Secure data parser method and system
First Claim
Patent Images
1. A method performed by a programmed computer system for securing a data set in a computer network, the method comprising:
- a. producing, using a hardware processor, a plurality of data shares, each of the plurality of data shares comprising data encrypted using an encryption key, wherein each data share comprises at least some but less than all of the data set, wherein producing each data share comprises rearranging the at least some but less than all of the data set from an original order;
b. assigning the data shares to a plurality of available data share receiving locations within the computer network;
c. communicating a first share of the plurality of data shares to its respective assigned receiving location over a first communication path, comprising a first type of communication link;
d. communicating a second share of the plurality of data shares to its respective assigned receiving location over a second communication path, separate from the first communication path and comprising a second type of communication link different from the first type of communication link;
e. storing the data shares in the assigned receiving locations; and
f. storing information usable to reconstruct the data set in a different location than the assigned receiving locations.
4 Assignments
0 Petitions
Accused Products
Abstract
A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.
436 Citations
33 Claims
-
1. A method performed by a programmed computer system for securing a data set in a computer network, the method comprising:
-
a. producing, using a hardware processor, a plurality of data shares, each of the plurality of data shares comprising data encrypted using an encryption key, wherein each data share comprises at least some but less than all of the data set, wherein producing each data share comprises rearranging the at least some but less than all of the data set from an original order; b. assigning the data shares to a plurality of available data share receiving locations within the computer network; c. communicating a first share of the plurality of data shares to its respective assigned receiving location over a first communication path, comprising a first type of communication link; d. communicating a second share of the plurality of data shares to its respective assigned receiving location over a second communication path, separate from the first communication path and comprising a second type of communication link different from the first type of communication link; e. storing the data shares in the assigned receiving locations; and f. storing information usable to reconstruct the data set in a different location than the assigned receiving locations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system performed by a programmed computer system for securing a data set in a computer network, the system comprising:
one or more hardware processors configured to; a. produce a plurality of data shares, each of the plurality of data shares comprising data encrypted using an encryption key, wherein each data share comprises at least some but less than all of the data set, wherein producing each data share comprises rearranging the at least some but less than all of the data set from an original order; b. assign the data shares to a plurality of available data share receiving locations within the computer network; c. communicate a first share of the plurality of data shares to its respective assigned receiving location over a first communication path, comprising a first type of communication link; d. communicate a second share of the plurality of data shares to its respective assigned receiving location over a second communication path, separate from the first communication path and comprising a second type of communication link different from the first type of communication link; e. store the data shares in the assigned receiving locations; and f. store information usable to reconstruct the data set in a different location than the assigned receiving locations. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
23. A non-transitory computer readable medium comprising instructions thereon for securing a data set in a computer network, the instructions comprising:
-
a. instructions for producing, using a hardware processor, a plurality of data shares, each of the plurality of data shares comprising data encrypted using an encryption key, wherein each data share comprises at least some but less than all of the data set, wherein producing each data share comprises rearranging the at least some but less than all of the data set from an original order; b. instructions for assigning the data shares to a plurality of available data share receiving locations within the computer network; c. instructions for communicating a first share of the plurality of data shares to its respective assigned receiving location over a first communication path, comprising a first type of communication link; d. instructions for communicating a second share of the plurality of data shares to its respective assigned receiving location over a second communication path, separate from the first communication path and comprising a second type of communication link different from the first type of communication link; e. instructions for storing the data shares in the assigned receiving locations; and f. instructions for storing information usable to reconstruct the data set in a different location than the assigned receiving locations. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification