Secure data parser method and system
US-9047475-B2 · Jun 2, 2015 · US
Systems and methods for securing data in motion
US9589148B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9589148-B2 |
| Application number | US-201615223917-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 29, 2016 |
| Priority date | Mar 31, 2010 |
| Publication date | Mar 7, 2017 |
| Grant date | Mar 7, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for securing data, the method comprising: using a hardware processor for: determining that at least one share of a first set of data shares is unavailable for restoring an encrypted data set, wherein the first set of data shares was generated from the encrypted data set by using a split key, in response to determining that the at least one share is unavailable, retrieving a subset of the first set of data shares that were generated from the encrypted data set, the subset of shares including at least a minimum number less than all of the data shares necessary for restoring the encrypted data set, wherein the first set of shares is associated with a first authentication key, and generating a second set of data shares from the subset of data shares without decrypting the encrypted data set, wherein the second set of shares is associated with a second authentication key and comprises the at least one data share of the first set of data shares; and storing the at least one share. 2. The method of claim 1 , wherein generating the second set of data shares comprises: reconstructing the encrypted data set from the subset of data shares; and generating the second set of data shares from the encrypted data set without decrypting the encrypted data set. 3. The method of claim 1 , wherein the second set of data shares comprises at least one data share that is not included in the subset of data shares. 4. The method of claim 1 , wherein the second set of data shares comprises at least one data share that is not included in the first set of data shares. 5. The method of claim 1 , wherein the determining that at least one share of the first set of data shares is unavailable comprises determining that the at least one share has been compromised. 6. The method of claim 1 , wherein the determining that at least one share of the first set of data shares is unavailable comprises determining that a data storage device storing the at least one share is inaccessible. 7. The method of claim 1 , wherein the determining that at least one share of the first set of data shares is unavailable comprises determining that a data storage device storing the at least one share has failed. 8. The method of claim 1 , wherein the determining that at least one share of the first set of data shares is unavailable comprises determining that the at least one share has been corrupted. 9. The method of claim 1 , wherein the generating comprises: authenticating the subset of data shares with the first authentication key to obtain an authenticated subset of data shares; and reconstructing the encrypted data set from the authenticated subset of data shares using the split key. 10. The method of claim 9 , further comprising: retrieving headers associated with the subset of data shares; extracting a key encryption key from the retrieved headers; encrypting the second authentication key with the key encryption key; and storing the encrypted second authentication key within the headers of the second set of data shares. 11. The method of claim 1 , wherein each data share of the first set of data shares is based on a portion less than all of the encrypted data set. 12. The method of claim 1 , wherein the generating comprises reconstructing the encrypted data set using a first the split key and the first set of data shares without decrypting the first set of data shares to obtain a reconstructed encrypted data set. 13. The method of claim 12 , wherein the generating comprises generating the second set of data shares from the reconstructed encrypted data set using a second split key, wherein the second split key is different from the first split key. 14. The method of claim 1 , wherein storing the at least one share comprises storing the second set of data shares comprising the at least one share. 15. A system for securing data, comprising: a hardware processor configured to: determine that at least one share of a first set of data shares is unavailable for restoring an encrypted data set, wherein the first set of data shares was generated from the encrypted data set by using a split key; in response to determining that the at least one share is unavailable, retrieve a subset of the first set of data shares that were generated from the encrypted data set, the subset of shares including at least a minimum number less than all of the data shares necessary for restoring the encrypted data set, wherein the first set of shares is associated with a first authentication key; and generate a second set of data shares from the subset of data shares without decrypting the encrypted data set, wherein the second set of shares is associated with a second authentication key and comprises the at least one share of the first set of data shares. 16. The system of claim 15 , wherein the hardware processor is configured to generate the second set of data shares by: reconstructing the encrypted data set from the subset of data shares; and generating the second set of data shares from the encrypted data set without decrypting the encrypted data set. 17. The system of claim 15 , wherein the hardware processor is configured to generate the second set of data shares including at least one share that is not included in the subset of data shares. 18. The system of claim 15 , wherein the hardware processor is configured to generate the second set of data shares including at least one share that is not included in the first set of data shares. 19. The system of claim 15 , wherein the hardware processor is configured to determine that at least one share of the first set of data shares is unavailable by determining that the at least one share has been compromised. 20. The system of claim 15 , wherein the hardware processor is configured to determine that at least one share of the first set of data shares is unavailable by determining that a data storage device storing the at least one share is inaccessible. 21. The system of claim 15 , wherein the hardware processor is configured to determine that at least one share of the first set of data shares is unavailable by determining that a data storage device storing the at least one share has failed. 22. The system of claim 15 , wherein the hardware processor is configured to determine that at least one share of the first set of data shares is unavailable by determining that the at least one share has been corrupted. 23. The system of claim 15 , wherein the hardware processor is configured to generate a second set of data shares by: authenticating the subset of data shares with the first authentication key to obtain an authenticated subset of data shares; and reconstructing the encrypted data set from the authenticated subset of data shares using the split key. 24. The system of claim 23 , wherein the hardware processor is further configured to: retrieve headers associated with the subset of data shares; extract a key encryption key from the retrieved headers; encrypt the second authentication key with the key encryption key; and store the encrypted second authentication key within the headers of the second set of data shares. 25. The system of claim 15 , wherein each data share of the first set of data shares is based on a portion less than all of the encrypted data set. 26. The system of claim 15 , wherein the hardware processor is configured to generate a second set
Assignees
Inventors
Classifications
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
where protection concerns the structure of data, e.g. records, types, queries · CPC title
- G06F11/1076Primary
Parity data used in redundant arrays of independent storages, e.g. in RAID systems · CPC title
Auditing as a secondary aspect · CPC title
based on mutual exchange of the output between redundant processing components · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9589148B2 cover?
- The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise comm…
- Who is the assignee on this patent?
- Security First Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F11/1076. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 07 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).