SYSTEMS AND METHODS FOR SECURING DATA IN MOTION

US 20140304503A1
Filed: 04/15/2014
Published: 10/09/2014
Est. Priority Date: 11/25/2009
Status: Active Grant

First Claim

Patent Images

1. (canceled)

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Two approaches are provided for distributing trust among certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which a secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach of the present invention provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.

49 Citations

View as Search Results

22 Claims

1. (canceled)

2. A method comprising:
- establishing, using a hardware processor, a secure communication channel;
  
  establishing a plurality of secure communication tunnels within the secure communication channel, wherein the plurality of secure communication tunnels is established using certificates issued by a plurality of unique certificate authorities;
  
  dispersing data packets into a plurality of shares, wherein a share is encrypted using a key associated with the establishment of a first secure communication tunnel of the plurality of secure communication tunnels; and
  
  transmitting the share over a second secure communication tunnel of the plurality of secure communication tunnels, wherein the first secure communication tunnel is different than the second communication tunnel.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 3. The method of claim 2, further comprising:
    - receiving the encrypted share; and
      
      decrypting the encrypted share based on the key associated with the establishment of the first secure communication tunnels.
  - 4. The method of claim 2, further comprising generating a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of root certificate authorities, and wherein the plurality of unique certificate authorities comprises the set of root certificate authorities.
  - 5. The method of claim 2, further comprising generating a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of minor certificate authorities, and wherein the plurality of unique certificate authorities comprises the set of minor certificate authorities.
  - 6. The method of claim 2, wherein the first secure communication tunnel and the second secure communication tunnel are established over different physical transport mediums.
  - 7. The method of claim 6, wherein at least one of physical transport mediums experiences a network failure, the method further comprising:
    - establishing an additional secure communication tunnel within at least one operational physical transport medium; and
      
      transmitting the share over the additional secure communication tunnel.
  - 8. The method of claim 2, wherein associations between the plurality of secure communication tunnels and the unique certificate authorities are dynamic.
  - 9. The method of claim 2, wherein the plurality of secure communication tunnels are established based on the Transport Layer Security protocol.
  - 10. The method of claim 2, further comprising:
    - generating a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of minor certificate authorities; and
      
      encrypting each one of the plurality of shares based on a certificate issued by a unique minor certificate authority of the certificate authority hierarchy.
  - 11. The method of claim 2, wherein a second share is encrypted using a key associated with the establishment of the second secure communication tunnel, and further comprising transmitting the second share over the first secure communication tunnel.

12. A system comprising a hardware processor configured to:
- establish a secure communication channel;
  
  establish a plurality of secure communication tunnels within the secure communication channel, wherein the plurality of secure communication tunnels is established using certificates issued by a plurality of unique certificate authorities;
  
  disperse data packets into a plurality of shares, wherein a share is encrypted using a key associated with the establishment of a first secure communication tunnel of the plurality of secure communication tunnels; and
  
  transmit the share over a second secure communication tunnel of the plurality of secure communication tunnels, wherein the first secure communication tunnel is different than the second communication tunnel.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The system of claim 12, wherein the hardware processor is further configured to:
    - receive the encrypted share; and
      
      decrypt the encrypted share based on the key associated with the establishment of the first secure communication tunnels.
  - 14. The system of claim 12, wherein the hardware processor is further configured to generate a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of root certificate authorities, and wherein the plurality of unique certificate authorities comprises the set of root certificate authorities.
  - 15. The system of claim 12, wherein the hardware processor is further configured to generate a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of minor certificate authorities, and wherein the plurality of unique certificate authorities comprises the set of minor certificate authorities.
  - 16. The system of claim 12, wherein the first secure communication tunnel and the second secure communication tunnel are established over different physical transport mediums.
  - 17. The system of claim 16, wherein at least one of physical transport mediums experiences a network failure, the hardware processor further configured to:
    - establish an additional secure communication tunnel within at least one operational physical transport medium; and
      
      transmit the share over the additional secure communication tunnel.
  - 18. The system of claim 12, wherein associations between the plurality of secure communication tunnels and the unique certificate authorities are dynamic.
  - 19. The system of claim 12, wherein the plurality of secure communication tunnels are established based on the Transport Layer Security protocol.
  - 20. The system of claim 12, wherein the hardware processor is further configured to:
    - generate a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of minor certificate authorities; and
      
      encrypt each one of the plurality of shares based on a certificate issued by a unique minor certificate authority of the certificate authority hierarchy.
  - 21. The system of claim 12, wherein a second share is encrypted using a key associated with the establishment of the second secure communication tunnel, and wherein the hardware processor is further configured to transmit the second share over the first secure communication tunnel.

22. A non-transitory computer-readable medium comprising instructions that, when executed by processing circuitry, cause a computer system to carry out a method for secure workgroup communication, the method comprising:
- establishing, using a hardware processor, a secure communication channel;
  
  establishing a plurality of secure communication tunnels within the secure communication channel, wherein the plurality of secure communication tunnels is established using certificates issued by a plurality of unique certificate authorities;
  
  dispersing data packets into a plurality of shares, wherein a share is encrypted using a key associated with the establishment of a first secure communication tunnel of the plurality of secure communication tunnels; and
  
  transmitting the share over a second secure communication tunnel of the plurality of secure communication tunnels, wherein the first secure communication tunnel is different than the second communication tunnel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
O'Hare, Mark S., Orsini, Rick L., Bono, Stephen C., Landau, Gabriel D., Nielson, Seth James

Granted Patent

US 9,516,002 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/157
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3263   involving certificates, e.g...

SYSTEMS AND METHODS FOR SECURING DATA IN MOTION

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

SYSTEMS AND METHODS FOR SECURING DATA IN MOTION

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others