System and method for providing trusted links between applications
US-11972029-B2 · Apr 30, 2024 · US
Systems and methods for cryptographically splitting and storing data
US9294444B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9294444-B2 |
| Application number | US-201213371363-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 10, 2012 |
| Priority date | Oct 25, 2004 |
| Publication date | Mar 22, 2016 |
| Grant date | Mar 22, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for securing a data set, the method steps implemented by a programmed computer system, the method steps comprising: encrypting, using a hardware processor, the data set based on an encryption key to produce an encrypted data set; creating hash information based on a hash operation using the data set; generating data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed; separating the encrypted data set into the plurality of shares based on the data splitting information, wherein each share contains one or more, but not all, of the units of data of the encrypted data set, and wherein at least two of the plurality of shares contain different amounts of the encrypted data set; including in the plurality of shares data indicative of the encryption key and the hash information; and causing the plurality of shares to be stored in separate storage locations; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares. 2. The method of claim 1 , wherein the step of separating the encrypted data set comprises using a deterministic technique. 3. The method of claim 1 , wherein the step of separating the encrypted data set comprises using a substantially random technique. 4. The method of claim 1 , further comprising causing a plurality of data units in each of the shares to be rearranged relative to one another after the separating step. 5. The method of claim 1 , wherein the step of separating the encrypted data into the plurality of shares comprises causing the plurality of shares to have a substantially randomly distribution of the encrypted data set. 6. The method of claim 1 , wherein the data indicative of the encryption key comprises data created using a Shamir secret sharing algorithm. 7. The method of claim 1 , wherein the step of including data indicative of the encryption key comprises: encrypting the encryption key with a second key; and including in the plurality of shares data indicative of the encrypted encryption key. 8. The method of claim 7 further comprising the method step of storing the second key outside of the plurality of shares, wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares, and the second key. 9. The method of claim 1 , wherein the separate storage locations are located on at least two separate storage devices. 10. A non-transitory computer readable medium storing computer executable instructions that, when executed by at least one processor, cause a computer system to carry out a method for securing a data set, the method comprising the steps of: encrypting the data set based on an encryption key to produce an encrypted data set; creating hash information based on a hash operation using the data set; generating data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed; separating the encrypted data set into the plurality of shares based on the data splitting information, wherein each share contains one or more, but not all, of the units of data of the encrypted data set, and wherein at least two of the plurality of shares contain different amounts of the encrypted data set; including in the plurality of shares data indicative of the encryption key and the hash information; and causing the plurality of shares to be stored in separate storage locations; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares. 11. The non-transitory computer readable medium of claim 10 , wherein the step of separating the encrypted data set comprises using a deterministic technique. 12. The non-transitory computer readable medium of claim 10 , wherein the step of separating the encrypted data set comprises using a substantially random technique. 13. The non-transitory computer readable medium of claim 10 , wherein the method further comprises causing a plurality of data units of the encrypted data set to be rearranged relative to one another after the separating step. 14. The non-transitory computer readable medium of claim 10 , wherein the step of separating the encrypted data into the plurality of shares comprises causing the plurality of shares to have a substantially randomly distribution of the encrypted data set. 15. The non-transitory computer readable medium of claim 10 , wherein the data indicative of the encryption key comprises data created using a Shamir secret sharing algorithm. 16. The non-transitory computer readable medium of claim 11 , wherein the step of including data indicative of the encryption key comprises: encrypting the encryption key with a second key; and including in the plurality of shares data indicative of the encrypted encryption key. 17. The non-transitory computer readable medium of claim 16 wherein the method further comprises storing the second key outside of the plurality of shares, wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares, and the second key. 18. The non-transitory computer readable medium of claim 10 , wherein the separate storage locations are located on at least two separate storage devices. 19. A computer system for securing a data set, the system comprising: at least one processor; a non-transitory computer readable medium storing computer executable instructions that, when executed by the at least one processor, cause the computer system to carry out the following steps: encrypting the data set based on an encryption key to produce an encrypted data set; creating hash information based on a hash operation using the data set; generating data splitting information, wherein the data splitting information is usable to determine into which of a plurality of shares of data a unit of data of the encrypted data set will be placed; separating the encrypted data set into the plurality of shares based on the data splitting information, wherein each share contains one or more, but not all, of the units of data of the encrypted data set, and wherein at least two of the plurality of shares contain different amounts of the encrypted data set; including in the plurality of shares data indicative of the encryption key and the hash information; and causing the plurality of shares to be stored in separate storage locations; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares. 20. The system of claim 19 , wherein the step of separating the encrypted data set comprises using a deterministic technique. 21. The system of claim 19 , wherein the step of separating the encrypted data set comprises using a substantially random technique. 22. The system of claim 19 , wherein the method further comprises causing a plurality of data units of the encrypted data set to be rearranged relative to one another after the separating step. 23. The system of claim 19 , wherein the step of separating the encrypted data into the plurality of shares comprises causing the plurality of shares to have a substantially randomly distribution of the encrypted data set.
Assignees
Inventors
Classifications
- G06F21/606Primary
by securing the transmission between two devices or processes · CPC title
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
characterised by resources being split in blocks or fragments · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9294444B2 cover?
- A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to pr…
- Who is the assignee on this patent?
- O'Hare Mark S, Orsini Rick L, Davenport Roger S, and 2 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/606. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 22 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).