Secure data parser method and system

US 9,047,475 B2
Filed: 05/10/2012
Issued: 06/02/2015
Est. Priority Date: 10/25/2004
Status: Active Grant

First Claim

Patent Images

1. A method of presenting data in a secure data storage network, the method comprising:

defining a plurality of user groups capable of accessing data stored in a secure data storage network, each user group including a plurality of users desiring access to a common set of data, and each user group having a set of security rights;

associating each of the plurality of user groups with a different workgroup key; and

upon determining that a client device is associated with a user from a user group, presenting, using a hardware processor, a virtual disk to the client device in accordance with the set of security rights, wherein;

the common set of data is secured using the workgroup key associated with the user group;

the virtual disk comprises a directory mapped to a plurality of physical storage devices such that physical locations of a plurality of shares are hidden from the client device, andeach of the plurality of shares comprises data units from the common set of data that have been shuffled.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.

331 Citations

22 Claims

1. A method of presenting data in a secure data storage network, the method comprising:
- defining a plurality of user groups capable of accessing data stored in a secure data storage network, each user group including a plurality of users desiring access to a common set of data, and each user group having a set of security rights;
  
  associating each of the plurality of user groups with a different workgroup key; and
  
  upon determining that a client device is associated with a user from a user group, presenting, using a hardware processor, a virtual disk to the client device in accordance with the set of security rights, wherein;
  
  the common set of data is secured using the workgroup key associated with the user group;
  
  the virtual disk comprises a directory mapped to a plurality of physical storage devices such that physical locations of a plurality of shares are hidden from the client device, andeach of the plurality of shares comprises data units from the common set of data that have been shuffled.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 20)
- - 2. The method of claim 1, wherein each of the users within one of the plurality of user groups has a common set of security rights.
  - 3. The method of claim 1, wherein presenting the virtual disk to the client device is performed by a secure storage system connected to the client device.
  - 4. The method of claim 1, wherein the workgroup key is managed at a key server remote from the secure storage system.
  - 5. The method of claim 1, wherein the plurality of user groups are members of a plurality of security groups, each security group defining security rights common among the user groups that are members of the security group.
  - 6. The method claim 1, further comprising:
    - generating the plurality of shares by performing a cryptographic operation on data stored on the virtual disk and distributing the data in the shares; and
      
      storing the plurality of shares on the plurality of physical storage devices.
  - 7. The method of claim 1, wherein each of the plurality of user groups has a different set of security rights.
  - 20. The method of claim 1, wherein the plurality of shares contain a substantially random distribution of the common set of data.

8. A secure data storage network comprising:
- a plurality of storage systems arranged to manage a plurality of physical storage devices; and
  
  a secure storage system connected to the plurality of storage systems, the secure storage system configured to;
  
  determine that a user of a client device is associated with a user group from a plurality of user groups capable of accessing data stored in the secure data storage network, each user group including a plurality of users desiring access to a common set of data, and each user group having a set of security rights; and
  
  upon determining that the user is associated with the user group, presenting a virtual disk to the client device in accordance with the set of security rights, wherein;
  
  the common set of data is secured using a workgroup key associated with the user group;
  
  the virtual disk comprises a directory mapped to the plurality of physical storage devices such that physical locations of the plurality of shares are hidden from the client device, andeach of the plurality of shares comprises data units from the common set of data that have been shuffled.
- View Dependent Claims (9, 10, 11, 12, 13, 21)
- - 9. The secure data storage network of claim 8, further comprising a key server communicatively connected to the secure storage system, the key server configured to associate each of the plurality of user groups with a different workgroup key.
  - 10. The secure data storage network of claim 8, wherein the secure storage system is further configured to associate each of the plurality of user groups with a different workgroup key.
  - 11. The secure data storage network of claim 8, wherein the secure storage system is further configured to:
    - generate the plurality of shares by performing a cryptographic operation on data stored on the virtual disk and distributing the data in the shares; and
      
      store the plurality of shares on the plurality of physical storage devices.
  - 12. The secure data storage network of claim 8, wherein each of the plurality of user groups has a different set of security rights.
  - 13. The secure data storage network of claim 12, wherein each of the users within one of the plurality of user groups has a common set of security rights.
  - 21. The secure data storage network of claim 8, wherein the plurality of shares contain a substantially random distribution of the common set of data.

14. A secure storage system comprising a programmable circuit configured to:
- determine that a user of a client device is associated with a user group from a plurality of user groups capable of accessing data stored in the secure data storage network, each user group including a plurality of users desiring access to a common set of data, and each user group having a set of security rights; and
  
  upon determining that the user is associated with the user group, presenting a virtual disk to the client device in accordance with the set of security rights, wherein;
  
  the common set of data is secured using a workgroup key associated with the user group;
  
  the virtual disk comprises a directory mapped to a plurality of physical storage devices such that physical locations of a plurality of shares are hidden from the client device, andeach of the plurality of shares comprises data units from the common set of data that have been shuffled.
- View Dependent Claims (15, 16, 17, 18, 19, 22)
- - 15. The secure storage system of claim 14, wherein the programmable circuit is further configured to:
    - generate the plurality of shares by performing a cryptographic operation on data stored on the virtual disk and distributing the data in the shares; and
      
      store the plurality of shares on the plurality of physical storage devices.
  - 16. The secure storage system of claim 14, wherein each of the plurality of user groups has a different set of security rights.
  - 17. The secure data storage system of claim 14, wherein each of the users within one of the plurality of user groups has a common set of security rights.
  - 18. The secure data storage system of claim 14, further comprising a key server communicatively connected to the secure storage system, the key server configured to associate each of the plurality of user groups with a different workgroup key.
  - 19. The secure data storage system of claim 14, wherein the secure storage system is further configured to associate each of the plurality of user groups with a different workgroup key.
  - 22. The secure storage system of claim 14, wherein the plurality of shares contain a substantially random distribution of the common set of data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Orsini, Rick L., O'Hare, Mark S., Davenport, Roger, Winick, Steven
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US13/468,450
Publication Number

US 20120255034A1
Time in Patent Office

1,118 Days
Field of Search

726/28, 726 5- 7, 713/167, 713/193, 380/28, 380277-278
US Class Current

1/1
CPC Class Codes

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 16/22   Indexing; Data structures t...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

H04L 2209/80   Wireless network architectu...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 67/108   characterised by resources ...

H04L 69/14   Multichannel or multilink p...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

Secure data parser method and system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

331 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Secure data parser method and system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

331 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others