Secure data parser method and system

US 8,332,638 B2
Filed: 02/17/2012
Issued: 12/11/2012
Est. Priority Date: 09/20/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for securing a data set, the method steps implemented by a programmed computer system, the method steps comprising:

encrypting, using a computer, the data set based on a first key to produce an encrypted data set;

generating, using a computer, data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed;

separating, using a computer, the encrypted data set into the plurality of shares based on the data splitting information;

including, using a computer, in the plurality of shares data indicative of the first key;

encrypting, using a computer, the plurality of shares;

causing, using a computer, each of the plurality of shares to be stored in respective separate storage locations; and

causing, using a computer, information required to decrypt the plurality of shares to be stored elsewhere than the storage locations of the plurality of shares;

wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares and the information.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.

Citations

21 Claims

1. A method for securing a data set, the method steps implemented by a programmed computer system, the method steps comprising:
- encrypting, using a computer, the data set based on a first key to produce an encrypted data set;
  
  generating, using a computer, data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed;
  
  separating, using a computer, the encrypted data set into the plurality of shares based on the data splitting information;
  
  including, using a computer, in the plurality of shares data indicative of the first key;
  
  encrypting, using a computer, the plurality of shares;
  
  causing, using a computer, each of the plurality of shares to be stored in respective separate storage locations; and
  
  causing, using a computer, information required to decrypt the plurality of shares to be stored elsewhere than the storage locations of the plurality of shares;
  
  wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares and the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the step of separating the encrypted data set comprises using a deterministic technique.
  - 3. The method of claim 1, wherein the step of separating the encrypted data set comprises using a substantially random technique.
  - 4. The method of claim 1, further comprising causing a plurality of data units in each of the shares to be rearranged relative to one another after the separating step.
  - 5. The method of claim 1, wherein the step of separating the encrypted data into the plurality of shares comprises causing the plurality of shares to have a substantially randomly distribution of the encrypted data set.
  - 6. The method of claim 1, wherein the step of storing the shares in respective separate storage locations comprises storing the shares on at least two separate storage devices.
  - 7. The method of claim 1, wherein encrypting the plurality of shares comprises encrypting each of the plurality of shares with a different key other than the first key, the information required to decrypt the plurality of shares comprises the different keys, and causing the information required to decrypt the plurality of shares to be stored comprises storing each of the different keys with a share other than the share encrypted by the respective different key.

8. A non-transitory computer readable medium storing computer executable instructions that, when executed by at least one processor, cause a computer system to carry out a method for securing a data set, the method comprising the steps of:
- encrypting the data set based on a first key to produce an encrypted data set;
  
  generating data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed;
  
  separating the encrypted data set into the plurality of shares based on the data splitting information;
  
  including in the plurality of shares data indicative of the first key;
  
  encrypting the plurality of shares;
  
  causing each of the plurality of shares to be stored in respective separate storage locations; and
  
  causing information required to decrypt the plurality of shares to be stored elsewhere than the storage locations of the plurality of shares;
  
  wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares and the information.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable medium of claim 8, wherein the step of separating the encrypted data set comprises using a deterministic technique.
  - 10. The non-transitory computer readable medium of claim 8, wherein the step of separating the encrypted data set comprises using a substantially random technique.
  - 11. The non-transitory computer readable medium of claim 8, wherein the method further comprises causing a plurality of data units of the encrypted data set to be rearranged relative to one another after the separating step.
  - 12. The non-transitory computer readable medium of claim 8, wherein the step of separating the encrypted data into the plurality of shares comprises causing the plurality of shares to have a substantially randomly distribution of the encrypted data set.
  - 13. The non-transitory computer readable medium of claim 8, wherein the step of storing the shares in respective separate storage locations comprises storing the shares on at least two separate storage devices.
  - 14. The non-transitory computer readable medium of claim 8, wherein encrypting the plurality of shares comprises encrypting each of the plurality of shares with a different key other than the first key, the information required to decrypt the plurality of shares comprises the different keys, and causing the information required to decrypt the plurality of shares to be stored comprises storing each of the different keys with a share other than the share encrypted by the respective different key.

15. A computer system for securing a data set, the system comprising:
- at least one processor;
  
  a non-transitory computer readable medium storing computer executable instructions that, when executed by the at least one processor, cause the computer system to carry out a method for securing a data set, the method comprising the steps of;
  
  encrypting the data set based on a first key to produce an encrypted data set;
  
  generating data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed;
  
  separating the encrypted data set into the plurality of shares based on the data splitting information;
  
  including in the plurality of shares data indicative of the first key;
  
  encrypting the plurality of shares;
  
  causing each of the plurality of shares to be stored in respective separate storage locations; and
  
  causing information required to decrypt the plurality of shares to be stored elsewhere than the storage locations of the plurality of shares;
  
  wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares and the information.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein the step of separating the encrypted data set comprises using a deterministic technique.
  - 17. The system of claim 15, wherein the step of separating the encrypted data set comprises using a substantially random technique.
  - 18. The system of claim 15, wherein the method further comprises causing a plurality of data units of the encrypted data set to be rearranged relative to one another after the separating step.
  - 19. The system of claim 15, wherein the step of separating the encrypted data into the plurality of shares comprises causing the plurality of shares to have a substantially randomly distribution of the encrypted data set.
  - 20. The system of claim 15, wherein the separate storage locations are located on at least two separate storage devices.
  - 21. The system of claim 15, wherein encrypting the plurality of shares comprises encrypting each of the plurality of shares with a different key other than the first key, the information required to decrypt the plurality of shares comprises the different keys, and causing the information required to decrypt the plurality of shares to be stored comprises storing each of the different keys with a share other than the share encrypted by the respective different key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Orsini, Rick L., VanZandt, John, O'Hare, Mark S., Davenport, Roger S.
Primary Examiner(s)
Truong, Thanhnga B

Application Number

US13/399,923
Publication Number

US 20120179910A1
Time in Patent Office

298 Days
Field of Search

713/162, 713/167, 713/168, 380/44, 380277-279
US Class Current

713/167
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/41   where a single sign-on prov...

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2115   Third party

G06F 2221/2117   User registration

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G07F 7/1016   Devices or methods for secu...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/68 : Special signature format, e...

H04L 2209/805 : Lightweight hardware, e.g. ...

H04L 63/0428 : wherein the data content is...

H04L 63/0853 : using an additional device,...

H04L 63/10 : for controlling access to d...

H04L 63/105 : Multiple levels of security

H04L 9/0816 : Key establishment, i.e. cry...

H04L 9/085 : Secret sharing or secret sp...

H04L 9/0894 : Escrow, recovery or storing...

H04L 9/3231 : Biological data, e.g. finge...

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

View All

Secure data parser method and system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data parser method and system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links