Systems and methods for securing data in motion

US 9,213,857 B2
Filed: 04/19/2013
Issued: 12/15/2015
Est. Priority Date: 03/31/2010
Status: Active Grant

First Claim

Patent Images

1. A method for retrieving data shares corresponding to a secured file stored on a storage network, the method comprising:

processing, by a programmed hardware processor communicatively coupled to a storage network, a filename of a file using an authentication algorithm to obtain an authentication value associated with the file, wherein the authentication value obscures the filename and the file corresponds to data shares stored at one or more share locations of the storage network, each data share corresponding to a portion of the file, each data share having a share name that is based on the authentication value associated with the file;

searching the share locations on the storage network for the data shares by comparing share names of the data shares with the authentication value associated with the file; and

retrieving the data shares corresponding to the file based on the comparing.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access.

337 Citations

20 Claims

1. A method for retrieving data shares corresponding to a secured file stored on a storage network, the method comprising:
- processing, by a programmed hardware processor communicatively coupled to a storage network, a filename of a file using an authentication algorithm to obtain an authentication value associated with the file, wherein the authentication value obscures the filename and the file corresponds to data shares stored at one or more share locations of the storage network, each data share corresponding to a portion of the file, each data share having a share name that is based on the authentication value associated with the file;
  
  searching the share locations on the storage network for the data shares by comparing share names of the data shares with the authentication value associated with the file; and
  
  retrieving the data shares corresponding to the file based on the comparing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - generating the data shares corresponding to the file using an information dispersal algorithm; and
      
      storing the generated data shares on the share locations on the storage network.
  - 3. The method of claim 1, wherein the generated share names are substantially equal to the authentication value associated with the file.
  - 4. The method of claim 1, wherein generating the share names comprises appending a respective share number to the authentication value associated with the file.
  - 5. The method of claim 1, wherein the storage network includes one of a private cloud, a public cloud, a hybrid cloud, a removable storage device, and a mass storage device.
  - 6. The method of claim 1, wherein the authentication algorithm is an HMAC-SHA256 algorithm.
  - 7. The method of claim 6, wherein the additional information includes a number associated with a data share location.
  - 8. The method of claim 6, wherein the additional information includes a share number associated with one of the data shares.
  - 9. The method of claim 1, further comprising appending additional information to the filename of the file prior to the processing.
  - 10. The method of claim 1 further comprising encrypting the filename, and wherein processing the filename comprises processing the encrypted filename using the authentication algorithm to obtain the authentication value associated with the file.

11. A system for retrieving data shares corresponding to a secured file stored on a storage network, the system comprising:
- at least one non-transitory computer readable medium storing computer executable instructions; and
  
  processing circuitry communicatively coupled to the at least one non-transitory computer readable medium and operable to execute the computer-readable instructions stored thereon, the processing circuitry configured to;
  
  process a filename of a file using an authentication algorithm to obtain an authentication value associated with the file, wherein the authentication value obscures the filename and the file corresponds to data shares stored at one or more share locations of the storage network, each data share corresponding to a portion of the file, each data share having a share name that is based on the authentication value associated with the file;
  
  search the share locations on the storage network for the data shares by comparing share names of the data shares with the authentication value associated with the file; and
  
  retrieve the data shares corresponding to the file based on the comparing.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the processing circuitry is further configured to:
    - generate the data shares corresponding to the file using an information dispersal algorithm; and
      
      store the generated data shares on the share locations on the storage network.
  - 13. The system of claim 11, wherein the generated share names are substantially equal to the authentication value associated with the file.
  - 14. The method of claim 11, wherein generating the share names comprises appending a respective share number to the authentication value associated with the file.
  - 15. The system of claim 11, wherein the storage network includes one of a private cloud, a public cloud, a hybrid cloud, a removable storage device, and a mass storage device.
  - 16. The system of claim 11, wherein the authentication algorithm is an HMAC-SHA256 algorithm.
  - 17. The system of claim 11, wherein the processing circuitry is further configured to append additional information to the filename of the file prior to the processing.
  - 18. The system of claim 17, wherein the additional information includes a number associated with a data share location.
  - 19. The system of claim 17, wherein the additional information includes a share number associated with one of the data shares.
  - 20. The system of claim 11, wherein the processing circuitry is further configured to encrypt the filename and to process the filename by processing the encrypted filename using the authentication algorithm to obtain the authentication value associated with the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
O'Hare, Mark S., Orsini, Rick L.
Primary Examiner(s)
Desrosiers, Evans

Application Number

US13/866,411
Publication Number

US 20130254538A1
Time in Patent Office

970 Days
Field of Search

713/160, 713168-174, 713182-186, 713/202, 709/206, 709/225, 709/229, 709/249, 709/389, 709/236, 726 2- 8, 380/229
US Class Current

1/1
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 11/182   based on mutual exchange of...

G06F 11/2094   Redundant storage or storag...

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/72   in cryptographic circuits

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0861   using biometrical features,...

H04L 67/1097   for distributed storage of ...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0894   Escrow, recovery or storing...

Systems and methods for securing data in motion

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

337 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for securing data in motion

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

337 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links