Encapsulation and decapsulation for data disintegration
First Claim
1. A method for encapsulating data, the method comprising:
- receiving data to encapsulate;
generating a random encryption key;
encrypting the data with the generated encryption key thereby generating encrypted data;
generating a data key corresponding to a decryption key;
splitting the generated data key at one or more levels in a hierarchical computing configuration, into a predetermined number, N, of shares of the data key wherein a predetermined threshold number, M, of shares of the data key is required to reconstruct the data key, where M is less than or equal to N, and each share at each level divisible one or more times into additional shares at the next level;
identifying one or more locations within one or more network configurations to store each share of the data key;
storing each share of the data key at the selected location wherein each location is configured to delete the stored share of the data key after a specified period of time; and
constructing a vanishing data object that comprises the encrypted data and information sufficient to retrieve a threshold number of data key shares.
2 Assignments
0 Petitions
Accused Products
Abstract
A configuration for encapsulating data that is unreadable after a predetermined timeout. To encapsulate data a random data key is generated and split into shares. A threshold number of shares are needed to reconstruct the key. The shares are stored at random locations within one or more networks. Each location is configured to delete the stored data after a predetermined time period. Encapsulated data is created by creating a vanishing data object (VDO) comprising the encrypted data, and data sufficient to locate at least a threshold number of key shares from their stored locations. The VDO becomes inaccessible after enough shares of the data are deleted such that the data key cannot be restored. However, if prior to timeout a sufficient number of data key shares are located and retrieved the data key can be reconstructed. The reconstructed data key is then used to decrypt the original data.
90 Citations
18 Claims
-
1. A method for encapsulating data, the method comprising:
-
receiving data to encapsulate; generating a random encryption key; encrypting the data with the generated encryption key thereby generating encrypted data; generating a data key corresponding to a decryption key; splitting the generated data key at one or more levels in a hierarchical computing configuration, into a predetermined number, N, of shares of the data key wherein a predetermined threshold number, M, of shares of the data key is required to reconstruct the data key, where M is less than or equal to N, and each share at each level divisible one or more times into additional shares at the next level; identifying one or more locations within one or more network configurations to store each share of the data key; storing each share of the data key at the selected location wherein each location is configured to delete the stored share of the data key after a specified period of time; and constructing a vanishing data object that comprises the encrypted data and information sufficient to retrieve a threshold number of data key shares. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer readable medium configured to store instructions, the instructions when executed by a processor cause the processor to:
-
receive data to encapsulate; generate a random encryption key; encrypt the data with the generated encryption key thereby generating encrypted data; generate a data key corresponding to a decryption key; split the generated data key into a predetermined number, N, of shares of the data key wherein a predetermined threshold number, M, of shares of the data key is required to reconstruct the data key, where M is less than or equal to N, each share split at one or more levels in a hierarchical computing configuration, and each share at each level divisible one or more times into additional shares at the next level; identify one or more locations within one or more network configurations to store each share of the data key; store each share of the data key at the selected location wherein each location is configured to delete the stored share of the data key after a specified period of time; and construct a vanishing data object that comprises the encrypted data and information sufficient to retrieve a threshold number of data key shares. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for decapsulating encrypted data, the method comprising:
-
determining a vanishing data object for the encrypted data to decapsulate, the vanishing data object comprising an address information of a data key share needed to decrypt the encrypted data; extracting the address information of the data key share from the vanishing data object; retrieving the data key shares based on the extracted address information; determining whether the number of key shares retrieved is greater than or equal to a threshold number, M, wherein if the number of key shares retrieved is less than the threshold number, M, the data key is unrecoverable; reconstructing the data key if the number of retrieved data key shares is at least equal to the threshold number, M of key shares, the reconstructing the date key further comprising reconstructing the shares of data key at each level, each data key share split at one or more levels in a hierarchical computing configuration, each data key share at each location divisible into additional shares at the next level one or more times; and decrypting the encrypted data. - View Dependent Claims (12, 13, 14)
-
-
15. A non-transitory computer readable medium configured to store instructions for decapsulating encrypted data, the instructions when executed by a processor cause the processor to:
-
determine a vanishing data object for the encrypted data to decapsulate, the vanishing data object comprising an address information of a data key share to decrypt the encrypted data; extract the address information of the data key share from the vanishing data object; retrieve the data key shares based on the extracted address information; determine whether the number of key shares retrieved is greater than or equal to a threshold number, M, wherein if the number of key shares retrieved is less than the threshold number, M, the data key is unrecoverable; reconstruct the data key if the number of retrieved data key shares is at least equal to the threshold number, M of key shares, the reconstructing the data key further comprising reconstructing the shares of data key at each level, each data key share split at one or more levels in a hierarchical computing configuration, each share at each location divisible into additional shares at the next level one or more times; and decrypt the encrypted data. - View Dependent Claims (16, 17, 18)
-
Specification