Systems and methods for securing data using multi-factor or keyed dispersal
First Claim
1. A method for securing a data set, the method comprising:
- encrypting, by processing circuitry, the data set using a session key to produce an encrypted data set;
distributing unique portions of the session key into two or more session key shares;
distributing unique portions of the encrypted data set into two or more encrypted data set shares;
forming two or more user shares by interleaving at least two session key shares into a respective one of at least two encrypted data set shares, thereby causing each of the at least two session key shares to be distributed into a different one of the at least two encrypted data set shares; and
causing the storage of the two or more user shares, whereby the data set is restorable from a minimum number of the two or more user shares.
5 Assignments
0 Petitions
Accused Products
Abstract
A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. A keyed information dispersal algorithm (keyed IDA) may also be used. The key for the keyed IDA may additionally be protected by an external workgroup key, resulting in a multi-factor secret sharing scheme.
16 Citations
33 Claims
-
1. A method for securing a data set, the method comprising:
-
encrypting, by processing circuitry, the data set using a session key to produce an encrypted data set; distributing unique portions of the session key into two or more session key shares; distributing unique portions of the encrypted data set into two or more encrypted data set shares; forming two or more user shares by interleaving at least two session key shares into a respective one of at least two encrypted data set shares, thereby causing each of the at least two session key shares to be distributed into a different one of the at least two encrypted data set shares; and causing the storage of the two or more user shares, whereby the data set is restorable from a minimum number of the two or more user shares. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for securing a data set, the apparatus comprising a processor configured to:
-
encrypt the data set using a session key to produce an encrypted data set; distribute unique portions of the session key into two or more session key shares; distribute unique portions of the encrypted data set into two or more encrypted data set shares; form two or more user shares by interleaving at least two session key shares into a respective one of at least two encrypted data set shares, thereby causing each of the at least two session key shares to be distributed into a different one of the at least two encrypted data set shares; and store the two or more user shares, whereby the data set is restorable from a minimum number of the two or more user shares. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A machine-readable non-transitory medium comprising machine program logic recorded thereon which, when executed by a processor, causes a computing system to carry out the steps of:
-
encrypting a data set using a session key to produce an encrypted data set; distributing unique portions of the session key into two or more session key shares; distributing unique portions of the encrypted data set into two or more encrypted data set shares; forming two or more user shares by interleaving at least two session key shares into a respective one of at least two encrypted data set shares, thereby causing each of the at least two session key shares to be distributed into a different one of the at least two encrypted data set shares; and storing the two or more user shares, whereby the data set is restorable from a minimum number of the two or more user shares.
-
Specification