Secure data parser method and system

US 9,992,170 B2
Filed: 06/11/2013
Issued: 06/05/2018
Est. Priority Date: 10/25/2004
Status: Active Grant

First Claim

Patent Images

1. A method of presenting a virtual disk to a client device, the method comprising:

receiving, using a hardware processor, first client credentials from a first client device, the client credentials including a first client identifier;

authenticating, using the using a hardware processor, the first client device at a secure storage device;

determining, using the using a hardware processor, that a first volume is associated with the first client device based upon the first client identifier, the first volume comprising a directory mapped to a plurality of physical storage devices having stored thereon a first plurality of shares, wherein each of the first plurality of shares comprises a first subset of less than all of first original data, and wherein the first subset in each respective share was rearranged from an original order, and wherein the first plurality of shares includes data indicative of a cryptographic key used to secure the first data;

upon determining that the first volume is associated with the first client device, presenting the first volume to the first client device such that physical locations of the first plurality shares are hidden from the first client device;

receiving, using the hardware processor, second client credentials from a second client device; and

upon determining that a second volume is associated with the second client device, presenting the second volume to the second client device such that physical locations of a second plurality of shares are hidden from the second client device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.

425 Citations

27 Claims

1. A method of presenting a virtual disk to a client device, the method comprising:
- receiving, using a hardware processor, first client credentials from a first client device, the client credentials including a first client identifier;
  
  authenticating, using the using a hardware processor, the first client device at a secure storage device;
  
  determining, using the using a hardware processor, that a first volume is associated with the first client device based upon the first client identifier, the first volume comprising a directory mapped to a plurality of physical storage devices having stored thereon a first plurality of shares, wherein each of the first plurality of shares comprises a first subset of less than all of first original data, and wherein the first subset in each respective share was rearranged from an original order, and wherein the first plurality of shares includes data indicative of a cryptographic key used to secure the first data;
  
  upon determining that the first volume is associated with the first client device, presenting the first volume to the first client device such that physical locations of the first plurality shares are hidden from the first client device;
  
  receiving, using the hardware processor, second client credentials from a second client device; and
  
  upon determining that a second volume is associated with the second client device, presenting the second volume to the second client device such that physical locations of a second plurality of shares are hidden from the second client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 22, 25)
- - 2. The method of claim 1, wherein presenting the volume to the first client includes providing access to data stored in the plurality of shares associated with the volume.
  - 3. The method of claim 1, further comprising establishing a secure connection between the first client device and the secure storage device.
  - 4. The method of claim 1, wherein the first plurality of shares contain a substantially random distribution of a unit of data.
  - 5. The method of claim 1, wherein the unit of data is restorable from at least two shares of the first plurality of shares.
  - 6. The method of claim 5, further comprising restoring the unit of data from at least two shares of the first plurality of shares, and wherein presenting the first volume to the first client device comprises presenting the restored unit of data.
  - 7. The method of claim 1, further comprising storing the different keys on a key management server.
  - 22. The method of claim 1, wherein the first plurality of shares include data indicative of a cryptographic key used to secure the original data.
  - 25. The method of claim 1, wherein the subset was rearranged using at least one of a deterministic technique, a random technique, and pseudo-random technique.

8. A secure storage system comprising a programmable circuit configured to execute program instructions which, when executed, configure the secure storage system to:
- receive first client credentials from a first client device, the first client credentials including a first client identifier;
  
  authenticate the first client device at a secure storage device;
  
  determine that a first volume is associated with the first client device based upon the first client identifier, the first volume comprising a directory mapped to a plurality of physical storage devices having stored thereon a first plurality of shares, wherein each of the first plurality of shares comprises a subset of less than all of original data, and wherein the subset in each respective share was rearranged from an original order, and wherein the first plurality of shares includes data indicative of a cryptographic key used to secure the first data;
  
  upon determining that the first volume is associated with the first client device, present the first volume to the first client device such that physical locations of the first polarity of shares are hidden from the first client device;
  
  receive, using the hardware processor, second client credentials from a second client device; and
  
