Secure pairing of devices
US-2024163266-A1 · May 16, 2024 · US
Systems and methods for distributing and securing data
US9407431B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9407431-B2 |
| Application number | US-201414305993-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 16, 2014 |
| Priority date | Nov 7, 2006 |
| Publication date | Aug 2, 2016 |
| Grant date | Aug 2, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A robust computational secret sharing scheme that provides for the efficient distribution and subsequent recovery of a private data is disclosed. A cryptographic key may be randomly generated and then shared using a secret sharing algorithm to generate a collection of key shares. The private data may be encrypted using the key, resulting in a ciphertext. The ciphertext may then be broken into ciphertext fragments using an Information Dispersal Algorithm. Each key share and a corresponding ciphertext. Fragment are provided as input to a committal method of a probabilistic commitment scheme, resulting in a committal value and a decommittal value. The share for the robust computational secret sharing scheme may be obtained by combining the key share, the ciphertext fragment, the decommittal value, and the vector of committal values.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for securing data, the method comprising: generating a plurality of fragments from the data; applying by a hardware processor a sharing mechanism of a computational secret sharing scheme to the data to produce a plurality of shares; computing a set of committal values and a set of decommittal values from the plurality of shares; producing each fragment in the plurality of fragments by combining a share, a decommittal value, and at least two committal values of the set of committal values; transmitting the plurality of fragments over a plurality of communication channels; and storing each fragment on at least one data repository. 2. The method of claim 1 wherein producing each fragment in the plurality of fragments comprises combining a share, a decommittal value, and the entire set of committal values. 3. The method of claim 1 wherein storing each fragment on at least one data repository comprises storing each fragment at different geographic locations. 4. The method of claim 1 wherein storing each fragment on at least one data repository comprises storing each fragment at different physical locations on the at least one data repository. 5. The method of claim 1 wherein the at least one data repository comprises a distributed file system. 6. The method of claim 1 wherein the computational secret sharing scheme is selected from the group consisting of the Shamir, Blakley, and Krawczyk secret sharing schemes. 7. The method of claim 1 wherein computing the set of committal values and the set of decommittal values from the plurality of shares comprises employing a probabilistic commitment scheme. 8. The method of claim 1 wherein transmitting the produced fragments over the plurality of communication channels comprises transmitting each produced fragment over a different communication channel. 9. A method for securing data comprising; producing by a hardware processor a plurality of key shares by applying a secret sharing scheme to a cryptographic key; producing a plurality of ciphertext chunks from a ciphertext by applying an information dispersal algorithm to the ciphertext, wherein the ciphertext is created by encrypting the data with the cryptographic key; computing n committal values and a set of decommittal values by applying a commitment scheme to each of the key shares and ciphertext chunks, where n is an integer equal to or greater than two; producing a plurality of data fragments, wherein each data fragment is a function of a key share, a ciphertext chunk, a decommittal value, and at least two committal values of the n committal values; transmitting the plurality of data fragments over communication channels; and storing the data fragments on different logical storage devices, whereby the data is recoverable from a predefined number of the data fragments. 10. The method of claim 9 wherein storing the data fragments on different logical storage devices comprises storing the data fragments on different logical storage devices. 11. A non-transitory computer readable medium comprising instructions that, when executed by processing circuitry, cause a computer system to carry out a method for securing data, the method comprising: generating a plurality of fragments from the data; applying by a hardware processor a sharing mechanism of a computational secret sharing scheme to the data to produce a plurality of shares; computing a set of committal values and a set of decommittal values from the plurality of shares; producing each fragment in the plurality of fragments by combining a share, a decommittal value, and at least two committal values of the set of committal values; transmitting the produced fragments over a plurality of communication channels; and storing each fragment on at least one data repository. 12. The non-transitory computer readable medium of claim 11 wherein producing each fragment in the plurality of fragments comprises combining a share, a de committal value, and the entire set of committal values. 13. The non-transitory computer readable medium of claim 11 wherein storing each fragment on at least one data repository comprises storing each fragment at different geographic locations. 14. The non-transitory computer readable medium of claim 11 wherein storing each fragment on at least one data repository comprises storing each fragment at different physical locations on the at least one data repository. 15. The non-transitory computer readable medium of claim 11 wherein the at least one data repository comprises a distributed file system. 16. The non-transitory computer readable medium of claim 11 wherein the computational secret sharing scheme is selected from the group consisting of the Shamir, Blakley, and Krawczyk secret sharing schemes. 17. The non-transitory computer readable medium of claim 11 wherein computing the set of committal values and the set of decommittal values from the plurality of shares comprises employing a probabilistic commitment scheme. 18. The non-transitory computer readable medium of claim 11 wherein transmitting the produced fragments over the plurality of communication channels comprises transmitting each produced fragment over a different communication channel. 19. A non-transitory computer readable medium comprising instructions that, when executed by processing circuitry, cause a computer system to carry out a method for securing data comprising; producing by a hardware processor a plurality of key shares by applying a secret sharing scheme to a cryptographic key; producing a plurality of ciphertext chunks by applying an information dispersal algorithm to a ciphertext, wherein the ciphertext is created by encrypting the data with the cryptographic key; computing n committal values and a set of decommittal values by applying a commitment scheme to each of the key shares and ciphertext chunks, where n is an integer equal to or greater than two; producing a plurality of data fragments, wherein each data fragment is a function of a key share, a ciphertext chunk, a decommittal value, and at least two committal values of the n committal values; transmitting the data fragments over communication channels; and storing the data fragments on different logical storage devices, whereby the data is recoverable from a predefined number of the data fragments. 20. The non-transitory computer readable medium of claim 19 wherein storing the data fragments on different logical storage devices comprises storing the data fragments on different logical storage devices.
Assignees
Inventors
Classifications
involving a third party or a trusted authority · CPC title
using a plurality of keys or algorithms · CPC title
using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs · CPC title
Financial cryptography, e.g. electronic payment or e-cash · CPC title
Biological data, e.g. fingerprint, voice or retina (network architectures or network communication protocols for supporting authentication of entities using biometrical features in a packet data network H04L63/0861) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9407431B2 cover?
- A robust computational secret sharing scheme that provides for the efficient distribution and subsequent recovery of a private data is disclosed. A cryptographic key may be randomly generated and then shared using a secret sharing algorithm to generate a collection of key shares. The private data may be encrypted using the key, resulting in a ciphertext. The ciphertext may then be broken into c…
- Who is the assignee on this patent?
- Security First Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0816. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 02 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).