of claim 7, wherein the secure storage appliance is further configured to:
    - receive a request from the client to read a second block of data from the volume via the IP network connection, wherein the secure storage appliance responds by;
      
      reading the second block of data from the volume by reconstituting the second block of data from at least a portion of a second plurality of secondary blocks of data stored in the plurality of shares on the plurality of physical storage devices; and
      
      sending the second block of data to a client device via the IP network connection.
  - 9. The secure storage appliance of claim 7, wherein:
    - the secure storage appliance includes an application layer capable of connecting to a client device using the IP network connection;
      
      at least a portion of the program instructions are executed in the application layer; and
      
      the client communicates with the application layer through the IP network connection.
  - 10. The secure storage appliance of claim 9, wherein:
    - the IP network connection between the client and the application layer of the secure storage appliance is secured by a cryptographic splitting method; and
      
      the splitting and encrypting of the block of data to the plurality of shares and recombination and decryption of the block of data from the plurality of shares is performed using the cryptographic splitting method.
  - 11. The secure storage appliance of claim 8, wherein:
    - the secure storage appliance is configured to perform a cryptographic splitting operation to generate the plurality of secondary data blocks from the block of data; and
      
      the secure storage appliance is configured to perform a reconstitution operation to reconstitute the block of data from the plurality of secondary data blocks.
  - 12. The secure storage appliance of claim 9, wherein the volume is presented to the application layer as a local disk.

13. A method of securely storing data on a network having a client connected to a secure storage appliance via an IP network connection, the method comprising:
- receiving a request to connect to a volume located on the secure storage appliance via the IP network connection, wherein the volume is mapped to a plurality of shares stored on a plurality of physical storage devices;
  
  presenting the volume via the IP network connection;
  
  receiving a request to write a block of data to the volume via the IP network connection; and
  
  writing the block of data to the volume by splitting and encrypting the block of data into a plurality of secondary data blocks and storing the plurality of secondary data blocks in the plurality of shares.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13 further comprising:
    - receiving a request to read a second block of data from the volume via the IP network connection; and
      
      reading the second block of data from the volume by reconstituting the second block of data from at least a portion of a second plurality of secondary blocks of data stored in the plurality of shares.
  - 15. The method of claim 13, wherein the splitting and encrypting of the block of data into the plurality of secondary data blocks occurs via cryptographic splitting.
  - 16. The method of claim 14, wherein data sent across the IP network connection is secured by splitting and encrypting operations.
  - 17. The method of claim 14, wherein the IP network connection is secured by cryptographic splitting.

18. A method of securely accessing data on a network having a client connected to a secure storage appliance via an IP network connection, the method comprising:
- receiving a request to connect to a volume located on the secure storage appliance via the IP network connection, wherein the volume is mapped to a plurality of shares stored on a plurality of physical storage devices;
  
  presenting the volume via the IP network connection;
  
  receiving a request to read a block of data from the volume via the IP network connection; and
  
  reading the block of data from the volume by reconstituting the block of data from at least a portion of a plurality of secondary data blocks of data stored in the plurality of shares.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18 further comprising:
    - receiving a request to write a second block of data to the volume via the IP network connection; and
      
      writing the second block of data to the volume by splitting and encrypting the second block of data into a second plurality of secondary data blocks and storing the second plurality of secondary data blocks in the plurality of shares.
  - 20. The method of claim 18, wherein the splitting and encrypting of the block of data into the plurality of secondary data blocks occurs via cryptographic splitting.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Orsini, Rick L., O'Hare, Mark S., Davenport, Roger, Winick, Steven

Granted Patent

US 9,985,932 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/167
CPC Class Codes

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 16/22   Indexing; Data structures t...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

H04L 2209/80   Wireless network architectu...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 67/108   characterised by resources ...

H04L 69/14   Multichannel or multilink p...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

SECURE DATA PARSER METHOD AND SYSTEM

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

102 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE DATA PARSER METHOD AND SYSTEM

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links