  upon determining that a second volume is associated with the second client device, present the second volume to the second client device such that physical locations of a second plurality of shares are hidden from the second client device.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 23, 26)
- - 9. The secure storage system of claim 8, wherein the secure storage system is further configured to provide access to data stored in the first plurality of shares associated with the first volume.
  - 10. The secure storage system of claim 8, wherein the secure storage system is further configured to establish a secure connection between the first client device and the secure storage system.
  - 11. The secure storage system of claim 8, wherein the first plurality of shares contain a substantially random distribution of a unit of data.
  - 12. The secure storage system of claim 8, wherein the unit of data is restorable from at least two shares of the first plurality of shares.
  - 13. The secure storage system of claim 12, wherein the program instructions further configure the secure storage system to restore the unit of data from at least two shares of the first plurality of shares, and wherein the secure storage system is configured to present the first volume to the first client device by presenting the restored unit of data.
  - 14. The secure storage system of claim 8, further comprising a key management server configured to store the different keys.
  - 23. The secure storage system of claim 8, wherein the first plurality of shares include data indicative of a cryptographic key used to secure the original data.
  - 26. The secure storage system of claim 8, wherein the subset was rearranged using at least one of a deterministic technique, a random technique, and pseudo-random technique.

15. A non-transitory computer readable medium storing computer executable instructions that, when executed by at least one processor, cause a computer system to carry out a method for presenting a virtual disk to a client device, the method comprising:
- receiving first client credentials from a first client device, the first client credentials including a first client identifier;
  
  authenticating the first client device at a secure storage device;
  
  determining that a first volume is associated with the first client device based upon the first client identifier, the first volume comprising a directory mapped to a plurality of physical storage devices having stored thereon a first plurality of shares, wherein each of the first plurality of shares comprises a subset of less than all of original data, and wherein the subset in each respective share was rearranged from an original order, and wherein the first plurality of shares includes data indicative of a cryptographic key used to secure the first data;
  
  upon determining that the first volume is associated with the first client device, presenting the first volume to the first client device such that physical locations of the first plurality of shares are hidden from the first client device;
  
  receiving, using the hardware processor, second client credentials from a second client device; and
  
  upon determining that a second volume is associated with the second client device, presenting the second volume to the second client device such that physical locations of a second plurality of shares are hidden from the second client device.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 24, 27)
- - 16. The non-transitory computer readable medium of claim 15, wherein presenting the first volume to the first client devices includes providing access to data stored in the first plurality of shares associated with the first volume.
  - 17. The non-transitory computer readable medium of claim 15, wherein the instructions further comprise establishing a secure connection between the first client device and the secure storage device.
  - 18. The non-transitory computer readable medium of claim 15, wherein the first plurality of shares contain a substantially random distribution of a unit of data.
  - 19. The non-transitory computer readable medium of claim 15, wherein the unit of data is restorable from at least two shares of the first plurality of shares.
  - 20. The non-transitory computer readable medium of claim 19, wherein the instructions further comprise restoring the unit of data from at least two shares of the plurality of shares, and wherein presenting the first volume to the first client device comprises presenting the restored unit of data.
  - 21. The non-transitory computer readable medium of claim 15, wherein the instructions further comprise storing the different keys on a key management server.
  - 24. The non-transitory computer readable medium of claim 15, wherein the first plurality of shares include data indicative of a cryptographic key used to secure the original data.
  - 27. The non-transitory computer readable medium of claim 15, wherein the subset was rearranged using at least one of a deterministic technique, a random technique, and pseudo-random technique.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
O'Hare, Mark S., Orsini, Rick L., Davenport, Roger S., Winick, Steven
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US13/915,081
Publication Number

US 20130276074A1
Time in Patent Office

1,820 Days
Field of Search

713153, 713167-168, 713193, 726 5- 7, 726 28, 380 28, 380277-278
US Class Current
CPC Class Codes

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 16/22   Indexing; Data structures t...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

H04L 2209/80   Wireless network architectu...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 67/108   characterised by resources ...

H04L 69/14   Multichannel or multilink p...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

Secure data parser method and system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

425 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data parser method and system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

425 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links