Secure data parser method and system

US 8,266,438 B2
Filed: 10/25/2005
Issued: 09/11/2012
Est. Priority Date: 10/25/2004
Status: Active Grant

First Claim

Patent Images

1. A method for securing streaming of a data set from a first location to a second location, the method comprising:

generating, using processing circuitry at the first location, at least two portions of data from the data set, wherein each of the at least two portions of data respectively contains a substantially random distribution of a respective subset of the data set;

streaming from the first location to the second location the at least two portions of data over at least one communications path, wherein the at least two portions of data stream separately from each other as at least two streaming portions of data; and

restoring, using processing circuitry at the second location, data from at least a subset of the at least two streaming portions of data, wherein the data is restored as the at least two streaming portions of data are being received at the second location.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

245 Citations

66 Claims

1. A method for securing streaming of a data set from a first location to a second location, the method comprising:
- generating, using processing circuitry at the first location, at least two portions of data from the data set, wherein each of the at least two portions of data respectively contains a substantially random distribution of a respective subset of the data set;
  
  streaming from the first location to the second location the at least two portions of data over at least one communications path, wherein the at least two portions of data stream separately from each other as at least two streaming portions of data; and
  
  restoring, using processing circuitry at the second location, data from at least a subset of the at least two streaming portions of data, wherein the data is restored as the at least two streaming portions of data are being received at the second location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein the streaming comprises streaming the at least two portions of data on separate communications paths in parallel.
  - 3. The method of claim 1 wherein the streaming comprises streaming the at least two portions of data on a single communications path in a serial transmission.
  - 4. The method of claim 1 wherein the generating is accomplished using an email application.
  - 5. The method of claim 1 wherein the generating is accomplished using a video broadcasting application.
  - 6. The method of claim 1 wherein the streaming over the at least one communications path comprises streaming over a wireless communications path.
  - 7. The method of claim 6, wherein the streaming over the wireless communications path comprises streaming over the wireless communications path using an 802.11 protocol.
  - 8. The method of claim 6, wherein the streaming over the wireless communications path comprises streaming over the wireless communications path using Bluetooth.
  - 9. The method of claim 6, wherein the streaming over the wireless communications path comprises streaming over a wireless LAN.
  - 10. The method of claim 6, wherein the streaming over the wireless communications path comprises streaming over a cellular network.
  - 11. The method of claim 6, wherein the streaming over the wireless communications path comprises streaming over a peer to peer wireless network.
  - 12. The method of claim 6, wherein the streaming over the wireless communications path comprises streaming over a hub based wireless network.
  - 13. The method of claim 6, wherein the streaming over the wireless communications path comprises streaming over a satellite transmission.
  - 14. The method of claim 1 wherein at least one of the first location and the second location is a computer peripheral device.
  - 15. The method of claim 1 wherein at least one of the first location and the second location is a PDA device.
  - 16. The method of claim 1 wherein at least one of the first location and the second location is a storage device.
  - 17. The method of claim 1 wherein the streaming over the at least one communications path comprises streaming over a wired communications path.

18. A method for securing a data set, the method comprising:
- generating, using processing circuitry, at least two portions of data from the data set, wherein each of the at least two portions of data respectively contains a substantially random distribution of a respective subset of the data set;
  
  storing the at least two portions of data on at least two data depositories, wherein the at least two data depositories are physically separate from each other; and
  
  using at least one of the at least two portions of data stored on at least one of the at least two data depositories as an authentication key stored in an authentication depository in order to restore the data set.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18 wherein the authentication depository is a physical token device.
  - 20. The method of claim 18 further comprising restoring the data set when the authentication depository is coupled to at least a subset of the at least two data depositories.
  - 21. The method of claim 20 further comprising removing access to the data set when the authentication depository is no longer coupled to the at least a subset of the at least two data depositories.

22. A method for securing a data set, the method comprising:
- generating, using processing circuitry, at least two portions of data from the data set, wherein each of the at least two portions of data respectively contains a substantially random distribution of a respective subset of the data set;
  
  generating respective integrity information for each of the at least two portions of data;
  
  writing the respective integrity information to each of the at least two portions of data;
  
  storing each of the at least two portions of data separately; and
  
  restoring the data set from at least a subset of the at least two portions of data when the respective integrity information of the at least a subset of the at least two portions of data has been verified.
- View Dependent Claims (23, 24, 25)
- - 23. The method of claim 22, wherein the integrity information is generated using a hash algorithm.
  - 24. The method of claim 22, wherein the integrity information is generated using a MAC signature.
  - 25. The method of claim 22, wherein the integrity information is generated using a digital signature.

