Entity authentication for pre-authenticated links
US-2024396898-A1 · Nov 28, 2024 · US
Systems and methods for securing data in motion
US9213857B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9213857-B2 |
| Application number | US-201313866411-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 19, 2013 |
| Priority date | Mar 31, 2010 |
| Publication date | Dec 15, 2015 |
| Grant date | Dec 15, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for retrieving data shares corresponding to a secured file stored on a storage network, the method comprising: processing, by a programmed hardware processor communicatively coupled to a storage network, a filename of a file using an authentication algorithm to obtain an authentication value associated with the file, wherein the authentication value obscures the filename and the file corresponds to data shares stored at one or more share locations of the storage network, each data share corresponding to a portion of the file, each data share having a share name that is based on the authentication value associated with the file; searching the share locations on the storage network for the data shares by comparing share names of the data shares with the authentication value associated with the file; and retrieving the data shares corresponding to the file based on the comparing. 2. The method of claim 1 , further comprising: generating the data shares corresponding to the file using an information dispersal algorithm; and storing the generated data shares on the share locations on the storage network. 3. The method of claim 1 , wherein the generated share names are substantially equal to the authentication value associated with the file. 4. The method of claim 1 , wherein generating the share names comprises appending a respective share number to the authentication value associated with the file. 5. The method of claim 1 , wherein the storage network includes one of a private cloud, a public cloud, a hybrid cloud, a removable storage device, and a mass storage device. 6. The method of claim 1 , wherein the authentication algorithm is an HMAC-SHA256 algorithm. 7. The method of claim 6 , wherein the additional information includes a number associated with a data share location. 8. The method of claim 6 , wherein the additional information includes a share number associated with one of the data shares. 9. The method of claim 1 , further comprising appending additional information to the filename of the file prior to the processing. 10. The method of claim 1 further comprising encrypting the filename, and wherein processing the filename comprises processing the encrypted filename using the authentication algorithm to obtain the authentication value associated with the file. 11. A system for retrieving data shares corresponding to a secured file stored on a storage network, the system comprising: at least one non-transitory computer readable medium storing computer executable instructions; and processing circuitry communicatively coupled to the at least one non-transitory computer readable medium and operable to execute the computer-readable instructions stored thereon, the processing circuitry configured to: process a filename of a file using an authentication algorithm to obtain an authentication value associated with the file, wherein the authentication value obscures the filename and the file corresponds to data shares stored at one or more share locations of the storage network, each data share corresponding to a portion of the file, each data share having a share name that is based on the authentication value associated with the file; search the share locations on the storage network for the data shares by comparing share names of the data shares with the authentication value associated with the file; and retrieve the data shares corresponding to the file based on the comparing. 12. The system of claim 11 , wherein the processing circuitry is further configured to: generate the data shares corresponding to the file using an information dispersal algorithm; and store the generated data shares on the share locations on the storage network. 13. The system of claim 11 , wherein the generated share names are substantially equal to the authentication value associated with the file. 14. The method of claim 11 , wherein generating the share names comprises appending a respective share number to the authentication value associated with the file. 15. The system of claim 11 , wherein the storage network includes one of a private cloud, a public cloud, a hybrid cloud, a removable storage device, and a mass storage device. 16. The system of claim 11 , wherein the authentication algorithm is an HMAC-SHA256 algorithm. 17. The system of claim 11 , wherein the processing circuitry is further configured to append additional information to the filename of the file prior to the processing. 18. The system of claim 17 , wherein the additional information includes a number associated with a data share location. 19. The system of claim 17 , wherein the additional information includes a share number associated with one of the data shares. 20. The system of claim 11 , wherein the processing circuitry is further configured to encrypt the filename and to process the filename by processing the encrypted filename using the authentication algorithm to obtain the authentication value associated with the file.
Assignees
Inventors
Classifications
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
Secret sharing or secret splitting, e.g. threshold schemes · CPC title
Redundant storage or storage space (G06F11/2056 takes precedence) · CPC title
for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS] · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9213857B2 cover?
- The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise comm…
- Who is the assignee on this patent?
- Security First Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 15 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).