Method and apparatus for secure data storage using distributed databases
First Claim
Patent Images
1. A method comprising:
- establishing a password associated with a received block of data, the password for use in later re-creation of the block of data;
encrypting, using an encryption key, the block of data;
generating, using a first threshold scheme, a first plurality of shares based on the block of data, at least a subset of the first plurality of shares is needed to re-create the block of data;
distributing the first plurality of shares to a plurality of distributed databases;
generating, using a second threshold scheme, a second plurality of shares based on the encryption key, at least a subset of the second plurality of shares is needed to re-create the encryption key; and
distributing the second plurality of shares to the plurality of distributed databases.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for secure data storage using distributed databases generates a first plurality of shares, using a first threshold scheme, based on a block of data, with at least a subset of the first plurality of shares being needed to re-create the block of data. The first plurality of shares are then distributed to a plurality of distributed databases.
-
Citations
21 Claims
-
1. A method comprising:
-
establishing a password associated with a received block of data, the password for use in later re-creation of the block of data;
encrypting, using an encryption key, the block of data;
generating, using a first threshold scheme, a first plurality of shares based on the block of data, at least a subset of the first plurality of shares is needed to re-create the block of data;
distributing the first plurality of shares to a plurality of distributed databases;
generating, using a second threshold scheme, a second plurality of shares based on the encryption key, at least a subset of the second plurality of shares is needed to re-create the encryption key; and
distributing the second plurality of shares to the plurality of distributed databases. - View Dependent Claims (2, 3, 4, 5, 6, 7)
receiving a request to retrieve the block of data, the request including a submitted password;
comparing the submitted password to the password;
accessing at least a subset of the plurality of databases to retrieve a second plurality of shares if the submitted password matches the password; and
re-creating the block of data using the second plurality of shares.
-
-
5. The method of claim 4, wherein the number of shares in the subset is equal to the number of shares in the second plurality of shares.
-
6. The method of claim 1, wherein the number of shares in the subset is less than the number of shares in the first plurality of shares.
-
7. The method of claim 1, further comprising:
returning, to a source of the block of data, a password corresponding to the block of data.
-
8. An apparatus comprising:
-
a storage controller to encrypt, using an encryption key, the block of data prior to providing the block of data to a share generator;
a share generator coupled to the storage controller, the share generator to generate, using a first threshold scheme, a first plurality of shares based on a block of data, at least a subset of the first plurality of shares is needed to re-create the block of data, the share generator to further generate, using a second threshold scheme, a second plurality of shares based on the encryption key, at least a subset of the second plurality of shares is needed to re-create the encryption key;
a verification controller coupled to the share generator, the verification controller to establish a password to control subsequent re-creation of the block of data; and
a share distributor coupled to the share generator, the share distributor to distribute the first plurality of shares to a plurality of distributed databases and to distribute the second plurality of shares to the plurality of distributed databases. - View Dependent Claims (9, 10, 11, 12, 13)
data recovery logic coupled to the share distributor and the verification controller, the data recovery logic to re-create the block of data using the second plurality of shares if the verification circuit confirms that a password submitted with a request for re-creation of the block of data matches the password; and
wherein the share distributor is to access at least a subset of the plurality of databases to retrieve a second plurality of shares.
-
-
12. The apparatus of claim 11, wherein a number of shares in the subset of the first plurality of shares is equal to a number of shares in the second plurality of shares.
-
13. The apparatus of claim 8, wherein a number of shares in the subset of the first plurality of shares is less than a number of shares in the first plurality of shares.
- 14. A machine-readable medium having stored thereon a plurality of instructions, designed to be executed by a processor, for implementing a function to (i) establish a password associated with a block of data for use in authenticating that subsequent re-creation of the block of data is proper, (ii) to encrypt, using an encryption key, the block of data prior to a first plurality of shares being generated, (iii) generate, using a first threshold scheme, a first plurality of shares based on a block of data, wherein at least a subset of the first plurality of shares is needed to re-create the block of data, (iv) to generate, using a second threshold scheme, a second plurality of shares based on the encryption key, at least a subset of the second plurality of shares is needed to re-create the encryption key, and (v) to distribute the first plurality of shares to a plurality of distributed databases and to distribute the second plurality of shares to the plurality of distributed databases.
-
20. An apparatus comprising:
-
means for generating, using a first threshold scheme, a first plurality of shares based on a block of data in which at least a subset of the first plurality of shares is needed to re-create the block of data and also for generating, using a second threshold scheme, a second plurality of shares based on an encryption key, at least a subset of the second plurality of shares is needed to re-create the encryption key;
means for encrypting, using the encryption key, the block of data prior to the first plurality of shares being generated by the means for generating;
means for establishing a password to control re-creation of the block of data, the means for establishing the password being coupled to the means for generating; and
means for distributing the first plurality of shares to a plurality of distributed databases and for distributing is also for distributing the second plurality of shares to the plurality of distributed databases, the means for distributing being coupled to the means for generating. - View Dependent Claims (21)
means for receiving a request to retrieve the block of data, the request including a password from a requestor, the means for receiving the request being coupled to the means for generating;
means for re-creating the block of data using the second plurality of shares; and
wherein the means for distributing is also for accessing at least a subset of the plurality of databases to retrieve the second plurality of shares.
-
Specification