26. A method for securing a data set, the method comprising:
- generating, using processing circuitry, at least two portions of data from the data set, wherein each of the at least two portions of data respectively contains a substantially random distribution of a respective subset of the data set;
  
  storing each of the at least two portions of data separately; and
  
  restoring the data set from at least a subset of the at least two portions of data, wherein at least one particular portion of data is required in order to restore the data set.
- View Dependent Claims (27, 28, 29)
- - 27. The method of claim 26 further comprising encrypting at least one of the at least two portions of data, the at least one of the at least two portions of data comprising the at least one particular portion of data.
  - 28. The method of claim 27 wherein the encrypting comprises encrypting at least one of the at least two portions of data according to a first encryption key and at least one other of the at two least portions of data according to a second encryption key.
  - 29. The method of claim 27 wherein the encrypting comprises encrypting at least one of the at least two portion of data using a public key that may be decrypted using a private key.

30. A method for securing a data set, the method comprising:
- generating, using processing circuitry, at least two portions of data from the data set, wherein each of the at least two portions of data respectively contains a substantially random distribution of a respective subset of the data set, and wherein the probability that data from the data set is distributed to at least one of the at least two portions of data is less than the probability that data from the data set is distributed to a remainder of the at least two portions of data;
  
  storing each of the at least two portions of data separately; and
  
  restoring the data set from at least a subset of the at least two portions of data.

31. A method for securing a data set, the method comprising:
- generating, using processing circuitry, at least two portions of data from the data set, wherein each of the at least two portions of data respectively contains a substantially random distribution of a respective subset of the data set, and wherein at least one of the at least two portions of data has a predetermined size;
  
  storing each of the at least two portions of data separately; and
  
  restoring the data set from at least a subset of the at least two portions of data.
- View Dependent Claims (32, 33)
- - 32. The method of claim 31 wherein the generating the at least two portions of data comprises using a splitting key having a splitting key size and wherein the predetermined size is the splitting key size.
  - 33. The method of claim 31 further comprising encrypting the data set with an encryption key having an encryption key size prior to the generating the at least two portions of data and wherein the predetermined size is the encryption key size.

34. A method for securing a data set, the method comprising:
- generating, using processing circuitry, at least two portions of data from the data set, wherein each of the at least two portions of data respectively contains a substantially random distribution of a respective subset of the data set, and wherein the probability that data from the data set is distributed to each of the at least two portions of data is substantially equal;
  
  storing each of the at least two portions of data separately; and
  
  restoring the data set from at least a subset of the at least two portions of data.

35. A method for securing a data set, the method comprising:
- generating, using processing circuitry, according to a splitting key, at least two portions of data from the data set, wherein each of the at least two portions of data respectively contains a substantially random distribution of a respective subset of the data set;
  
  generating, according to a Shamir algorithm, splitting key information that is capable of being used to generate the splitting key, wherein the splitting key information is distributed among the at least two portions of data;
  
  storing each of the at least two portions of data separately; and
  
  restoring the data set from at least a subset of the at least two portions of data.
- View Dependent Claims (36)
- - 36. The method of claim 35 wherein restoring the data set comprises restoring the splitting key from the splitting key information from at least a subset of the at least two portions of data.

37. A method for securing a data set, the method comprising:
- determining a number of portions of data into which to distribute the data set;
  
  generating a substantially random number;
  
  determining, using processing circuitry, into which of the portions of data to distribute each unit of data from the data set based on corresponding data from the substantially random number and distributing accordingly;
  
  storing the portions of data separately; and
  
  restoring the data set from at least a subset of the portions of data, wherein the determining into which of the portions of data to distribute each unit of data from the data set comprises determining into which of the portions of data to distribute each unit of data from the data set based on a hash function of corresponding data from the substantially random number.
- View Dependent Claims (38, 39, 40, 41)
- - 38. The method of claim 37 wherein the unit of data is a bit.
  - 39. The method of claim 37 wherein the size of the substantially random number is a multiple, M, of the size of the data set and wherein the determining into which of the portions of data to distribute each unit of data from the data set comprises determining into which of the portions of data to distribute each unit of data from the data set based on a hash function of a corresponding M bits from the substantially random number.
  - 40. The method of claim 39 wherein the multiple, M, is 8 and wherein the determining into which of the portions of data to distribute each unit of data from the data set based on a hash function of a corresponding M bits from the substantially random number comprises determining into which of the portions of data to distribute each bit of data from the data set based on a hash function of a corresponding byte from the substantially random number.
  - 41. The method of claim 37 further comprising appending redundancy data to each of the portions of data.

