SECURE DATA PARSER METHOD AND SYSTEM

US 20130212405A1
Filed: 03/14/2013
Published: 08/15/2013
Est. Priority Date: 09/20/1999
Status: Abandoned Application

First Claim

Patent Images

1. A method of securely storing data in a network, the method comprising:

receiving data from a client device;

splitting the data into a predetermined number of secondary units of data by performing a cryptographic operation on the data and causing the secondary units of data to be substantially randomly distributed in a plurality of shares;

encrypting the plurality of shares with a corresponding number of different keys; and

storing the plurality of shares and the different keys used to encrypt the shares to one or more physical storage devices.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.

Citations

26 Claims

1. A method of securely storing data in a network, the method comprising:
- receiving data from a client device;
  
  splitting the data into a predetermined number of secondary units of data by performing a cryptographic operation on the data and causing the secondary units of data to be substantially randomly distributed in a plurality of shares;
  
  encrypting the plurality of shares with a corresponding number of different keys; and
  
  storing the plurality of shares and the different keys used to encrypt the shares to one or more physical storage devices.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the encrypted plurality of shares are associated with a workgroup of a user capable of accessing the data.
  - 3. The method of claim 2, further comprising storing a workgroup encryption key on a key management server.
  - 4. The method of claim 1, wherein the plurality of shares contain a substantially random distribution of the data in at least one secondary unit of data.
  - 5. The method of claim 1, wherein the data is restorable from at least two of the plurality of shares.
  - 6. The method of claim 1, wherein storing the plurality of shares comprises storing each of the plurality of shares in a different physical storage device.

7. A method of securing data in a network, the method comprising:
- receiving at a secure storage appliance data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices;
  
  splitting the data received by the secure storage appliance into a plurality of secondary data units by performing a cryptographic operation on the data and causing the secondary data units to be substantially randomly distributed in the plurality of shares; and
  
  encrypting each of the plurality of secondary data units with a different key, each key associated with at least one of the plurality of shares.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7, further comprising storing each secondary data unit remotely from the secure storage appliance.
  - 9. The method of claim 8, further comprising storing each key locally to the secure storage appliance.
  - 10. The method of claim 7, further comprising, upon initializing the secure storage appliance, retrieving one or more of the different keys from a remote physical storage device for use by the secure storage appliance.
  - 11. The method of claim 7, wherein the data is received from a client device.
  - 12. The method of claim 7, wherein the encrypted plurality of secondary data units are associated with a workgroup of a user capable of accessing the data.
  - 13. The method of claim 7, wherein the plurality of secondary data units contain a substantially random distribution of the data.
  - 14. The method of claim 7, wherein the data is restorable from at least two of the plurality of secondary data units.

15. A secure storage appliance comprising a programmable circuit configured to execute program instructions which, when executed, configure the secure storage appliance to:
- receive from a client device data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices;
  
  split the data into a plurality of secondary data units by performing a cryptographic operation on the data and causing the secondary data units to be substantially randomly distributed in the plurality of shares; and
  
  encrypt each of the plurality of secondary data units with a different key, each key associated with at least one of the plurality of shares.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The secure storage appliance of claim 15 further configured to transmit each secondary data unit remote from the secure storage appliance.
  - 17. The secure storage appliance of claim 15, wherein the encrypted plurality of secondary data units are associated with a workgroup of a user capable of accessing the data.
  - 18. The secure storage appliance of claim 15, wherein the plurality of secondary data units contain a substantially random distribution of the data.
  - 19. The secure storage appliance of claim 15, wherein the data is restorable from at least two of the plurality of secondary data units.

20. A secure data storage network comprising:
- a client device;
  
  a plurality of physical storage devices;
  
  a secure storage appliance communicatively connected to the client device and the plurality of physical storage devices, the secure storage appliance including a programmable circuit configured to execute program instructions which, when executed, cause the secure storage appliance to;
  
  receive from the client device data for storage on a volume, the volume associated with a plurality of shares distributed across the plurality of physical storage devices;
  
  split the data into a plurality of secondary data units by performing a cryptographic operation on the data and causing the secondary data units to be substantially randomly distributed in the plurality of shares; and
  
  encrypt each of the plurality of secondary data units with a different key, each key associated with at least one of the plurality of shares.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The secure data storage network of claim 20, wherein the secure storage applicant is further configured to transmit each secondary data unit remote from the secure storage appliance.
  - 22. The secure data storage network of claim 20, wherein the encrypted plurality of secondary data units are encrypted with a workgroup key.
  - 23. The secure data storage network of claim 22, further comprising a key server configured to store the workgroup key.
  - 24. The secure data storage network of claim 22, wherein the workgroup key is associated with a group of users, the group of users including a user of the client device.
  - 25. The secure data storage network of claim 20, wherein the plurality of secondary data units contain a substantially random distribution of the data.
  - 26. The secure data storage network of claim 20, wherein the data is restorable from at least two of the plurality of secondary data units.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Corp
Original Assignee
Security First Corp
Inventors
Orsini, Rick L., Van Zandt, John, O'Hare, Mark S., Davenport, Roger S.

Application Number

US13/831,313
Publication Number

US 20130212405A1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/41   where a single sign-on prov...

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2115   Third party

G06F 2221/2117   User registration

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G07F 7/1016   Devices or methods for secu...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/68 : Special signature format, e...

H04L 2209/805 : Lightweight hardware, e.g. ...

H04L 63/0428 : wherein the data content is...

H04L 63/0853 : using an additional device,...

H04L 63/10 : for controlling access to d...

H04L 63/105 : Multiple levels of security

H04L 9/0816 : Key establishment, i.e. cry...

H04L 9/085 : Secret sharing or secret sp...

H04L 9/0894 : Escrow, recovery or storing...

H04L 9/3231 : Biological data, e.g. finge...

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

View All

SECURE DATA PARSER METHOD AND SYSTEM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE DATA PARSER METHOD AND SYSTEM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links