Secure data parser method and system

US 7,391,865 B2
Filed: 06/11/2003
Issued: 06/24/2008
Est. Priority Date: 09/20/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for securing data, comprising:

a) encrypting a data set to provide an encrypted data set;

b) generating two or more portions of data from the encrypted data set, wherein the generating comprises;

splitting the data set into a number of data units,generating random or pseudo-random numbers,associating the random or pseudo-random numbers with at least two shares,associating the random or pseudo-random numbers with the data units,determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units, andstoring, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination;

wherein the two or more portions of data each contain a randomized or pseudo-randomized distribution of the encrypted data set; and

c) encrypting one or more of the portions of data from step b), whereby the data set is restorable from at least two of the two or more portions of data from step b), wherein restoring the data set comprises;

decrypting the one or more portions of data from step c),reconstituting the encrypted data set by recombining data from the at least two of the two or more portions of data that was randomly or pseudo-randomly distributed in step b), anddecrypting the encrypted data set into the data set.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.

Citations

57 Claims

1. A method for securing data, comprising:
- a) encrypting a data set to provide an encrypted data set;
  
  b) generating two or more portions of data from the encrypted data set, wherein the generating comprises;
  
  splitting the data set into a number of data units,generating random or pseudo-random numbers,associating the random or pseudo-random numbers with at least two shares,associating the random or pseudo-random numbers with the data units,determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units, andstoring, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination;
  
  wherein the two or more portions of data each contain a randomized or pseudo-randomized distribution of the encrypted data set; and
  
  c) encrypting one or more of the portions of data from step b), whereby the data set is restorable from at least two of the two or more portions of data from step b), wherein restoring the data set comprises;
  
  decrypting the one or more portions of data from step c),reconstituting the encrypted data set by recombining data from the at least two of the two or more portions of data that was randomly or pseudo-randomly distributed in step b), anddecrypting the encrypted data set into the data set.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the generating of step b) generates at least four portions of data.
  - 3. The method of claim 1, wherein step b) and step c) are repeated one or more times, and optionally, wherein the encrypting of step c) is performed using an encryption algorithm that is different from the encryption algorithm in step a).
  - 4. The method of claim 1, wherein the at least two data shares are on different locations of the same data depository.
  - 5. The method of claim 1, wherein the at least two data shares are on different data depositories.
  - 6. The method of claim 1, wherein the at least two data shares are on different data depositories in different geographic locations.
  - 7. The method of claim 1, wherein the encryption of step c) provides an encryption key, and wherein the encryption key is stored together with the data encrypted using said encryption key in step c).
  - 8. The method of claim 1, wherein the encryption of step c) provides an encryption key, and wherein the encryption key is stored separately from the data encrypted using said encryption key in step c).
  - 9. The method of claim 1, wherein the data set of step a) comprises data selected from the group consisting of encryption key data, text, video, audio, images, biometrics, and digital data.

10. A method for securing data, comprising:
- a) generating two or more portions of data from a data set, wherein the generating comprises;
  
  splitting the data set into a number of data units,generating random or pseudo-random numbers,associating the random or pseudo-random numbers with at least two shares,associating the random or pseudo-random numbers with the data units,determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units, andstoring, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination;
  
  wherein the two or more portions of data each contain a random or pseudo-random distribution of the data set; and
  
  b) encrypting one or more of the portions of data of step a), whereby the data set is restorable from at least two of the two or more portions of data, wherein restoring the data set comprises;
  
  decrypting the one or more portions of data from step b), andreconstituting the data set by recombining data from the at least two of the two or more portions of data that was randomly or pseudo-randomly distributed in step a).
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, wherein the generating of step a) generates at least four portions of data.
  - 12. The method of claim 10, wherein step a) and step b) are repeated one or more times, and, optionally, wherein the encryption of step b) is repeated using a different encryption algorithm.
  - 13. The method of claim 10, wherein the at least two data shares are on different locations of the same data depository.
  - 14. The method of claim 10, wherein the at least two data shares are on different data depositories.
  - 15. The method of claim 10, wherein the at least two data shares are on different data depositories in different geographic locations.
  - 16. The method of claim 10, wherein the encryption of step b) provides an encryption key, and wherein the encryption key is stored together with the data encrypted using said encryption key in step b).
  - 17. The method of claim 10, wherein the encryption of step b) provides an encryption key, and wherein the encryption key is stored separately from the data encrypted using said encryption key in step b).
  - 18. The method of claim 10, wherein the data set of step a) comprises data selected from a group consisting of encryption key data, text, video, audio, images, biometrics, and digital data.
  - 19. The method of claim 10, wherein the encryption of step b) is performed using an encryption algorithm selected from a group consisting of RS1, RC4™
    - , and OTP.

20. A method for securing data, comprising:
- a) generating an encryption master key and encrypting a data set using the encryption master key;
  
  b) generating two or more portions of data from the encrypted data set and the encryption master key according to one separating pattern, wherein generating the two or more portions comprises;
  
  splitting the data set into a number of data units,generating random or pseudo-random numbers,associating the random or pseudo-random numbers with at least two shares,associating the random or pseudo-random numbers with the data units,determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units,storing, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination, andappending an encryption master key portion to the at least two shares, wherein the two or more portions comprise a random or pseudo-random distribution of data from the encrypted data set; and
  
  c) generating one or more encryption keys for the portions of data from step b) and encrypting said portions of data using said one or more encryption keys, whereby the data set is restorable from at least two portions of the two or more portions of data, wherein restoring the data set comprises;
  
  decrypting the encrypted portions of data,reconstituting the encrypted data set by recombining data from the at least two portions of the two or more portions of data that was randomly or pseudo-randomly distributed in step b), anddecrypting the encrypted data set into the data set.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 21. The method of claim 20, wherein the storing of encrypted data portions is on two or more different locations of one data depository.
  - 22. The method of claim 20, wherein the storing of encrypted data portions is on two or more data depositories.
  - 23. The method of claim 20, wherein the storing of encrypted data portions is on two or more different locations of one data depository.
  - 24. The method of claim 20, wherein the storing of the encryption keys is on two or more different data depositories.
  - 25. The method of claim 20, wherein the encryption keys generated in step c) is stored with the encrypted data of step c) on different locations on one or more data depository.
  - 26. The method of claim 20, wherein the encryption key generated in step c) is stored on a different data depository from the encrypted data of step c) that was encrypted using said encryption key.
  - 27. The method of claim 20, wherein the encrypted data of step b) is separated into four or more portions.
  - 28. The method of claim 20, wherein the encryption master key of step b) is separated into four or more portions.
  - 29. The method of claim 20, wherein step b) and step c) are repeated one or more times, and optionally, wherein the encrypting of step c) is performed using an encryption algorithm that is different from the encryption algorithm used in step a).

30. A method for securing data, comprising:
- a) generating an encryption master key and encrypting a data set using the encryption master key;
  
  b) generating two or more portions of data from the encrypted data set and the encryption master key according to one separating pattern, wherein generating the two or more portions comprises;
  
  splitting the data set into a number of data units,generating random or pseudo-random numbers,associating the random or pseudo-random numbers with at least two shares,associating the random or pseudo-random numbers with the data units,determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units,storing, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination, andstoring encryption master key portions in the at least two shares, wherein the two or more portions comprise a random or pseudo-random distribution of data from the encrypted data set; and
  
  c) generating one or more encryption keys for the encrypted data set portions of step b) and encrypting said portions of data using said encryption key, whereby the data set is restorable from at least two portions of the two or more portions of data, wherein restoring the data set comprises;
  