42. A method for securing a data set, the method comprising:
- determining a number of portions of data into which to distribute the data set;
  
  generating a substantially random number;
  
  for each unit of data of the data set, splitting the unit of data into a left segment and a right segment by determining, based on corresponding data from the substantially random number, a splitting location wherein bits to the left of the splitting location represent the left segment and bits to the right of the splitting location represent the right segment;
  
  determining, using processing circuitry, into which of the portions of data to distribute each of the left segment and the right segment of each unit of data from the data set based on corresponding data from the substantially random number and distributing accordingly;
  
  storing the portions of data separately; and
  
  restoring the data set from at least a subset of the portions of data.
- View Dependent Claims (43, 44, 45, 46, 47)
- - 43. The method of claim 42 wherein the splitting the unit of data into the left segment and the right segment comprises splitting the unit of data into the left segment and the right segment based on a hash function of a corresponding data from the substantially random number.
  - 44. The method of claim 42 wherein the unit of data is a byte.
  - 45. The method of claim 42 wherein generating the substantially random number comprises generating the substantially random number of size equal to the size of the data set.
  - 46. The method of claim 45 wherein the unit of data is a byte and wherein the splitting the unit of data into the left segment and the right segment comprises splitting the unit of data into the left segment and the right segment based on a hash function of a corresponding unit of data from the substantially random number.
  - 47. The method of claim 42 wherein the determining into which of the portions of data to distribute each of the left segment and the right segment comprises determining into which of the portions of data to distribute each of the left segment and the right segment of each unit of data from the data set based on corresponding data from the substantially random number and based on a table containing an array of all possible distributions of the right segment and the left.

48. The method of 42 wherein the determining into which of the portions of data to distribute each of the left segment and the right segment comprises determining into which of the portions of data to distribute each of the left segment and the right segment of each unit of data from the data set based on a hash function of corresponding data from the substantially random number and based on a table containing an array of all possible distributions of the right segment and the left segment, wherein the hash function of the corresponding data from the substantially random number indicates which entry in the table to use, the entry indicating a destination portion for the left segment and a destination portion for the right segment.
- View Dependent Claims (49)
- - 49. The method of claim 48 wherein:
    - generating the substantially random number comprises generating the substantially random number of size equal to the size of the data set;
      
      the unit of data is a byte; and
      
      the corresponding data is a corresponding unit of data.

50. A system for securing streaming of a data set from a first location to a second location, the system comprising:
- a first processor for generating at the first location at least two portions of data from the data set, wherein each of the at least two portions of data respectively contains a substantially random distribution of a respective subset of the data set;
  
  at least one communications path over which are streamed the at least two portions of data from the first location to the second location, wherein the at least two portions of data stream separately from each other as at least two streaming portions of data; and
  
  a second processor for restoring at the second location data from at least a subset of the at least two streaming portions of data, wherein the data is restored as the at least two streaming portions of data are being received at the second location.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
- - 51. The system of claim 50 wherein the at least two streaming portions of data are streamed on separate communications paths in parallel.
  - 52. The system of claim 50 wherein the at least two streaming portions of data are streamed on a single communications path in a serial transmission.
  - 53. The system of claim 50 wherein the first processor is used in conjunction with an email application.
  - 54. The system of claim 50 wherein the first processor is used in conjunction with a video broadcasting application.
  - 55. The system of claim 50 wherein the at least one communications path comprises a wireless communications path.
  - 56. The system of claim 55, wherein the wireless communications path comprises an 802.11 protocol communications path.
  - 57. The system of claim 55, wherein the wireless communications path comprises a Bluetooth communications path.
  - 58. The system of claim 55, wherein the wireless communications path comprises a wireless LAN.
  - 59. The system of claim 55, wherein the wireless communications path comprises a cellular network.
  - 60. The system of claim 55, wherein the wireless communications path comprises a peer to peer wireless network.
  - 61. The system of claim 55, wherein the wireless communications path comprises a hub based wireless network.
  - 62. The system of claim 55, wherein wireless communications path comprises a satellite communications path.
  - 63. The system of claim 50 wherein at least one of the first location and the second location is a computer peripheral device.
  - 64. The system of claim 50 wherein at least one of the first location and the second location is a PDA device.
  - 65. The system of claim 50 wherein at least one of the first location and the second location is a storage device.
  - 66. The system of claim 50 wherein the at least one communications path comprises a wired communications path.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Orsini, Rick L., O'Hare, Mark S., Davenport, Roger, Winick, Steven
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US11/258,839
Publication Number

US 20060177061A1
Time in Patent Office

2,513 Days
Field of Search

713/176, 713/186, 713/156, 380/33, 380/268, 380/270, 380/247, 380/286
US Class Current

713/176
CPC Class Codes

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 16/22   Indexing; Data structures t...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

H04L 2209/80   Wireless network architectu...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 67/108   characterised by resources ...

H04L 69/14   Multichannel or multilink p...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

Secure data parser method and system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

245 Citations

66 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data parser method and system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

245 Citations

66 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links