Method and system for data security

US 8,156,168 B2
Filed: 08/16/2007
Issued: 04/10/2012
Est. Priority Date: 08/17/2006
Status: Active Grant

First Claim

Patent Images

1. An apparatus for data security, the apparatus comprising:

a random number generator generating random numbers;

a share calculator in communication with the random number generator, the share calculator selecting a random polynomial to generate one or more encoded data shares based at least in part on the random numbers;

the share calculator encoding based at least in part on a Rabin polynomial model that encodes client data in at least one constant coefficient of the random polynomial;

the share calculator discarding the random polynomial after generating the one or more encoded data shares; and

the share calculator constructing a second random polynomial based on the one or more encoded data shares, the second random polynomial being used to reconstruct client data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and apparatus that advantageously provide a security protocol for data security. The apparatus includes a random number generator for generating random numbers and a share calculator in communication with the random number generator, the share calculator processes the data to generate one or more encoded data shares where the processing is based at least in part on the random numbers. The apparatus may further include a router that routes the encoded data shares, a switching fabric and associated logic. The data security system includes one or more storage devices that store client data and a splitter that controls access to the client data stored on the one or more storage devices where the splitter apparatus encodes at least a portion of the client data that is stored on the one or more storage devices.

5 Citations

14 Claims

1. An apparatus for data security, the apparatus comprising:
- a random number generator generating random numbers;
  
  a share calculator in communication with the random number generator, the share calculator selecting a random polynomial to generate one or more encoded data shares based at least in part on the random numbers;
  
  the share calculator encoding based at least in part on a Rabin polynomial model that encodes client data in at least one constant coefficient of the random polynomial;
  
  the share calculator discarding the random polynomial after generating the one or more encoded data shares; and
  
  the share calculator constructing a second random polynomial based on the one or more encoded data shares, the second random polynomial being used to reconstruct client data.
- View Dependent Claims (2)
- - 2. The apparatus of claim 1, further comprising a router in communication with the share calculator, the router routing the one or more encoded data shares.

3. A data security system, the system comprising:
- one or more storage devices, the one or more storage devices storing client data;
  
  a share calculator, the share calculator providing access to the client data stored on the one or more storage devices, the share calculator selecting a random polynomial to encode at least a portion of the client data that is stored on the one or more storage devices;
  
  the share calculator encoding based at least in part on a Rabin polynomial model that encodes the at least the portion of the client data in at least one constant coefficient of the random polynomial;
  
  the share calculator discarding the random polynomial after encoding at least a portion of the client data that is stored on the one or more storage devices; and
  
  the share calculator constructing a second random polynomial based on the encoded client data, the second random polynomial being used to reconstruct the client data.
- View Dependent Claims (4, 5)
- - 4. The system of claim 3, wherein the share calculator is located on a network path between one or more client devices and the one or more storage devices.
  - 5. The system of claim 3, wherein the share calculator communicates encoded client data sent from one or more client devices to the one or more storage devices.

6. A method for securing data in storage devices on a network, the method comprising:
- generating at least one random number;
  
  selecting a random polynomial based in part on the at least one random number;
  
  encoding at least a portion of the data to generate encoded data shares, the encoding being based at least in part on the random polynomial and a Rabin polynomial model that encodes the at least the portion of the data in at least one constant coefficient of the random polynomial;
  
  discarding the random polynomial after generating the encoded data shares;
  
  storing the encoded data shares in a plurality of data storage devices, the plurality of data storage devices being non-transitory storage devices; and
  
  constructing a second random polynomial based on the encoded data shares, the second random polynomial being used to reconstruct the at least the portion of the data.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
- - 7. The method for securing data of claim 6, further comprising:
    - routing the encoded data shares to the plurality of data storage devices.
  - 8. The method for securing data of claim 6, further comprising:
    - providing access to the stored encoded data shares.
  - 9. The method for securing data of claim 6, further comprising:
    - providing access to a network path between one or more client devices and the plurality of data storage devices.
  - 10. The method for securing data of claim 6, further including:
    - determining a number of encoded data shares based on a number of available storage devices for receiving the encoded data shares;
      
      retrieving a plurality of the stored encoded data shares from the storage devices; and
      
      comparing the number of retrieved stored encoded data shares to a preset reconstruction threshold factor, the preset reconstruction threshold factor indicating each of the retrieved stored encoded data shares are uncorrelated with the at least a portion of the data when the number of retrieved stored encoded data shares is less than the preset reconstruction threshold factor.
  - 11. The method for securing data of claim 10, further comprising accepting a data reconstruction of the plurality of the stored encoded data shares conditioned upon the number of retrieved stored encoded data shares being greater than the preset reconstruction threshold factor.
  - 12. The method for securing data of claim 6, further comprising:
    - transporting encoded data shares along a first communication path of a network; and
      
      storing a portion of the encoded data shares along a second communication path of the network.
  - 13. The method for securing data of claim 12, wherein the storing a portion of the encoded data shares along a second path of the network includes storage in a physically detachable storage device.
  - 14. The method for securing data of claim 12, further comprising using a second splitter to decode the encoded data shares that are stored on the one or more storage devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of Miami
Original Assignee
University of Miami
Inventors
Rosenberg, Burton J.
Primary Examiner(s)
Bullock, Jr., Lewis A
Assistant Examiner(s)
Hughes, Kevin G

Application Number

US11/839,909
Publication Number

US 20080046493A1
Time in Patent Office

1,699 Days
Field of Search

708/250, 713/153
US Class Current

708/250
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2107 File encryption

Method and system for data security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

5 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for data security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links