Secure data parser method and system
First Claim
Patent Images
1. A method for securely storing and retrieving data, the method comprising:
- receiving, using an electronic computing system, a write request that specifies primary data to be stored;
generating, using the electronic computing system, a plurality of secondary data units by distributing the primary data in the plurality of secondary data units based on performing a cryptographic operation on the primary data, such that the primary data can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than a total number of the secondary data units;
encrypting each of the secondary data units with a respective encryption key;
storing each of the secondary data units together with the respective encryption key used to encrypt the secondary data unit;
causing the secondary data units to be stored on different storage devices; and
storing separately from the secondary data units one or more keys used to secure the primary data.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.
-
Citations
22 Claims
-
1. A method for securely storing and retrieving data, the method comprising:
-
receiving, using an electronic computing system, a write request that specifies primary data to be stored; generating, using the electronic computing system, a plurality of secondary data units by distributing the primary data in the plurality of secondary data units based on performing a cryptographic operation on the primary data, such that the primary data can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than a total number of the secondary data units; encrypting each of the secondary data units with a respective encryption key; storing each of the secondary data units together with the respective encryption key used to encrypt the secondary data unit; causing the secondary data units to be stored on different storage devices; and storing separately from the secondary data units one or more keys used to secure the primary data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An electronic computing device for securely storing and retrieving data, the electronic computing device comprising:
a programmed hardware processor configured to; receive a primary write request that specifies primary data to be stored; cause the electronic computing device to generate a plurality of secondary data units by distributing the primary data in the plurality of secondary data units based on performing a cryptographic operation on the primary data, such that the primary data can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than a total number of the secondary data units; encrypt each of the secondary data units with a respective encryption key; store each of the secondary data units together with the respective encryption key used to encrypt the secondary data unit; and send secondary write requests to a plurality of storage devices, wherein the secondary write requests cause the secondary data units to be stored on different storage devices and cause the plurality of storage devices to store separately from the secondary data units one or more keys used to secure the primary data. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
16. A non-transitory computer-readable storage medium comprising instructions that, when executed by an electronic computing device, cause the electronic computing device to:
-
receive a primary write request from a client computing device via an electronic communications network, the primary write request specifying primary data to be stored; generate a plurality of secondary data units by distributing the primary data in the plurality of secondary data units based on performing a cryptographic operation on the primary data, such that the primary data can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than a total number of the secondary data units; encrypt each of the secondary data units with a respective encryption key; store each of the secondary data units together with the respective encryption key used to encrypt the secondary data unit; send secondary write requests to different storage devices, wherein the secondary write requests cause the secondary data units to be stored on the different storage devices, and wherein each of the storage devices store fewer than the minimum number of secondary data units; and send secondary write requests to the different storage devices to store separately from the secondary data units one or more keys used to secure the primary data. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification