Systems and methods for distributing and securing data

US 9,774,449 B2
Filed: 07/06/2016
Issued: 09/26/2017
Est. Priority Date: 11/07/2006
Status: Active Grant

First Claim

Patent Images

1. A method for securing a data set from unauthorized use by verifying a share of data of the data set, the method comprising:

receiving, from a storage device, a fragment comprising data to be verified, a decommittal value, and a plurality of committal values, wherein the data to be verified comprises a string of characters;

determining a consensus committal value from the plurality of committal values;

calculating a hash value using the string of characters;

comparing the calculated hash value to the consensus committal value;

in response to determining that the calculated hash value equals the consensus committal value, storing to memory an indication that the data to be verified is a valid share of data;

in response to determining that the calculated hash value does not equal the consensus committal value, storing to the memory an indication that the data to be verified is not a valid share of data; and

securing the data set from unauthorized access or use by allowing recovery of the data set using a predetermined number of shares of data that are verified as valid.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A robust computational secret sharing scheme that provides for the efficient distribution and subsequent recovery of a private data is disclosed. A cryptographic key may be randomly generated and then shared using a secret sharing algorithm to generate a collection of key shares. The private data may be encrypted using the key, resulting in a ciphertext. The ciphertext may then be broken into ciphertext fragments using an Information Dispersal Algorithm. Each key share and a corresponding ciphertext. Fragment are provided as input to a committal method of a probabilistic commitment scheme, resulting in a committal value and a decommittal value. The share for the robust computational secret sharing scheme may be obtained by combining the key share, the ciphertext fragment, the decommittal value, and the vector of committal values.

106 Citations

20 Claims

1. A method for securing a data set from unauthorized use by verifying a share of data of the data set, the method comprising:
- receiving, from a storage device, a fragment comprising data to be verified, a decommittal value, and a plurality of committal values, wherein the data to be verified comprises a string of characters;
  
  determining a consensus committal value from the plurality of committal values;
  
  calculating a hash value using the string of characters;
  
  comparing the calculated hash value to the consensus committal value;
  
  in response to determining that the calculated hash value equals the consensus committal value, storing to memory an indication that the data to be verified is a valid share of data;
  
  in response to determining that the calculated hash value does not equal the consensus committal value, storing to the memory an indication that the data to be verified is not a valid share of data; and
  
  securing the data set from unauthorized access or use by allowing recovery of the data set using a predetermined number of shares of data that are verified as valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein determining the consensus committal value comprises identifying a most frequently occurring committal value of the plurality of committal values.
  - 3. The method of claim 1, wherein determining the consensus committal value comprises:
    - receiving an identification of a verified share of data;
      
      identifying a committal value associated with the verified share of data; and
      
      assigning the committal value associated with the verified share of data as the consensus committal value.
  - 4. The method of claim 1, wherein determining the consensus committal value comprises identifying a share number associated with the data to be verified and identifying a committal value of the plurality of committal values associated with the share number as the consensus committal value.
  - 5. The method of claim 4, wherein the plurality of committal values comprises an array of committal values associated with index values, and wherein identifying the committal value of the plurality of committal values associated with the share number comprises identifying a committal value associated with an index value equal to the share number.
  - 6. The method of claim 1, wherein a plurality of shares of data are calculated from the data set using a computational secret sharing scheme such that the data set is recoverable from a minimum number less than all of the plurality of shares of data, and wherein the plurality of shares of data includes the valid share of data.
  - 7. The method of claim 1, wherein the data to be verified is a first data to be verified and further comprising receiving a second data to be verified.
  - 8. The method of claim 7, further comprising receiving the first data to be verified and the second data to be verified over a plurality of communication channels.
  - 9. The method of claim 8, wherein each of the first data to be verified and the second data to be verified is received over different communication channels.
  - 10. The method of claim 1, wherein the string of characters comprises a key portion and a ciphertext portion.

11. A system for securing a data set from unauthorized use by verifying a share of data of the data set, comprising:
- a hardware processor configured to;
  
  receive, from a storage device, a fragment comprising data to be verified, a decommittal value, and a plurality of committal values, wherein the data to be verified comprises a string of characters;
  
  determine a consensus committal value from the plurality of committal values;
  
  calculating a hash value using the string of characters;
  
  comparing the calculated hash value to the consensus committal value;
  
  in response to determining that the calculated hash value equals the consensus committal value, store to memory an indication that the data to be verified is a valid share of data;
  
  in response to determining that the calculated hash value does not equal the consensus committal value, store to the memory an indication that the data to be verified is not a valid share of data; and
  
  secure the data set from unauthorized access or use by allowing recovery of the data set using a predetermined number of shares of data that are verified as valid.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the hardware processor is configured to determine a consensus committal value by identifying a most frequently occurring committal value of the plurality of committal values.
  - 13. The system of claim 11, wherein the hardware processor is configured to determine a consensus committal value by:
    - receiving an identification of a verified share of data;
      
      identifying a committal value associated with the verified share of data; and
      
      assigning the committal value associated with the verified share of data as the consensus committal value.
  - 14. The system of claim 11, wherein the hardware processor is configured to determine a consensus committal value by identifying a share number associated with the data to be verified and identifying a committal value of the plurality of committal values associated with the share number as the consensus committal value.
  - 15. The system of claim 14, wherein the plurality of committal values received by the hardware processor comprises an array of committal values associated with index values, and wherein the hardware processor is configured to identify the committal value of the plurality of committal values associated with the share number by identifying a committal value associated with an index value equal to the share number.
  - 16. The system of claim 11, wherein a plurality of shares of data are calculated from the data set using a computational secret sharing scheme such that the data set is recoverable from a minimum number less than all of the plurality of shares of data, and wherein the plurality of shares of data includes the valid share of data.
  - 17. The system of claim 11, wherein the data to be verified received by the hardware processor is a first data to be verified and the hardware processor is further configured to receive a second data to be verified.
  - 18. The system of claim 17, wherein the hardware processor is configured to receive the first data to be verified and the second data to be verified over a plurality of communication channels.
  - 19. The system of claim 18, wherein the hardware processor is configured to receive each of the first data to be verified and the second data to be verified over different communication channels.
  - 20. The system of claim 11, wherein the string of characters comprises a key portion and a ciphertext portion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Bellare, Mihir, Rogaway, Phillip
Primary Examiner(s)
Cribbs, Malcolm

Application Number

US15/202,856
Publication Number

US 20170005796A1
Time in Patent Office

447 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/321   involving a third party or ...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3231   Biological data, e.g. finge...

Systems and methods for distributing and securing data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for distributing and securing data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links