  decrypting the encrypted portions from step c),reconstituting the encrypted data set by recombining data from the at least two portions of the two or more portions of data that was randomly or pseudo-randomly distributed in step b), anddecrypting the encrypted data set into the data set.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 31. The method of claim 30, wherein the storing of encrypted data portions is on two or more different locations of one data depository.
  - 32. The method of claim 30, wherein the storing of encrypted data portions is on two or more data depositories.
  - 33. The method of claim 30, wherein the storing of the encryption keys is on two or more different locations of one data depository.
  - 34. The method of claim 30, wherein the storing of the encryption keys is on two or more different data depositories.
  - 35. The method of claim 30, wherein the encryption keys generated in step c) and used to encrypt a data set in step c) is stored with the encrypted data set that was encrypted using the encryption key on one or more data depositories.
  - 36. The method of claim 30, wherein the encryption key generated in step c) and used to encrypt a data set in step c) is stored in a different location on one or more data depositories from the encrypted data set that was encrypted using the encryption key.
  - 37. The method of claim 30, wherein the encrypted data of step b) is separated into four or more portions.
  - 38. The method of claim 30, wherein the encryption master key of step b) is separated into four or more portions.
  - 39. The method of claim 30, wherein step b) and step c) are repeated one or more times, and optionally, wherein the encrypting of step c) is performed using an encryption algorithm that is different from the encryption algorithm used in step a).

40. A method for securing data, comprising:
- a) encrypting a data set to provide an encrypted data set;
  
  b) generating two or more portions of data from the encrypted data set according to the contents of a unique key value, wherein the generating comprises;
  
  splitting the data set into a number of data units,generating the unique key values,associating the unique key values with at least two shares,associating the unique key values with the data units,determining into which of the at least two shares to store each data unit according to the association of the unique key values with the at least two shares and with the data units, andstoring, using electronic storage, the data units and data indicative of at least a portion of the unique key values in the at least two shares according to the determination;
  
  wherein the encrypted data set is randomly or pseudo-randomly distributed among the two or more portions of data; and
  
  c) encrypting one or more of the portions of data from step b), whereby the data set is restorable from at least a subset of the portions of data, wherein restoring the data set comprises;
  
  decrypting the one or more portions of data from step c),reconstituting the encrypted data set by recombining data from the at least two of the two or more portions of data that was randomly or pseudo-randomly distributed in step b), anddecrypting the encrypted data set into the data set.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 41. The method of claim 40, wherein the generating of step b) generates four or more portions of data according to the contents of a unique key value.
  - 42. The method of claim 41, wherein step b) and step c) are repeated one or more times, and optionally, wherein the encrypting of step c) is performed using an encryption algorithm that is different from the encryption algorithm in step a).
  - 43. The method of claim 40, wherein the at least two data shares are on different locations of the same data depository.
  - 44. The method of claim 40, wherein the at least two data shares are on different data depositories.
  - 45. The method of claim 40, wherein the at least two data shares are on different data depositories in different geographic locations.
  - 46. The method of claim 40, wherein the encryption of step c) provides an encryption key, and wherein the encryption key is stored together with the data encrypted using said encryption key in step c).
  - 47. The method of claim 40, wherein the encryption of step c) provides an encryption key, and wherein the encryption key is stored separately from the data encrypted using said encryption key in step c).
  - 48. The method of claim 40, wherein the data set of step a) comprises data selected from the group consisting of encryption key data, text, video, audio, images, biometrics, and digital data.
  - 49. The method of claim 40 wherein said portions of data comprise one or more bits of data.

50. A method for securing data, comprising:
- a) splitting a data set into N number of data units;
  
  b) selecting X number of shares for data unit storage;
  
  c) generating N number of random or pseudo-random numbers that correspond to the X number of shares;
  
  d) assigning the random or pseudo-random numbers to the data units; and
  
  e) storing, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the shares that correspond to the random or pseudo-random numbers, whereby the data set is restorable from at least a subset of the X number of shares, wherein restoring the data set comprises reconstituting the data set by recombining the data units from the at least a subset of the X number of shares according to the substantially random numbers.
- View Dependent Claims (51)
- - 51. The method of claim 50, wherein said data units comprise at least one bit.

