Handling a query from a requestor by a digital assistant where results include a data portion restricted for the requestor
US-12182205-B2 · Dec 31, 2024 · US
Secure data parser method and system
US9613220B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9613220-B2 |
| Application number | US-201113024804-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 10, 2011 |
| Priority date | Sep 20, 1999 |
| Publication date | Apr 4, 2017 |
| Grant date | Apr 4, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for securely storing and retrieving data, the method comprising: receiving, using an electronic computing system, a write request that specifies primary data to be stored; generating, using the electronic computing system, a plurality of secondary data units by distributing the primary data in the plurality of secondary data units based on performing a cryptographic operation on the primary data, such that the primary data can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than a total number of the secondary data units; encrypting each of the secondary data units with a respective encryption key; storing each of the secondary data units together with the respective encryption key used to encrypt the secondary data unit; causing the secondary data units to be stored on different storage devices; and storing separately from the secondary data units one or more keys used to secure the primary data. 2. The method of claim 1 , wherein the secondary data units are secured based on a workgroup key associated with a group of users, and the one or more keys include the workgroup key. 3. The method of claim 2 , further comprising storing the workgroup key on a key management server separate from the electronic computer system and the different storage devices. 4. The method of claim 1 , wherein the plurality of secondary data units contain a substantially random distribution of the primary data. 5. The method of claim 1 , further comprising encrypting the primary data prior to generating the plurality of secondary data units from the primary data. 6. The method of claim 1 , further comprising encrypting each of the secondary data units with a respective encryption key, wherein the one of the one or more keys include the encryption keys, and storing each of the encryption keys separately from the secondary data unit encrypted using said encryption key. 7. The method of claim 1 , further comprising encrypting at least one of the primary data and the secondary data units. 8. An electronic computing device for securely storing and retrieving data, the electronic computing device comprising: a programmed hardware processor configured to: receive a primary write request that specifies primary data to be stored; cause the electronic computing device to generate a plurality of secondary data units by distributing the primary data in the plurality of secondary data units based on performing a cryptographic operation on the primary data, such that the primary data can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than a total number of the secondary data units; encrypt each of the secondary data units with a respective encryption key; store each of the secondary data units together with the respective encryption key used to encrypt the secondary data unit; and send secondary write requests to a plurality of storage devices, wherein the secondary write requests cause the secondary data units to be stored on different storage devices and cause the plurality of storage devices to store separately from the secondary data units one or more keys used to secure the primary data. 9. The electronic computing device of claim 8 , wherein the programmed hardware processor is further configured to encrypt each of the secondary data units with a different key. 10. The electronic computing device of claim 8 , wherein the secondary data units are secured based on a workgroup key associated with a group of users, and the one or more keys include the workgroup key. 11. The electronic computing device of claim 10 , wherein the programmed hardware processor is further configured to store the workgroup key on a key management server separate from the electronic computer system and the different storage devices. 12. The electronic computing device of claim 8 , wherein the plurality of secondary data units contain a substantially random distribution of the primary data. 13. The electronic computing device of claim 8 , wherein the programmed hardware processor is further configured to cause the electronic computing device to encrypt the primary data prior to generating the plurality of secondary data units from the primary data. 14. The electronic computing device of claim 8 , wherein the programmed hardware processor is further configured to cause the electronic computing device to encrypt each of the secondary data units with a respective encryption key, wherein the one of the one or more keys include the encryption keys, and store each of the encryption keys separately from the secondary data unit encrypted using said encryption key. 15. The electronic computing device of claim 8 , further comprising a data encryption module that encrypts at least one of the primary data and the secondary data units. 16. A non-transitory computer-readable storage medium comprising instructions that, when executed by an electronic computing device, cause the electronic computing device to: receive a primary write request from a client computing device via an electronic communications network, the primary write request specifying primary data to be stored; generate a plurality of secondary data units by distributing the primary data in the plurality of secondary data units based on performing a cryptographic operation on the primary data, such that the primary data can be reconstructed using any subset of the secondary data units that includes at least a minimum number of secondary data units and cannot be reconstructed using any subset of the secondary data units that includes fewer than the minimum number of secondary data units, wherein the minimum number of secondary data units is less than a total number of the secondary data units; encrypt each of the secondary data units with a respective encryption key; store each of the secondary data units together with the respective encryption key used to encrypt the secondary data unit; send secondary write requests to different storage devices, wherein the secondary write requests cause the secondary data units to be stored on the different storage devices, and wherein each of the storage devices store fewer than the minimum number of secondary data units; and send secondary write requests to the different storage devices to store separately from the secondary data units one or more keys used to secure the primary data. 17. The non-transitory computer-readable storage medium of claim 16 , further comprising instructions that, when executed by the electronic computing device, cause the electronic computing device to secure the secondary data units based on a workgroup key associated with a group of users, and the one or more keys include the workgroup key. 18. The non-transitory computer-readable storage medium of claim 17 , further comprising instructions that, when executed by the electronic computing device, cause the electronic computing device to store the workgroup key on a key management server separate from the electronic computer device and the different storage device
Assignees
Inventors
Classifications
Payment circuits · CPC title
for controlling access to devices or network resources · CPC title
involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] · CPC title
Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9613220B2 cover?
- The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also use…
- Who is the assignee on this patent?
- O'Hare Mark S, Orsini Rick L, Van Zandt John, and 2 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/62. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 04 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).