Secure data parser method and system

US 9,906,500 B2
Filed: 05/12/2015
Issued: 02/27/2018
Est. Priority Date: 10/25/2004
Status: Active Grant

First Claim

Patent Images

1. A method performed by a programmed computer system for securing a data set in a computer network, the method comprising:

a. producing, using a hardware processor, a plurality of data shares, each of the plurality of data shares comprising data encrypted using an encryption key, wherein each data share comprises at least some but less than all of the data set, wherein producing each data share comprises rearranging the at least some but less than all of the data set from an original order;

b. assigning the data shares to a plurality of available data share receiving locations within the computer network;

c. communicating a first share of the plurality of data shares to its respective assigned receiving location over a first communication path, comprising a first type of communication link;

d. communicating a second share of the plurality of data shares to its respective assigned receiving location over a second communication path, separate from the first communication path and comprising a second type of communication link different from the first type of communication link;

e. storing the data shares in the assigned receiving locations; and

f. storing information usable to reconstruct the data set in a different location than the assigned receiving locations.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

436 Citations

33 Claims

1. A method performed by a programmed computer system for securing a data set in a computer network, the method comprising:
- a. producing, using a hardware processor, a plurality of data shares, each of the plurality of data shares comprising data encrypted using an encryption key, wherein each data share comprises at least some but less than all of the data set, wherein producing each data share comprises rearranging the at least some but less than all of the data set from an original order;
  
  b. assigning the data shares to a plurality of available data share receiving locations within the computer network;
  
  c. communicating a first share of the plurality of data shares to its respective assigned receiving location over a first communication path, comprising a first type of communication link;
  
  d. communicating a second share of the plurality of data shares to its respective assigned receiving location over a second communication path, separate from the first communication path and comprising a second type of communication link different from the first type of communication link;
  
  e. storing the data shares in the assigned receiving locations; and
  
  f. storing information usable to reconstruct the data set in a different location than the assigned receiving locations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein assigning the data shares to the plurality of available data share receiving locations comprises substantially randomly assigning the data shares to the plurality of available data share receiving locations.
  - 3. The method of claim 2, wherein substantially randomly assigning the data shares comprises randomly selecting, for each of the data shares, an IP address of a respective data share receiving location.
  - 4. The method of claim 1, further comprising encrypting the data set to generate an encrypted data set, wherein the at least some of the data set of each data share comprises at least some of the encrypted data set.
  - 5. The method of claim 1, further comprising encrypting the data shares.
  - 6. The method of claim 1, wherein the computer network comprises an Internet network and the plurality of data share receiving locations comprise a plurality of data storage devices at geographically dispersed locations.
  - 7. The method of claim 2, wherein the substantially randomly assigning is performed by a client computer system coupled to the computer network, and wherein the method further comprises communicating the plurality of data shares from the client computer system to respective assigned receiving locations of the computer network.
  - 8. The method of claim 1, wherein the communicating comprises separately transmitting at least two data shares to their respective assigned receiving locations, and wherein the storing comprises storing the at least two data shares on respective different data storage devices at geographically separated and independent data storage locations.
  - 9. The method of claim 1, wherein the information usable to reconstruct the data set comprises one or more of:
    - an encryption key, a workgroup key, and a splitting key.
  - 10. The method of claim 1, wherein the information usable to reconstruct the data set comprises information usable to secure the data set.
  - 11. The method of claim 1, wherein the first and second communication paths comprise at least two of an Internet path, an intranet path, a LAN path, a WiFi path, and a Bluetooth path.

12. A system performed by a programmed computer system for securing a data set in a computer network, the system comprising:
- one or more hardware processors configured to;
  
  a. produce a plurality of data shares, each of the plurality of data shares comprising data encrypted using an encryption key, wherein each data share comprises at least some but less than all of the data set, wherein producing each data share comprises rearranging the at least some but less than all of the data set from an original order;
  
  b. assign the data shares to a plurality of available data share receiving locations within the computer network;
  
  c. communicate a first share of the plurality of data shares to its respective assigned receiving location over a first communication path, comprising a first type of communication link;
  
  d. communicate a second share of the plurality of data shares to its respective assigned receiving location over a second communication path, separate from the first communication path and comprising a second type of communication link different from the first type of communication link;
  
