Method for keyless protection of data using a local array of disks

US 8,484,263 B2
Filed: 02/27/2009
Issued: 07/09/2013
Est. Priority Date: 08/17/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for securing data in a network using a data splitter device, the data including a data message, the data message having a first bit length, the method comprising:

generating a random number using the data splitter device;

creating a hash value using the random number and the data message, the hash value having a bit length less than the first bit length;

passing the hash value through a pseudo random number generator to create, using the data splitter device, a first pseudo random number based at least in part on the random number and the first bit length of the data message, the first pseudo random number having a bit length equal to the first bit length;

mixing, using the data splitter device, the first pseudo random number with the data message to create an encrypted message;

transforming, using the data splitter device, the encrypted message into a second pseudo random number;

mixing, using the data splitter device, the second pseudo random number with the random number to produce a key;

placing, using the data splitter device, the encrypted message side-by-side with the key to produce an output message;

dispersing the output message to a plurality of fragments; and

storing the plurality of fragments in a plurality of data storage devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method secures data in a network. The data includes a data message that has a first bit length. A random number is generated and transformed to create a first pseudo random number. The first pseudo random number is mixed with the data message to create an encrypted message. The encrypted message is transformed into a second pseudo random number. The second pseudo random number is mixed with the random number to produce a key. The encrypted message is placed side-by-side with the key to produce an output message. The output message is dispersed into a plurality of fragments. The plurality of fragments is stored in a plurality of data storage devices.

Citations

16 Claims

1. A method for securing data in a network using a data splitter device, the data including a data message, the data message having a first bit length, the method comprising:
- generating a random number using the data splitter device;
  
  creating a hash value using the random number and the data message, the hash value having a bit length less than the first bit length;
  
  passing the hash value through a pseudo random number generator to create, using the data splitter device, a first pseudo random number based at least in part on the random number and the first bit length of the data message, the first pseudo random number having a bit length equal to the first bit length;
  
  mixing, using the data splitter device, the first pseudo random number with the data message to create an encrypted message;
  
  transforming, using the data splitter device, the encrypted message into a second pseudo random number;
  
  mixing, using the data splitter device, the second pseudo random number with the random number to produce a key;
  
  placing, using the data splitter device, the encrypted message side-by-side with the key to produce an output message;
  
  dispersing the output message to a plurality of fragments; and
  
  storing the plurality of fragments in a plurality of data storage devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein dispersing the output message comprises:
    - dividing the output message into a plurality of data segments, the plurality of data segments having a total amount of data segments equal to k; and
      
      dispersing the plurality of data segments into a plurality of fragments, each fragment containing 1/k of the output message such that any k fragments of the plurality of fragments can be used to recreate the encrypted message in its entirety.
  - 3. The method of claim 2, wherein the dispersing the plurality of data segments is performed using one of a polynomial evaluation and a vector construction.
  - 4. The method of claim 2, wherein k is less than a total amount of the plurality of fragments.
  - 5. The method of claim 2, wherein a threshold number of fragments are needed to decrypt any portion of the data message.
  - 6. The method of claim 5, wherein none of the data message is decipherable from less than the threshold number of fragments and the entire data message is decipherable from at least the threshold number of fragments.
  - 7. The method of claim 5, wherein the threshold number of fragments is equal to k.
  - 8. The method of claim 1, wherein the at least one random number has a bit length less than or equal to the first length.
  - 9. The method of claim 1, further comprising:
    - transporting at least a first portion of the plurality of fragments along a first communication path of the network; and
      
      transporting at least a second portion of the plurality of fragments along a second communication path of the network.
  - 10. The method of claim 1, wherein the plurality of data storage devices have different locations.

11. A method for securing data in a network using a data splitter device, the data including a data message, the method comprising:
- generating, using the data splitter device, at least one random number, the at least one random number having a first bit length equal to a bit length of the data message;
  
  creating a hash value using the random number and the data message, the hash value having a bit length less than the first bit length;
  
  passing the hash value through a pseudo random number generator to create, using the data splitter device, a first pseudo random number based at least in part on the random number and the first bit length of the data message, the first pseudo random number having a bit length equal to the first bit length;
  
  mixing, using the data splitter device, the first pseudo random number with the data message to create an encrypted message;
  
  transforming, using the data splitter device, the encrypted message into a second pseudo random number;
  
  mixing, using the data splitter device, the second pseudo random number with the random number to produce a key;
  
  placing, using the data splitter device, the encrypted message side-by-side with the key to produce an output message;
  
  dividing the output message to a plurality of data segments using the data splitter device, the plurality of data segments having a total amount of data segments equal to k, each data segment having a bit length equal to the first bit length of the generated at least one random number;
  
  dispersing the plurality of data segments and the at least on random number into a plurality of fragments, each containing 1/k of the encrypted message such that any k fragments of the plurality of fragments can be used to recreate the encrypted message in its entirety; and
  
  storing the plurality of data segments in a plurality of data storage devices.
- View Dependent Claims (12)
- - 12. The method of claim 11, wherein k is less than a total amount of the plurality of fragments.

13. A data security system for securing a data message, the data security system comprising:
- a pseudo random number generator;
  
  a data splitter device including;
  
  a data encryptor configured to;
  
  generate a random number;
  
  create a hash value using the random number and the data message, the hash value having a bit length less than a first bit length of the data message;
  
  pass the hashed value through the pseudo random number generated to create a first pseudo random number based at least in part on the random number and the first bit length of the data message, the first pseudo random number having a bit length equal to the first bit length;
  
  mix the first pseudo random number with the data message to create an encrypted message;
  
  transform the encrypted message into a second pseudo random number;
  
  mix the second pseudo random number with the random number to produce a key; and
  
  place the encrypted message side-by-side with the key to produce an output message; and
  
  an information disperser communicatively coupled to the data encryptor, the information disperser operating to disperse the output message to a plurality of fragments; and
  
  a plurality of data storage devices communicatively coupled to the information disperser, the plurality of data storage devices configured to store the plurality of fragments.
- View Dependent Claims (14, 15, 16)
- - 14. The data security system of claim 13, wherein the data security system further comprising a pseudo random number generator, the data encryptor transforms the random number by passing the random number through the pseudo random number generator.
  - 15. The data security system of claim 13, wherein the information disperser disperses the output message by:
    - dividing the output message into a plurality of data segments, the plurality of data segments having a total amount of data segments equal to k; and
      
      dispersing the plurality of data segments into a plurality of fragments, each fragment containing 1/k of the output message such that any k fragments of the plurality of fragments can be used to recreate the encrypted message in its entirety.
  - 16. The data security system of claim 13, further comprising:
    - a first communication path communicatively coupled to the information disperser and a first portion of the plurality of storage devices, the first communication path transporting at least a first portion of the fragments to the first portion of the plurality of storage devices; and
      
      a second communication path communicatively coupled to the information disperser and a second portion of the plurality of storage devices, the second communication path transporting at least a second portion of the fragments to the second portion of the plurality of storage devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of Miami
Original Assignee
University of Miami
Inventors
Rosenberg, Burton J.
Primary Examiner(s)
Do, Chat
Assistant Examiner(s)
Hughes, Kevin G

Application Number

US12/394,184
Publication Number

US 20090161870A1
Time in Patent Office

1,593 Days
Field of Search

708/200, 708/250, 713/153
US Class Current

708/200
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2107 File encryption

Method for keyless protection of data using a local array of disks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method for keyless protection of data using a local array of disks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links