Secure data parser method and system
First Claim
Patent Images
1. A method for securing data, comprising:
- a) encrypting a data set to provide an encrypted data set;
b) generating two or more portions of data from the encrypted data set, wherein the generating comprises;
splitting the data set into a number of data units,generating random or pseudo-random numbers,associating the random or pseudo-random numbers with at least two shares,associating the random or pseudo-random numbers with the data units,determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units, andstoring, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination;
wherein the two or more portions of data each contain a randomized or pseudo-randomized distribution of the encrypted data set; and
c) encrypting one or more of the portions of data from step b), whereby the data set is restorable from at least two of the two or more portions of data from step b), wherein restoring the data set comprises;
decrypting the one or more portions of data from step c),reconstituting the encrypted data set by recombining data from the at least two of the two or more portions of data that was randomly or pseudo-randomly distributed in step b), anddecrypting the encrypted data set into the data set.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.
-
Citations
57 Claims
-
1. A method for securing data, comprising:
-
a) encrypting a data set to provide an encrypted data set; b) generating two or more portions of data from the encrypted data set, wherein the generating comprises; splitting the data set into a number of data units, generating random or pseudo-random numbers, associating the random or pseudo-random numbers with at least two shares, associating the random or pseudo-random numbers with the data units, determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units, and storing, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination; wherein the two or more portions of data each contain a randomized or pseudo-randomized distribution of the encrypted data set; and c) encrypting one or more of the portions of data from step b), whereby the data set is restorable from at least two of the two or more portions of data from step b), wherein restoring the data set comprises; decrypting the one or more portions of data from step c), reconstituting the encrypted data set by recombining data from the at least two of the two or more portions of data that was randomly or pseudo-randomly distributed in step b), and decrypting the encrypted data set into the data set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for securing data, comprising:
-
a) generating two or more portions of data from a data set, wherein the generating comprises; splitting the data set into a number of data units, generating random or pseudo-random numbers, associating the random or pseudo-random numbers with at least two shares, associating the random or pseudo-random numbers with the data units, determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units, and storing, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination; wherein the two or more portions of data each contain a random or pseudo-random distribution of the data set; and b) encrypting one or more of the portions of data of step a), whereby the data set is restorable from at least two of the two or more portions of data, wherein restoring the data set comprises; decrypting the one or more portions of data from step b), and reconstituting the data set by recombining data from the at least two of the two or more portions of data that was randomly or pseudo-randomly distributed in step a). - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for securing data, comprising:
-
a) generating an encryption master key and encrypting a data set using the encryption master key; b) generating two or more portions of data from the encrypted data set and the encryption master key according to one separating pattern, wherein generating the two or more portions comprises; splitting the data set into a number of data units, generating random or pseudo-random numbers, associating the random or pseudo-random numbers with at least two shares, associating the random or pseudo-random numbers with the data units, determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units, storing, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination, and appending an encryption master key portion to the at least two shares, wherein the two or more portions comprise a random or pseudo-random distribution of data from the encrypted data set; and c) generating one or more encryption keys for the portions of data from step b) and encrypting said portions of data using said one or more encryption keys, whereby the data set is restorable from at least two portions of the two or more portions of data, wherein restoring the data set comprises; decrypting the encrypted portions of data, reconstituting the encrypted data set by recombining data from the at least two portions of the two or more portions of data that was randomly or pseudo-randomly distributed in step b), and decrypting the encrypted data set into the data set. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method for securing data, comprising:
-
a) generating an encryption master key and encrypting a data set using the encryption master key; b) generating two or more portions of data from the encrypted data set and the encryption master key according to one separating pattern, wherein generating the two or more portions comprises; splitting the data set into a number of data units, generating random or pseudo-random numbers, associating the random or pseudo-random numbers with at least two shares, associating the random or pseudo-random numbers with the data units, determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units, storing, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination, and storing encryption master key portions in the at least two shares, wherein the two or more portions comprise a random or pseudo-random distribution of data from the encrypted data set; and c) generating one or more encryption keys for the encrypted data set portions of step b) and encrypting said portions of data using said encryption key, whereby the data set is restorable from at least two portions of the two or more portions of data, wherein restoring the data set comprises; decrypting the encrypted portions from step c), reconstituting the encrypted data set by recombining data from the at least two portions of the two or more portions of data that was randomly or pseudo-randomly distributed in step b), and decrypting the encrypted data set into the data set. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A method for securing data, comprising:
-
a) encrypting a data set to provide an encrypted data set; b) generating two or more portions of data from the encrypted data set according to the contents of a unique key value, wherein the generating comprises; splitting the data set into a number of data units, generating the unique key values, associating the unique key values with at least two shares, associating the unique key values with the data units, determining into which of the at least two shares to store each data unit according to the association of the unique key values with the at least two shares and with the data units, and storing, using electronic storage, the data units and data indicative of at least a portion of the unique key values in the at least two shares according to the determination; wherein the encrypted data set is randomly or pseudo-randomly distributed among the two or more portions of data; and c) encrypting one or more of the portions of data from step b), whereby the data set is restorable from at least a subset of the portions of data, wherein restoring the data set comprises; decrypting the one or more portions of data from step c), reconstituting the encrypted data set by recombining data from the at least two of the two or more portions of data that was randomly or pseudo-randomly distributed in step b), and decrypting the encrypted data set into the data set. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. A method for securing data, comprising:
-
a) splitting a data set into N number of data units; b) selecting X number of shares for data unit storage; c) generating N number of random or pseudo-random numbers that correspond to the X number of shares; d) assigning the random or pseudo-random numbers to the data units; and e) storing, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the shares that correspond to the random or pseudo-random numbers, whereby the data set is restorable from at least a subset of the X number of shares, wherein restoring the data set comprises reconstituting the data set by recombining the data units from the at least a subset of the X number of shares according to the substantially random numbers. - View Dependent Claims (51)
-
-
52. A method for securing a data set, comprising:
-
generating at least two portions of data from the data set, wherein the generating comprises; splitting the data set into a number of data units, generating random or pseudo-random numbers, associating the random or pseudo-random numbers with at least two shares, associating the random or pseudo-random numbers with the data units, determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units, and storing, using electronic storage, the data units and data indicative of at least a portion of the random or pseudo-random numbers in the at least two shares according to the determination; wherein each of the at least two portions of data respectively contains a random or pseudo-random distribution of a respective subset of the data set, whereby the data set is restorable from at least two portions of the at least two portions of data by recombining data from the at least two portions of the at least two portions of data that was substantially randomly distributed. - View Dependent Claims (53, 54, 55, 56)
-
-
57. A method for securing a data set, the method comprising:
-
randomly or pseudo-randomly selecting a first group of data units from the data set; randomly or pseudo-randomly selecting a second group of data units from the data set, wherein the randomly or pseudo-randomly selecting the first group of data units and the second group of data units comprises; generating random or pseudo-random numbers, associating the random or pseudo-random numbers with at least two shares, associating the random or pseudo-random numbers with data units in the first group of data units and the second group of data units, and determining into which of the at least two shares to store each data unit according to the association of the random or pseudo-random numbers with the at least two shares and with the data units; wherein each of the first group of the data units and the second group of the data units contains less than all of the data units in the data set; and storing the first group of data units and the second group of data units separately in the at least two shares, wherein the data set is restorable from at least a portion of the first group of data units and at least a portion of the second group of data units.
-
Specification