SYSTEMS AND METHODS FOR SECURITY HARDENING OF DATA IN TRANSIT AND AT REST VIA SEGMENTATION, SHUFFLING AND MULTI-KEY ENCRYPTION

US 20150310219A1
Filed: 04/28/2015
Published: 10/29/2015
Est. Priority Date: 04/28/2014
Status: Active Grant

First Claim

Patent Images

1. A method for hardening the security, confidentiality and privacy of a file, the method comprising:

segmenting at a first computer system a file into a plurality of file segments; and

encrypting the plurality of file segments using a plurality of encryption keys in order to generate a corresponding plurality of encrypted file segments, wherein each file segment of the plurality of file segments is encrypted using a respective encryption key of the plurality of encryption keys.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for security hardening of a file in transit and at rest via segmentation, shuffling and multi-key encryption are presented. The method including segmenting at a first computer system a file into a plurality of file segments, and encrypting the plurality of file segments using a plurality of encryption keys in order to generate a corresponding plurality of encrypted file segments, wherein each file segment of the plurality of file segments is encrypted using a respective encryption key of the plurality of encryption keys. Additionally included is bidirectional data transformation of a file by obfuscating at a first computer system digital values of the file in order to generate corresponding obfuscated digital values of the file, wherein the obfuscated digital values of the file retain their contextual integrity and referential integrity

53 Citations

View as Search Results

27 Claims

1. A method for hardening the security, confidentiality and privacy of a file, the method comprising:
- segmenting at a first computer system a file into a plurality of file segments; and
  
  encrypting the plurality of file segments using a plurality of encryption keys in order to generate a corresponding plurality of encrypted file segments, wherein each file segment of the plurality of file segments is encrypted using a respective encryption key of the plurality of encryption keys.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising receiving at a first computer system a file as input, and outputting and transferring the file description data and the plurality of encrypted file segments as output from the at least one source computer processor to at least one recipient computer processor.
  - 3. The method of claim 1, further comprising encrypting the plurality of encryption keys so as to generate a plurality of encrypted encryption keys.
  - 4. The method of claim 3, further comprising generating file description data that comprises the plurality of encryption keys.
  - 5. The method of claim 4, further comprising transferring the file description data and the plurality of encrypted file segments from the at least one source computer processor to at least one recipient computer processor.
  - 6. The method of claim 5, further comprising:
    - receiving the file description data and the plurality of encrypted file segments;
      
      decrypting the plurality of encrypted encryption keys in order to obtain the plurality of encryption keys;
      
      decrypting the plurality of encrypted file segments in order to obtain the plurality of file segments; and
      
      combining the plurality of file segments so as to generate a copy of the file.
  - 7. The method of claim 5, further comprising transferring the file description data and the plurality of encrypted file segments, wherein the transferring is performed using a file transfer server networked between the first computer system and the second computer system.
  - 8. The method of claim 7, further comprising determining if an equivalent of each file segment is present at the file transfer server or the second computer system;
    - and transferring file segments for which no equivalent of the file segment is present at the file transfer server or the second computer system.
  - 9. The method of claim 1, further comprising distributing the plurality of file segments among a plurality of randomly chosen storage locations.
  - 10. The method of claim 1, further comprising compressing each file segment.
  - 11. The method of claim 1, further comprising receiving user input indicating an identity of the file.
  - 12. The method of claim 11, wherein the user input comprises associating the file with a workspace defining users who are permitted to access the file.
  - 13. The method of claim 1, wherein the encryption key for one file segment is generated using a different algorithm than the encryption key for another file segment.
  - 14. The method of claim 1, further comprising encrypting each encryption key in order to generate a corresponding encrypted encryption key.
  - 15. The method of claim 1, further comprising transferring the plurality of encrypted file segments over a network in parallel.
  - 16. The method of claim 1, wherein a size of the file segment in the plurality of file segments is configurable manually, randomly or according to a pre-defined pattern.
  - 17. The method of claim 1, wherein each encryption key of the plurality of encryption keys is independently and randomly generated using a secure, pseudorandom generator.
  - 18. The method of claim 1, further comprising erasing data of at least one file or file segment.

