SECURE DATA PARSER METHOD AND SYSTEM

US 20120221855A1
Filed: 05/10/2012
Published: 08/30/2012
Est. Priority Date: 10/25/2004
Status: Active Grant

First Claim

Patent Images

1. A method for securely storing and retrieving data, the method comprising:

cryptographically splitting, at an electronic computing system, a primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of secondary data blocks, wherein the minimum number of secondary data blocks is less than a total number of the secondary data blocks;

storing each of the secondary data blocks at a different storage device in a set of storage devices;

receiving, at the electronic computing system, a primary read request to retrieve data stored virtually at a primary storage location;

automatically identifying, at the electronic computing system, a set of fastest-responding storage devices in the set of storage devices;

sending, from the electronic computing system to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at secondary storage locations associated with the primary storage location;

receiving, at the electronic computing system from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks;

reconstructing the primary data block using the secondary data blocks contained in the secondary read responses; and

sending, from the electronic computing system, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.

45 Citations

View as Search Results

20 Claims

1. A method for securely storing and retrieving data, the method comprising:
- cryptographically splitting, at an electronic computing system, a primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of secondary data blocks, wherein the minimum number of secondary data blocks is less than a total number of the secondary data blocks;
  
  storing each of the secondary data blocks at a different storage device in a set of storage devices;
  
  receiving, at the electronic computing system, a primary read request to retrieve data stored virtually at a primary storage location;
  
  automatically identifying, at the electronic computing system, a set of fastest-responding storage devices in the set of storage devices;
  
  sending, from the electronic computing system to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at secondary storage locations associated with the primary storage location;
  
  receiving, at the electronic computing system from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks;
  
  reconstructing the primary data block using the secondary data blocks contained in the secondary read responses; and
  
  sending, from the electronic computing system, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein storing each of the secondary data blocks comprises:
    - storing a first subset of the secondary data blocks at a first subset of the storage devices that is physically located at a first data center; and
      
      storing a second subset of the secondary data blocks at a second subset of the storage devices that is physically located at a second data center, the first data center being geographically separated from the second data center.
  - 3. The method of claim 1, further comprising establishing secure connections between the electronic computing system and the set of storage devices.
  - 4. The method of claim 1, wherein the plurality of secondary data blocks contain a substantially random distribution of the primary data block.
  - 5. The method of claim 1, wherein the primary block of data can be reconstructed from secondary data blocks received from at least two storage devices.
  - 6. The method of claim 1, wherein the secondary data blocks are encrypted with a corresponding number of different keys.

7. An electronic computing system for securely storing and retrieving data, the electronic computing system comprising:
- a processing unit;
  
  a primary interface;
  
  a secondary interface; and
  
  a system memory comprising instructions that, when executed by the processing unit, cause the processing unit to;
  
  cryptographically split a primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of the secondary data blocks and such that the primary data block cannot be reconstructed using any subset of the secondary data blocks that includes fewer than the minimum number of the secondary data blocks, wherein the minimum number of the secondary data blocks is less than a total number of the secondary data blocks;
  
  store each of the secondary data blocks at secondary storage locations at different storage devices in a plurality of storage devices, each of the secondary storage locations being associated with a primary storage location;
  
  receive, via the primary interface, a primary read request to retrieve data stored virtually at a primary storage location;
  
  automatically identify, in response to receiving the primary read request, the secondary storage locations at the storage devices that are associated with the primary storage location;
  
  automatically identify, a set of fastest-responding storage devices in the set of storage devices,send, via the secondary interface to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at the identified secondary storage locations at the storage devices in the set of fastest-responding storage devices;
  
  receive, via the secondary interface from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks;
  
  reconstruct the primary data block using exclusively the secondary data blocks contained in the secondary read responses; and
  
  send, via the primary interface, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The electronic computing system of claim 7, wherein the instructions cause the processing unit to store a first subset of the secondary data blocks at a first subset of the storage devices that is physically located at a first data center and to store a second subset of the secondary data blocks at a second subset of the storage devices that is physically located at a second data center, the first data center being geographically separated from the second data center.
  - 9. The electronic computing system of claim 7, wherein the instructions further cause the processing unit to cryptographically split the primary data block into the plurality of secondary data blocks in response to receiving a primary write request to store the primary data block at the primary storage location.
  - 10. The electronic computing system of claim 7, wherein the instructions further cause the processing unit to establish secure connections between the secondary interface and the set of storage devices.
  - 11. The electronic computing system of claim 7, wherein the plurality of secondary data blocks contain a substantially random distribution of the primary data block.
  - 12. The electronic computing system of claim 7, wherein the primary block of data can be reconstructed from secondary data blocks received from at least two storage devices.
  - 13. The electronic computing system of claim 7, wherein the secondary data blocks are encrypted with a corresponding number of different keys.

14. A computer-readable storage medium comprising instructions that, when executed at an electronic computing device, cause the electronic computing device to:
- receive a primary write request to write a primary data block at a primary storage location;
  
  cryptographically split the primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of the secondary data blocks and such that the primary data block cannot be reconstructed using any subset of the secondary data blocks that includes fewer than the minimum number of the secondary data blocks, wherein the minimum number of the secondary data blocks is less than a total number of the secondary data blocks;
  
  store each of the secondary data blocks at secondary storage locations at different storage devices in a plurality of storage devices, each of the secondary storage locations being associated with the primary storage location;
  
  receive a primary read request to retrieve data stored virtually at the primary storage location;
  
  automatically identify, in response to receiving the primary read request, the secondary storage locations at the storage devices that are associated with the primary storage location;
  
  automatically identify, a set of fastest-responding storage devices in the set of storage devices;
  
  send to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at the identified secondary storage locations at the storage devices in the set of fastest-responding storage devices;
  
  receive from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks;
  
  reconstruct the primary data block using exclusively the secondary data blocks contained in the secondary read responses; and
  
  send a primary read response that is responsive to the primary read request, the primary read response containing the primary data block.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer-readable storage medium of claim 14, wherein the instructions cause the processing unit to store a first subset of the secondary data blocks at a first subset of the storage devices that is physically located at a first data center and to store a second subset of the secondary data blocks at a second subset of the storage devices that is physically located at a second data center, the first data center being geographically separated from the second data center.
  - 16. The computer-readable storage medium of claim 14, wherein the instructions further cause the processing unit to cryptographically split the primary data block into the plurality of secondary data blocks in response to receiving a primary write request to store the primary data block at the primary storage location.
  - 17. The computer-readable storage medium of claim 14, wherein the instructions further cause the processing unit to establish secure connections between the secondary interface and the set of storage devices.
  - 18. The computer-readable storage medium of claim 14, wherein the plurality of secondary data blocks contain a substantially random distribution of the primary data block.
  - 19. The computer-readable storage medium of claim 14, wherein the primary block of data can be reconstructed from secondary data blocks received from at least two storage devices.
  - 20. The computer-readable storage medium of claim 14, wherein the secondary data blocks are encrypted with a corresponding number of different keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Orsini, Rick L., O'Hare, Mark S., Davenport, Roger, Winick, Steven

Granted Patent

US 8,904,194 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/167
CPC Class Codes

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 16/22   Indexing; Data structures t...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

H04L 2209/80   Wireless network architectu...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 67/108   characterised by resources ...

H04L 69/14   Multichannel or multilink p...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

SECURE DATA PARSER METHOD AND SYSTEM

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE DATA PARSER METHOD AND SYSTEM

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links