Systems and methods for securing data using multi-factor or keyed dispersal
First Claim
1. A method for securing a data set, the method comprising:
- receiving, using a processor that includes processing circuitry, two or more encrypted data set shares, wherein the encrypted data set shares correspond to a data set and are secured using a session key, each encrypted data set share being based on less than all of the units of data of the data set;
generating at least two session key shares from the session key used to secured the data set shares, wherein each session key share is based on less than all of the units of data of the session key;
forming two or more user shares by interleaving the at least two session key shares into at least two encrypted data set shares, wherein the interleaving comprises causing each of the at least two session key shares to be distributed into a different one of the at least two encrypted data set shares; and
providing the two or more user shares for storage, whereby the data set is restorable from a minimum number of the two or more user shares.
4 Assignments
0 Petitions
Accused Products
Abstract
A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. A keyed information dispersal algorithm (keyed IDA) may also be used. The key for the keyed IDA may additionally be protected by an external workgroup key, resulting in a multi-factor secret sharing scheme.
-
Citations
33 Claims
-
1. A method for securing a data set, the method comprising:
-
receiving, using a processor that includes processing circuitry, two or more encrypted data set shares, wherein the encrypted data set shares correspond to a data set and are secured using a session key, each encrypted data set share being based on less than all of the units of data of the data set; generating at least two session key shares from the session key used to secured the data set shares, wherein each session key share is based on less than all of the units of data of the session key; forming two or more user shares by interleaving the at least two session key shares into at least two encrypted data set shares, wherein the interleaving comprises causing each of the at least two session key shares to be distributed into a different one of the at least two encrypted data set shares; and
providing the two or more user shares for storage, whereby the data set is restorable from a minimum number of the two or more user shares. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for securing a data set, the apparatus comprising a physical processor configured to:
-
receive two or more encrypted data set shares, wherein the encrypted data set shares correspond to a data set and are secured using a session key, each encrypted data set share being based on less than all of the data units of the data set; generate at least two session key shares from the session key used to secured the data set shares, wherein each session key share is based on less than all of the data units of the session key; form two or more user shares by interleaving the at least two session key shares into at least two encrypted data set shares, wherein the interleaving comprises causing each of the at least two session key shares to be distributed into a different one of the at least two encrypted data set shares; and
provide the two or more user shares for non-transitory storage, whereby the data set is restorable from a minimum number of the two or more user shares. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A machine-readable non-transitory medium comprising machine program logic recorded thereon which, when executed by a processor, causes a computing system to carry out the steps of:
-
receiving, using a processor that includes processing circuitry, two or more encrypted data set shares, wherein the encrypted data set shares correspond to a data set and are secured using a session key, each encrypted data set share being based on less than all of the units of data of the data set; generating at least two session key shares from the session key used to secured the data set shares, wherein each session key share is based on less than all of the units of data of the session key;
forming two or more user shares by interleaving the at least two session key shares into at least two encrypted data set shares, wherein the interleaving comprises causing each of the at least two session key shares to be distributed into a different one of the at least two encrypted data set shares; and
providing the two or more user shares for storage, whereby the data set is restorable from a minimum number of the two or more user shares.
-
Specification