Systems and methods for securing data in motion
First Claim
1. A method for computing at least one shared encryption key, the method comprising:
- generating original secret information;
obtaining public keys from unique certificate authorities;
dispersing the secret information into shares;
encrypting each one of the shares based on, at least in part, the public key of a different one of the unique certificate authorities, wherein the shares are restorable from at least a subset of the shares by recombining at least a threshold number of the shares, wherein the threshold number of shares includes fewer than all of the shares;
computing a first shared encryption key based on a set of substantially random numbers and the original secret information;
recombining the at least a threshold number of the shares; and
computing a second shared encryption key based on the set of substantially random numbers and the recombined shares.
4 Assignments
0 Petitions
Accused Products
Abstract
Two approaches are provided for distributing trust among a set of certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which the secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.
-
Citations
14 Claims
-
1. A method for computing at least one shared encryption key, the method comprising:
-
generating original secret information; obtaining public keys from unique certificate authorities; dispersing the secret information into shares; encrypting each one of the shares based on, at least in part, the public key of a different one of the unique certificate authorities, wherein the shares are restorable from at least a subset of the shares by recombining at least a threshold number of the shares, wherein the threshold number of shares includes fewer than all of the shares; computing a first shared encryption key based on a set of substantially random numbers and the original secret information; recombining the at least a threshold number of the shares; and computing a second shared encryption key based on the set of substantially random numbers and the recombined shares. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for computing at least one shared encryption key, the system comprising:
-
first processing circuitry configured to; generate original secret information; obtain public keys from unique certificate authorities; disperse the secret information into shares; compute a first shared encryption key based on a set of substantially random numbers and the original secret information; and encrypt each one of the shares based on the public key of a different one of the unique certificate authorities, wherein the shares are restorable from at least a subset of the shares by recombining at least a threshold number of the shares, wherein the threshold number of shares includes fewer than all of the shares; and second processing circuitry configured to; recombine the at least a threshold of the shares; and compute a second shared encryption key based on the set of substantially random numbers and the recombined shares. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
Specification