Event management in distributed computing system
US-12155753-B2 · Nov 26, 2024 · US
Systems and methods for securing data in motion
US9516002B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9516002-B2 |
| Application number | US-201414253588-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 15, 2014 |
| Priority date | Nov 25, 2009 |
| Publication date | Dec 6, 2016 |
| Grant date | Dec 6, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Two approaches are provided for distributing trust among certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which a secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach of the present invention provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: establishing, using a hardware processor, a secure communication channel; establishing a plurality of secure communication tunnels within the secure communication channel, wherein the plurality of secure communication tunnels is established using certificates issued by a plurality of unique certificate authorities; dispersing data packets into a plurality of shares, wherein a share is encrypted using a key associated with the establishment of a first secure communication tunnel of the plurality of secure communication tunnels, and wherein the key associated with the establishment of the first secure communication tunnel is different from a key associated with the establishment of a second secure communication tunnel of the plurality of secure communication tunnels; and transmitting the share over the second secure communication tunnel, wherein the first secure communication tunnel is different than the second communication tunnel. 2. The method of claim 1 , further comprising: receiving the encrypted share; and decrypting the encrypted share based on the key associated with the establishment of the first secure communication tunnel. 3. The method of claim 1 , further comprising generating a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of root certificate authorities, and wherein the plurality of unique certificate authorities comprises the set of root certificate authorities. 4. The method of claim 1 , further comprising generating a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of minor certificate authorities, and wherein the plurality of unique certificate authorities comprises the set of minor certificate authorities. 5. The method of claim 1 , wherein the first secure communication tunnel and the second secure communication tunnel are established over different physical transport mediums. 6. The method of claim 5 , wherein at least one of physical transport mediums experiences a network failure, the method further comprising: establishing an additional secure communication tunnel within at least one operational physical transport medium; and transmitting the share over the additional secure communication tunnel. 7. The method of claim 1 , wherein associations between the plurality of secure communication tunnels and the unique certificate authorities are dynamic. 8. The method of claim 1 , wherein the plurality of secure communication tunnels are established based on the Transport Layer Security protocol. 9. The method of claim 1 , further comprising: generating a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of minor certificate authorities; and encrypting each one of the plurality of shares based on a certificate issued by a unique minor certificate authority of the certificate authority hierarchy. 10. The method of claim 1 , wherein a second share is encrypted using the key associated with the establishment of the second secure communication tunnel, and further comprising transmitting the second share over the first secure communication tunnel. 11. A system comprising a hardware processor configured to: establish a secure communication channel; establish a plurality of secure communication tunnels within the secure communication channel, wherein the plurality of secure communication tunnels is established using certificates issued by a plurality of unique certificate authorities; disperse data packets into a plurality of shares, wherein a share is encrypted using a key associated with the establishment of a first secure communication tunnel of the plurality of secure communication tunnels, and wherein the key associated with the establishment of the first secure communication tunnel is different from a key associated with the establishment of a second secure communication tunnel of the plurality of secure communication tunnels; and transmit the share over the second secure communication tunnel, wherein the first secure communication tunnel is different than the second communication tunnel. 12. The system of claim 11 , wherein the hardware processor is further configured to: receive the encrypted share; and decrypt the encrypted share based on the key associated with the establishment of the first secure communication tunnel. 13. The system of claim 11 , wherein the hardware processor is further configured to generate a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of root certificate authorities, and wherein the plurality of unique certificate authorities comprises the set of root certificate authorities. 14. The system of claim 11 , wherein the hardware processor is further configured to generate a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of minor certificate authorities, and wherein the plurality of unique certificate authorities comprises the set of minor certificate authorities. 15. The system of claim 11 , wherein the first secure communication tunnel and the second secure communication tunnel are established over different physical transport mediums. 16. The system of claim 15 , wherein at least one of physical transport mediums experiences a network failure, the hardware processor further configured to: establish an additional secure communication tunnel within at least one operational physical transport medium; and transmit the share over the additional secure communication tunnel. 17. The system of claim 11 , wherein associations between the plurality of secure communication tunnels and the unique certificate authorities are dynamic. 18. The system of claim 11 , wherein the plurality of secure communication tunnels are established based on the Transport Layer Security protocol. 19. The system of claim 11 , wherein the hardware processor is further configured to: generate a certificate authority hierarchy, wherein the certificate authority hierarchy comprises a set of minor certificate authorities; and encrypt each one of the plurality of shares based on a certificate issued by a unique minor certificate authority of the certificate authority hierarchy. 20. The system of claim 11 , wherein a second share is encrypted using the key associated with the establishment of the second secure communication tunnel, and wherein the hardware processor is further configured to transmit the second share over the first secure communication tunnel. 21. A non-transitory computer-readable medium comprising instructions that, when executed by processing circuitry, cause a computer system to carry out a method for secure workgroup communication, the method comprising: establishing, using a hardware processor, a secure communication channel; establishing a plurality of secure communication tunnels within the secure communication channel, wherein the plurality of secure communication tunnels is established using certificates issued by a plurality of unique certificate authorities; dispersing data packets into a plurality of shares, wherein a share is encrypted using a key associated with the establishment of a first secure communication tunnel of the plurality of secure communication tunnels, and wherein the key associated with the establishment of the first secure communication tunnel is different from a key associated with the establishment of a second secure communication tunnel of the plu
Assignees
Inventors
Classifications
- H04L63/062Primary
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
Secret sharing or secret splitting, e.g. threshold schemes · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9516002B2 cover?
- Two approaches are provided for distributing trust among certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which a secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach of the pre…
- Who is the assignee on this patent?
- Security First Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/062. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 06 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).