Secure data parser method and system
First Claim
Patent Images
1. A method of presenting a virtual disk to a client device, the method comprising:
- receiving, using a hardware processor, first client credentials from a first client device, the client credentials including a first client identifier;
authenticating, using the using a hardware processor, the first client device at a secure storage device;
determining, using the using a hardware processor, that a first volume is associated with the first client device based upon the first client identifier, the first volume comprising a directory mapped to a plurality of physical storage devices having stored thereon a first plurality of shares, wherein each of the first plurality of shares comprises a first subset of less than all of first original data, and wherein the first subset in each respective share was rearranged from an original order, and wherein the first plurality of shares includes data indicative of a cryptographic key used to secure the first data;
upon determining that the first volume is associated with the first client device, presenting the first volume to the first client device such that physical locations of the first plurality shares are hidden from the first client device;
receiving, using the hardware processor, second client credentials from a second client device; and
upon determining that a second volume is associated with the second client device, presenting the second volume to the second client device such that physical locations of a second plurality of shares are hidden from the second client device.
5 Assignments
0 Petitions
Accused Products
Abstract
A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.
425 Citations
27 Claims
-
1. A method of presenting a virtual disk to a client device, the method comprising:
-
receiving, using a hardware processor, first client credentials from a first client device, the client credentials including a first client identifier; authenticating, using the using a hardware processor, the first client device at a secure storage device; determining, using the using a hardware processor, that a first volume is associated with the first client device based upon the first client identifier, the first volume comprising a directory mapped to a plurality of physical storage devices having stored thereon a first plurality of shares, wherein each of the first plurality of shares comprises a first subset of less than all of first original data, and wherein the first subset in each respective share was rearranged from an original order, and wherein the first plurality of shares includes data indicative of a cryptographic key used to secure the first data; upon determining that the first volume is associated with the first client device, presenting the first volume to the first client device such that physical locations of the first plurality shares are hidden from the first client device; receiving, using the hardware processor, second client credentials from a second client device; and upon determining that a second volume is associated with the second client device, presenting the second volume to the second client device such that physical locations of a second plurality of shares are hidden from the second client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 22, 25)
-
-
8. A secure storage system comprising a programmable circuit configured to execute program instructions which, when executed, configure the secure storage system to:
-
receive first client credentials from a first client device, the first client credentials including a first client identifier; authenticate the first client device at a secure storage device; determine that a first volume is associated with the first client device based upon the first client identifier, the first volume comprising a directory mapped to a plurality of physical storage devices having stored thereon a first plurality of shares, wherein each of the first plurality of shares comprises a subset of less than all of original data, and wherein the subset in each respective share was rearranged from an original order, and wherein the first plurality of shares includes data indicative of a cryptographic key used to secure the first data; upon determining that the first volume is associated with the first client device, present the first volume to the first client device such that physical locations of the first polarity of shares are hidden from the first client device; receive, using the hardware processor, second client credentials from a second client device; and upon determining that a second volume is associated with the second client device, present the second volume to the second client device such that physical locations of a second plurality of shares are hidden from the second client device. - View Dependent Claims (9, 10, 11, 12, 13, 14, 23, 26)
-
-
15. A non-transitory computer readable medium storing computer executable instructions that, when executed by at least one processor, cause a computer system to carry out a method for presenting a virtual disk to a client device, the method comprising:
-
receiving first client credentials from a first client device, the first client credentials including a first client identifier; authenticating the first client device at a secure storage device; determining that a first volume is associated with the first client device based upon the first client identifier, the first volume comprising a directory mapped to a plurality of physical storage devices having stored thereon a first plurality of shares, wherein each of the first plurality of shares comprises a subset of less than all of original data, and wherein the subset in each respective share was rearranged from an original order, and wherein the first plurality of shares includes data indicative of a cryptographic key used to secure the first data; upon determining that the first volume is associated with the first client device, presenting the first volume to the first client device such that physical locations of the first plurality of shares are hidden from the first client device; receiving, using the hardware processor, second client credentials from a second client device; and upon determining that a second volume is associated with the second client device, presenting the second volume to the second client device such that physical locations of a second plurality of shares are hidden from the second client device. - View Dependent Claims (16, 17, 18, 19, 20, 21, 24, 27)
-
Specification