Secure data parser method and system
First Claim
Patent Images
1. A method for securing a data set, the method steps implemented by a programmed computer system, the method steps comprising:
- encrypting, using a computer, the data set based on a first key to produce an encrypted data set;
generating, using a computer, data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed;
separating, using a computer, the encrypted data set into the plurality of shares based on the data splitting information;
including, using a computer, in the plurality of shares data indicative of the first key;
encrypting, using a computer, the plurality of shares;
causing, using a computer, each of the plurality of shares to be stored in respective separate storage locations; and
causing, using a computer, information required to decrypt the plurality of shares to be stored elsewhere than the storage locations of the plurality of shares;
wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares and the information.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.
-
Citations
21 Claims
-
1. A method for securing a data set, the method steps implemented by a programmed computer system, the method steps comprising:
-
encrypting, using a computer, the data set based on a first key to produce an encrypted data set; generating, using a computer, data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed; separating, using a computer, the encrypted data set into the plurality of shares based on the data splitting information; including, using a computer, in the plurality of shares data indicative of the first key; encrypting, using a computer, the plurality of shares; causing, using a computer, each of the plurality of shares to be stored in respective separate storage locations; and causing, using a computer, information required to decrypt the plurality of shares to be stored elsewhere than the storage locations of the plurality of shares; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares and the information. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable medium storing computer executable instructions that, when executed by at least one processor, cause a computer system to carry out a method for securing a data set, the method comprising the steps of:
-
encrypting the data set based on a first key to produce an encrypted data set; generating data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed; separating the encrypted data set into the plurality of shares based on the data splitting information; including in the plurality of shares data indicative of the first key; encrypting the plurality of shares; causing each of the plurality of shares to be stored in respective separate storage locations; and causing information required to decrypt the plurality of shares to be stored elsewhere than the storage locations of the plurality of shares; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares and the information. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system for securing a data set, the system comprising:
-
at least one processor; a non-transitory computer readable medium storing computer executable instructions that, when executed by the at least one processor, cause the computer system to carry out a method for securing a data set, the method comprising the steps of; encrypting the data set based on a first key to produce an encrypted data set; generating data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed; separating the encrypted data set into the plurality of shares based on the data splitting information; including in the plurality of shares data indicative of the first key; encrypting the plurality of shares; causing each of the plurality of shares to be stored in respective separate storage locations; and causing information required to decrypt the plurality of shares to be stored elsewhere than the storage locations of the plurality of shares; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares and the information. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification