Secure data parser method and system

US 8,904,194 B2
Filed: 05/10/2012
Issued: 12/02/2014
Est. Priority Date: 10/25/2004
Status: Active Grant

First Claim

Patent Images

1. A method for securely storing and retrieving data, the method comprising:

generating, using an electronic computing system that includes processing circuitry, a plurality of shares by performing a cryptographic operation on a data set and distributing the data set in the plurality of shares such that the data set can be reconstructed using any subset of the shares that includes at least a minimum number less than all of shares;

storing the plurality of shares at a plurality of storage devices;

receiving, at the electronic computing system, request to retrieve the data set;

identifying from the plurality of storage devices a set of fastest-responding storage devices necessary to retrieve the minimum number of shares, wherein the set of fastest-responding storage devices are identified based at least in part on the response time of the storage devices;

retrieving from the set of fastest-responding storage devices, the minimum number of shares;

reconstructing the data set using the minimum number of shares; and

sending the data set responsive to the request.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.

Citations

20 Claims

1. A method for securely storing and retrieving data, the method comprising:
- generating, using an electronic computing system that includes processing circuitry, a plurality of shares by performing a cryptographic operation on a data set and distributing the data set in the plurality of shares such that the data set can be reconstructed using any subset of the shares that includes at least a minimum number less than all of shares;
  
  storing the plurality of shares at a plurality of storage devices;
  
  receiving, at the electronic computing system, request to retrieve the data set;
  
  identifying from the plurality of storage devices a set of fastest-responding storage devices necessary to retrieve the minimum number of shares, wherein the set of fastest-responding storage devices are identified based at least in part on the response time of the storage devices;
  
  retrieving from the set of fastest-responding storage devices, the minimum number of shares;
  
  reconstructing the data set using the minimum number of shares; and
  
  sending the data set responsive to the request.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein storing the shares comprises:
    - storing a first subset of the shares at a first subset of the plurality of storage devices that is physically located at a first data center; and
      
      storing a second subset of the shares at a second subset of the plurality of storage devices that is physically located at a second data center, the first data center being geographically separated from the second data center.
  - 3. The method of claim 1, further comprising establishing secure connections between the electronic computing system and the plurality of storage devices.
  - 4. The method of claim 1, wherein the plurality of data blocks shares contain a substantially random distribution of the data set.
  - 5. The method of claim 1, wherein the data set can be reconstructed from shares received from at least two storage devices.
  - 6. The method of claim 1, wherein the shares are encrypted with a corresponding number of different keys.

7. An electronic computing system for securely storing and retrieving data, the electronic computing system comprising:
- a processing unit; and
  
  a system memory comprising instructions that, when executed by the processing unit, cause the processing unit to;
  
  generate a plurality of shares by performing a cryptographic operation on a data set and distributing the data set in the plurality of shares such that the data set can be reconstructed using any subset of the shares that includes at least a minimum number less than all of the shares and such that the data set cannot be reconstructed using any subset of the shares that includes fewer than the minimum number of the shares;
  
  store the plurality of shares at a plurality of storage devices;
  
  receive, via the primary interface, a request to retrieve the data set;
  
  identify, from the plurality of storage devices, a set of fastest-responding storage devices necessary to retrieve the minimum number of shares, wherein the set of fastest-responding storage devices are identified based at least in part on the response time of the storage devices,retrieve from the set of fastest-responding storage devices the minimum number of shares;
  
  reconstruct the data set using exclusively the minimum number of shares; and
  
  send the data set responsive to the request.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The electronic computing system of claim 7, wherein the instructions cause the processing unit to store a first subset of the shares at a first subset of the plurality of storage devices that is physically located at a first data center and to store a second subset of the shares at a second subset of the plurality of storage devices that is physically located at a second data center, the first data center being geographically separated from the second data center.
  - 9. The electronic computing system of claim 7, wherein the instructions further cause the processing unit to generate the plurality of shares in response to receiving a request to store the data set.
  - 10. The electronic computing system of claim 7, wherein the instructions further cause the processing unit to establish secure connections between the electronic computing system and the plurality of storage devices.
  - 11. The electronic computing system of claim 7, wherein the plurality of shares contain a substantially random distribution of the data set.
  - 12. The electronic computing system of claim 7, wherein the data set can be reconstructed from shares received from at least two storage devices.
  - 13. The electronic computing system of claim 7, wherein the shares are encrypted with a corresponding number of different keys.

14. A non-transitory computer-readable storage medium comprising instructions that, when executed at an electronic computing device, cause the electronic computing device to:
- receive a request to write a data set to a storage location;
  
  generate a plurality of shares by performing a cryptographic operation on the data set and distributing the data set in the plurality of shares such that the data set can be reconstructed using any subset of the shares that includes at least a minimum number less than all of the shares and such that the data set cannot be reconstructed using any subset of the shares that includes fewer than the minimum number of the shares;
  
  store the plurality of shares at a plurality of storage devices;
  
  receive a request to retrieve the data set;
  
  identify, from the plurality of storage devices, a set of fastest-responding storage devices necessary to retrieve the minimum number of shares, wherein the set of fastest-responding storage devices are identified based at least in part on the response time of the storage devices;
  
  retrieve from the set of fastest-responding storage devices, the minimum number of shares;
  
  reconstruct the data set using exclusively the minimum number of shares; and
  
  send the data set responsive to the request.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein the instructions cause the processing unit to store a first subset of the shares at a first subset of the plurality of storage devices that is physically located at a first data center and to store a second subset of the shares at a second subset of the plurality of storage devices that is physically located at a second data center, the first data center being geographically separated from the second data center.
  - 16. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further cause the processing unit to generate the plurality of shares in response to receiving the request to write the data set to the storage location.
  - 17. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further cause the processing unit to establish secure connections between the electronic computing device and the plurality of storage devices.
  - 18. The non-transitory computer-readable storage medium of claim 14, wherein the plurality of shares contain a substantially random distribution of the data set.
  - 19. The non-transitory computer-readable storage medium of claim 14, wherein the data set can be reconstructed from shares received from at least two storage devices.
  - 20. The non-transitory computer-readable storage medium of claim 14, wherein the shares are encrypted with a corresponding number of different keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Orsini, Rick L., O'Hare, Mark S., Davenport, Roger S., Winick, Steven
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US13/468,562
Publication Number

US 20120221855A1
Time in Patent Office

936 Days
Field of Search

713/153, 713/167, 713/168, 713/156, 713/186, 713/193, 380/28, 380/277, 380/33, 380/268, 380/270, 380/247, 380/286, 726/28, 726 5- 7
US Class Current

713/193
CPC Class Codes

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 16/22   Indexing; Data structures t...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

H04L 2209/80   Wireless

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 67/108   characterised by resources ...

H04L 69/14   Multichannel or multilink p...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

Secure data parser method and system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data parser method and system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links