19. A method for decrypting a file, the method comprising:
- receiving at a first computer system file description data comprising a plurality of encrypted encryption keys and a plurality of encrypted file segments;
  
  decrypting the plurality of encrypted encryption keys in order to obtain a plurality of encryption keys;
  
  decrypting the plurality of encrypted file segments in order to obtain a plurality of file segments; and
  
  combining each file segment in the plurality of file segments so as to generate a copy of the file.
- View Dependent Claims (20, 21)
- - 20. The method of claim 19, further comprising receiving the file description data from a file transfer server networked with the first computer system and a second computer system.
  - 21. The method of claim 20, further comprising determining if an equivalent of each file segment is present at the first computer system;
    - and downloading encrypted file segments that correspond to file segments that are not already present at the first computer system.

22. A system for hardening the security, confidentiality and privacy of a file, the system comprising:
- one or more processors; and
  
  memory, including instructions executable by the one or more processors to cause the system to at least;
  
  divide a file at a first computer system into a plurality of file segments, wherein a size of each file segment of the plurality of file segments is configurable; and
  
  encrypt the plurality of file segments using a plurality of encryption keys in order to generate a corresponding plurality of encrypted file segments, wherein each file segment of the plurality of file segments is encrypted using a respective encryption key of the plurality of encryption keys.
- View Dependent Claims (23, 24)
- - 23. The system of claim 22, further comprising instructions executable by the one or more processors to cause the system to at least:
    - encrypt each encryption key in the plurality of encryption keys so as to generate a corresponding plurality of encrypted encryption keys;
      
      generate file description data comprising the encrypted encryption keys;
      
      transfer the file description data to a recipient computer system; and
      
      transfer at least some of the encrypted file segments to the recipient computer system.
  - 24. The system of claim 22 or 23, further comprising instructions executable by the one or more processors to cause the system to at least:
    - receive at a first computer system a file as input;
      
      output the file description data; and
      
      output at least some of the encrypted file segments.

25. A system for decrypting a file, the system comprising:
- one or more processors; and
  
  memory, including instructions executable by the one or more processors to cause the system to at least;
  
  receive a plurality of file segments and encrypted file description data;
  
  decrypt the identity of each of the file segments in the plurality of file segments and of an encryption key that is associated with each file segment in the plurality of file segments;
  
  download a plurality of encrypted file segments generated from the plurality of file segments;
  
  decrypt each encrypted file segment of the plurality of encrypted file segments using the encryption key that is associated with each file segment in the plurality of file segments; and
  
  combine each decrypted file segment into a copy of a file.

26. A method for hardening the security, confidentiality, and privacy of a file, the method comprising:
- obfuscating at a first computer system digital values of the file in order to generate corresponding obfuscated digital values of the file, wherein the obfuscated digital values of the file retain their contextual integrity and referential integrity;
  
  mapping the obfuscated digital values of the file to the digital values of the file;
  
  transferring the obfuscated digital values of the file to a second computer system; and
  
  using the obfuscated digital values of the file as an input to search, query, or otherwise reference back as output to the first computer system.
- View Dependent Claims (27)
- - 27. The method of claim 26, further comprising:
    - segmenting at the first computer system the file into a plurality of file segments; and
      
      encrypting the plurality of file segments using a plurality of encryption keys in order to generate a corresponding plurality of encrypted file segments, wherein each file segment of the plurality of file segments is encrypted using a respective encryption key of the plurality of encryption keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Topia Technology, Inc.
Original Assignee
Topia Technology, Inc.
Inventors
Haager, John, Sandwith, Cody, Terrano, Janine, Saripalli, Prasad

Granted Patent

US 9,990,502 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

H04L 63/0428   wherein the data content is...

H04L 63/0478   applying multiple layers of...

H04L 9/0869   involving random numbers or...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

SYSTEMS AND METHODS FOR SECURITY HARDENING OF DATA IN TRANSIT AND AT REST VIA SEGMENTATION, SHUFFLING AND MULTI-KEY ENCRYPTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR SECURITY HARDENING OF DATA IN TRANSIT AND AT REST VIA SEGMENTATION, SHUFFLING AND MULTI-KEY ENCRYPTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links