  e. store the data shares in the assigned receiving locations; and
  
  f. store information usable to reconstruct the data set in a different location than the assigned receiving locations.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12, wherein the one or more hardware processors are configured to assign the data shares to the plurality of available data share receiving locations by substantially randomly assigning the data shares to the plurality of available data share receiving locations.
  - 14. The system of claim 13, wherein the one or more hardware processors are configured to substantially randomly assign the data shares by randomly selecting, for each of the data shares, an IP address of a respective data share receiving location.
  - 15. The system of claim 12, wherein the one or more hardware processors are further configured to encrypt the data set to generate an encrypted data set, wherein the at least some of the data set of each data share comprises at least some of the encrypted data set.
  - 16. The system of claim 12, wherein the one or more hardware processors are further configured to encrypt the data shares.
  - 17. The system of claim 12, wherein the computer network comprises an Internet network and the plurality of data share receiving locations comprise a plurality of data storage devices at geographically dispersed locations.
  - 18. The system of claim 12, wherein the system comprises a client computer system, and wherein the one or more hardware processors are further configured to communicate the plurality of data shares from the client computer system to respective assigned receiving locations of the computer network.
  - 19. The system of claim 18, wherein the one or more hardware processors are configured to communicate by separately transmitting at least two data shares to their respective assigned receiving locations, and wherein the one or more hardware processors are configured to store by storing the at least two data shares on respective different data storage devices at geographically separated and independent data storage locations.
  - 20. The system of claim 12, wherein the information usable to reconstruct the data set comprises one or more of:
    - an encryption key, a workgroup key, and a splitting key.
  - 21. The system of claim 12, wherein the information usable to reconstruct the data set comprises information usable to secure the data set.
  - 22. The system of claim 12, wherein the first and second communication paths comprise at least two of an Internet path, an intranet path, a LAN path, a WiFi path, and a Bluetooth path.

23. A non-transitory computer readable medium comprising instructions thereon for securing a data set in a computer network, the instructions comprising:
- a. instructions for producing, using a hardware processor, a plurality of data shares, each of the plurality of data shares comprising data encrypted using an encryption key, wherein each data share comprises at least some but less than all of the data set, wherein producing each data share comprises rearranging the at least some but less than all of the data set from an original order;
  
  b. instructions for assigning the data shares to a plurality of available data share receiving locations within the computer network;
  
  c. instructions for communicating a first share of the plurality of data shares to its respective assigned receiving location over a first communication path, comprising a first type of communication link;
  
  d. instructions for communicating a second share of the plurality of data shares to its respective assigned receiving location over a second communication path, separate from the first communication path and comprising a second type of communication link different from the first type of communication link;
  
  e. instructions for storing the data shares in the assigned receiving locations; and
  
  f. instructions for storing information usable to reconstruct the data set in a different location than the assigned receiving locations.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The non-transitory computer readable medium of claim 23, wherein the instructions for assigning the data shares to the plurality of available data share receiving locations comprises instructions for substantially randomly assigning the data shares to the plurality of available data share receiving locations.
  - 25. The non-transitory computer readable medium of claim 24, wherein the instructions for substantially randomly assigning the data shares comprises instructions for randomly selecting, for each of the data shares, an IP address of a respective data share receiving location.
  - 26. The non-transitory computer readable medium of claim 23, further comprising instructions for encrypting the data set to generate an encrypted data set, wherein the at least some of the data set of each data share comprises at least some of the encrypted data set.
  - 27. The non-transitory computer readable medium of claim 23, further comprising instructions for encrypting the data shares.
  - 28. The non-transitory computer readable medium of claim 23, wherein the computer network comprises an Internet network and the plurality of data share receiving locations comprise a plurality of data storage devices at geographically dispersed locations.
  - 29. The non-transitory computer readable medium of claim 24, wherein the instructions for substantially randomly assigning are performed by a client computer system coupled to the computer network, and wherein the non-transitory computer readable medium further comprises instructions for communicating the plurality of data shares from the client computer system to respective assigned receiving locations of the computer network.
  - 30. The non-transitory computer readable medium of claim 23, wherein the instructions for communicating comprises instructions for separately transmitting at least two data shares to their respective assigned receiving locations, and wherein the instructions for storing comprises instructions for storing the at least two data shares on respective different data storage devices at geographically separated and independent data storage locations.
  - 31. The non-transitory computer readable medium of claim 23, wherein the information usable to reconstruct the data set comprises one or more of:
    - an encryption key, a workgroup key, and a splitting key.
  - 32. The non-transitory computer readable medium of claim 23, wherein the information usable to reconstruct the data set comprises information usable to secure the data set.
  - 33. The non-transitory computer readable medium of claim 23, wherein the first and second communication paths comprise at least two of an Internet path, an intranet path, a LAN path, a WiFi path, and a Bluetooth path.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
O'Hare, Mark S., Orsini, Rick L., Davenport, Roger S.
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US14/710,528
Publication Number

US 20150261973A1
Time in Patent Office

1,022 Days
Field of Search

713167, 713193, 726 28, 726 5- 7, 380 28, 380277-278
US Class Current
CPC Class Codes

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 16/22   Indexing; Data structures t...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

H04L 2209/80   Wireless network architectu...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 67/108   characterised by resources ...

H04L 69/14   Multichannel or multilink p...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

Secure data parser method and system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

436 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data parser method and system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

436 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links