SYSTEMS AND METHODS FOR SECURING DATA IN MOTION
4 Assignments
0 Petitions
Accused Products
Abstract
Two approaches are provided for distributing trust among certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which a secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach of the present invention provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.
49 Citations
22 Claims
-
1. (canceled)
-
2. A method comprising:
-
establishing, using a hardware processor, a secure communication channel; establishing a plurality of secure communication tunnels within the secure communication channel, wherein the plurality of secure communication tunnels is established using certificates issued by a plurality of unique certificate authorities; dispersing data packets into a plurality of shares, wherein a share is encrypted using a key associated with the establishment of a first secure communication tunnel of the plurality of secure communication tunnels; and transmitting the share over a second secure communication tunnel of the plurality of secure communication tunnels, wherein the first secure communication tunnel is different than the second communication tunnel. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising a hardware processor configured to:
-
establish a secure communication channel; establish a plurality of secure communication tunnels within the secure communication channel, wherein the plurality of secure communication tunnels is established using certificates issued by a plurality of unique certificate authorities; disperse data packets into a plurality of shares, wherein a share is encrypted using a key associated with the establishment of a first secure communication tunnel of the plurality of secure communication tunnels; and transmit the share over a second secure communication tunnel of the plurality of secure communication tunnels, wherein the first secure communication tunnel is different than the second communication tunnel. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory computer-readable medium comprising instructions that, when executed by processing circuitry, cause a computer system to carry out a method for secure workgroup communication, the method comprising:
-
establishing, using a hardware processor, a secure communication channel; establishing a plurality of secure communication tunnels within the secure communication channel, wherein the plurality of secure communication tunnels is established using certificates issued by a plurality of unique certificate authorities; dispersing data packets into a plurality of shares, wherein a share is encrypted using a key associated with the establishment of a first secure communication tunnel of the plurality of secure communication tunnels; and transmitting the share over a second secure communication tunnel of the plurality of secure communication tunnels, wherein the first secure communication tunnel is different than the second communication tunnel.
-
Specification