52. A method for securing a data set, comprising:
- generating at least two portions of data from the data set, wherein the generating comprises;
  
  splitting the data set into a number of data units,generating random or pseudo-random numbers,associating the random or pseudo-random numbers with at least two shares,associating the random or pseudo-random numbers with the data units,determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units, andstoring, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination;
  
  wherein each of the at least two portions of data respectively contains a random or pseudo-random distribution of a respective subset of the data set, whereby the data set is restorable from at least two portions of the at least two portions of data by recombining data from the at least two portions of the at least two portions of data that was substantially randomly distributed.
- View Dependent Claims (53, 54, 55, 56)
- - 53. The method of claim 52 wherein generating the at least two portions of data comprises generating the at least two portions of data from the data set, wherein the at least two portions of data each contain a substantially randomized distribution of bits of data from the data set.
  - 54. The method of claim 52 wherein generating the at least two portions of data comprises generating the at least two portions of data from the data set, wherein the at least two portions of data each contain a substantially randomized distribution of bytes of data from the data set.
  - 55. The method of claim 52 wherein generating the at least two portions of data comprises generating the at least two portions of data from the data set, wherein the at least two portions of data each contain a substantially randomized distribution of blocks of data from the data set.
  - 56. The method of claim 52 wherein generating the at least two portions of data comprises generating the at least two portions of data from the data set using redundancy.

57. A method for securing a data set, the method comprising:
- randomly or pseudo-randomly selecting a first group of data units from the data set;
  
  randomly or pseudo-randomly selecting a second group of data units from the data set, wherein the randomly or pseudo-randomly selecting the first group of data units and the second group of data units comprises;
  
  generating random or pseudo-random numbers,associating the random or pseudo-random numbers with at least two shares,associating the random or pseudo-random numbers with data units in the first group of data units and the second group of data units, anddetermining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units;
  
  wherein each of the first group of the data units and the second group of the data units contains less than all of the data units in the data set; and
  
  storing the first group of data units and the second group of data units separately in the at least two shares, wherein the data set is restorable from at least a portion of the first group of data units and at least a portion of the second group of data units.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Davenport, Roger S., O'Hare, Mark S., VanZandt, John, Orsini, Rick L.
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
TRUVAN, LEYNNA THANH

Application Number

US10/458,928
Publication Number

US 20040049687A1
Time in Patent Office

1,840 Days
Field of Search

709200- 1, 709/201, 709/208, 709215-216, 709223-225, 709/229, 709/249, 709231-232, 705/71, 705 50- 51, 711/100, 711/164, 711/134, 711150-154, 713200- 1, 713/201, 713/153, 713/150, 713/171, 713187-189, 713/193, 713/165, 726 1- 7, 726 26- 27, 726/30, 726 18- 19, 726 32- 34, 380/1, 380200-203, 380/255, 380/268, 380/37, 380/42, 380 28- 30, 717/103, 717/143, 717/145, 717/148, 707 1- 2, 707/10, 707100-102, 707/200
US Class Current

380/201
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/41   where a single sign-on prov...

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2115   Third party

G06F 2221/2117   User registration

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G07F 7/1016   Devices or methods for secu...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/68 : Special signature format, e...

H04L 2209/805 : Lightweight hardware, e.g. ...

H04L 63/0428 : wherein the data content is...

H04L 63/0853 : using an additional device,...

H04L 63/10 : for controlling access to d...

H04L 63/105 : Multiple levels of security

H04L 9/0816 : Key establishment, i.e. cry...

H04L 9/085 : Secret sharing or secret sp...

H04L 9/0894 : Escrow, recovery or storing...

H04L 9/3231 : Biological data, e.g. finge...

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

View All

Secure data parser method and system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data parser method and system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links