Information processing system
US-2024248797-A1 · Jul 25, 2024 · US
Systems and methods for securing data in motion
US9443097B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9443097-B2 |
| Application number | US-201113077770-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 31, 2011 |
| Priority date | Mar 31, 2010 |
| Publication date | Sep 13, 2016 |
| Grant date | Sep 13, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for securing data, the method comprising: receiving, using a programmed hardware processor, a first set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first split key, wherein: (1) the first set of data shares includes at least a minimum number less than all of a plurality of data shares generated from the encrypted data set, and (2) each data share of the first set of data shares is based on a portion less than all of the encrypted data set; and in response to detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set: (a) reconstructing the encrypted data set using the first split key and the first set of data shares without decrypting the first set of data shares to obtain a reconstructed encrypted data set, and (b) generating a second set of data shares from the reconstructed encrypted data set using a second split key without decrypting the reconstructed encrypted data set, wherein the second split key is different from the first split key retrieving headers associated with the first set of data shares; extracting a key encryption key from the retrieved headers; encrypting an authentication key with the key encryption key; and storing the encrypted authentication key within headers of the second set of data shares. 2. The method of claim 1 , further comprising detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set in response to a determination that one or more of the first set of data shares have been compromised. 3. The method of claim 1 , further comprising storing at least one data share of the second set of data shares on a storage network. 4. The method of claim 3 , wherein the storing comprises storing the at least one data share on a storage network that includes one of a private cloud, a public cloud, a hybrid cloud, a removable storage device, and a mass storage device. 5. The method of claim 1 , wherein the reconstructing comprises: authenticating the first set of data shares with a first authentication key to obtain an authenticated first set of data shares; and reconstructing the encrypted data set from the authenticated first set of data shares using the first split key. 6. The method of claim 5 , further comprising authenticating the second set of data shares with a second authentication key. 7. The method of claim 6 , further comprising: encrypting the second authentication key with the key encryption key; and storing the encrypted second authentication key within headers of the second set of data shares. 8. The method of claim 1 , further comprising: encrypting the second split key with the key encryption key; and storing the encrypted second split key within headers of the second set of data shares. 9. A method for securing data, the method comprising: receiving, using a programmed hardware processor, a first set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first encryption key, wherein: (1) the first set of data shares includes at least a minimum number less than all of a plurality of data shares generated from the encrypted data set, (2) the first set of data shares is associated with a first authentication key, and (3) each data share of the first set of data shares is based on a portion less than all of the encrypted data set; and in response to detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set: (a) reconstructing the encrypted data set using the first authentication key and the first set of data shares without decrypting the first set of data shares to obtain a reconstructed encrypted data set, (b) generating a second set of data shares from the reconstructed encrypted data set without decrypting the reconstructed encrypted data set, and (c) rekeying the second set of data shares by associating the second set of data shares with a second authentication key, wherein the second authentication key is different from the first authentication key retrieving headers associated with the first set of data shares; extracting a key encryption key from the retrieved headers; encrypting the second authentication key with the key encryption key; and storing the encrypted second authentication key within headers of the second set of data shares. 10. The method of claim 9 , further comprising storing at least one data share of the second set of data shares on a storage network. 11. The method of claim 10 , wherein the storing comprises storing the at least one data share on a storage network that includes one of a private cloud, a public cloud, a hybrid cloud, a removable storage device, and a mass storage device. 12. A system for securing data, the system comprising: a programmed hardware processor; and a non-transitory computer readable medium storing computer executable instructions that, when executed by the processing circuitry, cause the computer system to carry out a method for securing data, the method comprising: receiving a first set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first split key, wherein: (1) the first set of data shares includes at least a minimum number less than all of a plurality of data shares generated from the encrypted data set, and (2) each data share of the first set of data shares is based on a portion less than all of the encrypted data set; and in response to detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set: (a) reconstructing the encrypted data set using the first split key and the first set of data shares without decrypting the first set of data shares to obtain a reconstructed encrypted data set, and (b) generating a second set of data shares from the reconstructed encrypted data set using a second split key without decrypting the reconstructed encrypted data set, wherein the second split key is different from the first split key retrieving headers associated with the first set of data shares; extracting a key encryption key from the retrieved headers; encrypting an authentication key with the key encryption key; and storing the encrypted authentication key within headers of the second set of data shares. 13. The system of claim 12 , further comprising detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set in response to a determination that one or more of the first set of data shares have been compromised. 14. The system of claim 12 , wherein the method further comprises storing at least one data share of the second set of data shares on a storage network. 15. The system of claim 14 , wherein the storing comprises storing the at least one data share on a storage network that includes one of a private cloud, a public cloud, a hybrid cloud, a removable storage device, and a mass storage device. 16. The system of claim 12 , wherein the reconstructing comprises: authenticating the first set of data shares with a first authentication key to obtain an authenticated first set of data shares; and reconstructing the encrypted data set from the authenticated first set of data shares using the first split key. 17. The system of claim 16 , wherein the method further comprises authenticating the second set of data shares with a second authentication key. 18
Assignees
Inventors
Classifications
in cryptographic circuits · CPC title
- G06F11/1076Primary
Parity data used in redundant arrays of independent storages, e.g. in RAID systems · CPC title
Redundant storage or storage space (G06F11/2056 takes precedence) · CPC title
where protection concerns the structure of data, e.g. records, types, queries · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9443097B2 cover?
- The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise comm…
- Who is the assignee on this patent?
- O'Hare Mark S, Orsini Rick L, Security First Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F11/1076. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 13 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).