Systems and methods for cryptographically splitting and storing data
First Claim
Patent Images
1. A method for securing a data set, the method steps implemented by a programmed computer system, the method steps comprising:
- encrypting, using a hardware processor, the data set based on an encryption key to produce an encrypted data set;
creating hash information based on a hash operation using the data set;
generating data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed;
separating the encrypted data set into the plurality of shares based on the data splitting information, wherein each share contains one or more, but not all, of the units of data of the encrypted data set, and wherein at least two of the plurality of shares contain different amounts of the encrypted data set;
including in the plurality of shares data indicative of the encryption key and the hash information; and
causing the plurality of shares to be stored in separate storage locations;
wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares.
4 Assignments
0 Petitions
Accused Products
Abstract
A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.
378 Citations
36 Claims
-
1. A method for securing a data set, the method steps implemented by a programmed computer system, the method steps comprising:
-
encrypting, using a hardware processor, the data set based on an encryption key to produce an encrypted data set; creating hash information based on a hash operation using the data set; generating data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed; separating the encrypted data set into the plurality of shares based on the data splitting information, wherein each share contains one or more, but not all, of the units of data of the encrypted data set, and wherein at least two of the plurality of shares contain different amounts of the encrypted data set; including in the plurality of shares data indicative of the encryption key and the hash information; and causing the plurality of shares to be stored in separate storage locations; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 28, 29, 30)
-
-
10. A non-transitory computer readable medium storing computer executable instructions that, when executed by at least one processor, cause a computer system to carry out a method for securing a data set, the method comprising the steps of:
-
encrypting the data set based on an encryption key to produce an encrypted data set; creating hash information based on a hash operation using the data set; generating data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed; separating the encrypted data set into the plurality of shares based on the data splitting information, wherein each share contains one or more, but not all, of the units of data of the encrypted data set, and wherein at least two of the plurality of shares contain different amounts of the encrypted data set; including in the plurality of shares data indicative of the encryption key and the hash information; and causing the plurality of shares to be stored in separate storage locations; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 31, 32, 33)
-
-
19. A computer system for securing a data set, the system comprising:
-
at least one processor; a non-transitory computer readable medium storing computer executable instructions that, when executed by the at least one processor, cause the computer system to carry out the following steps; encrypting the data set based on an encryption key to produce an encrypted data set; creating hash information based on a hash operation using the data set; generating data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed; separating the encrypted data set into the plurality of shares based on the data splitting information, wherein each share contains one or more, but not all, of the units of data of the encrypted data set, and wherein at least two of the plurality of shares contain different amounts of the encrypted data set; including in the plurality of shares data indicative of the encryption key and the hash information; and causing the plurality of shares to be stored in separate storage locations; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 34, 35, 36)
-
Specification