Video surveillance systems using out of band key exchange
US-12177293-B2 · Dec 24, 2024 · US
Secure data parser method and system
US9985932B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9985932-B2 |
| Application number | US-201213468428-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 10, 2012 |
| Priority date | Oct 25, 2004 |
| Publication date | May 29, 2018 |
| Grant date | May 29, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.
First claim
Opening claim text (preview).
What is claimed is: 1. A secure storage network comprising: a plurality of physical storage devices storing thereon a plurality of shares; and a secure storage system configured to: present to a client device a virtual disk, the virtual disk comprising a directory mapped to the plurality of physical storage devices such that physical locations of the shares are hidden from the client device; receive a request from the client device via the network to store data to the virtual disk, receive the data via the network; encrypt the data and split the data into the plurality of shares, wherein each of the plurality of shares comprises a subset of less than all of the data, and wherein splitting the data comprises rearranging the subset in each respective share from an original order, and wherein the plurality of shares includes data indicative of a key used to secure the data; store the plurality of shares on the plurality of physical storage devices; and receive a request from the client device to read second data from the virtual disk via the network, wherein the secure storage system responds by: reading the second data from the virtual disk by reconstituting the second data from at least a portion of a second plurality of shares on the plurality of physical storage devices; and sending the second data via the network to the client device. 2. The secure storage network of claim 1 , wherein the secure storage system stores the data by distributing the data in the plurality of shares. 3. The secure storage network of claim 1 , wherein the secure storage system includes a network attached storage module within an application layer. 4. The secure storage network of claim 3 , wherein the network attached storage module communicates with the client device via the network. 5. The secure storage network of claim 3 , wherein the virtual disk is presented to the application layer as a local disk. 6. A secure storage system, the system comprising: a memory; a programmed hardware processor configured to: present to a client device a virtual disk, the virtual disk comprising a directory mapped to a plurality of physical storage devices such that physical locations of a plurality of shares are hidden from the client device; receive a request from the client device via a network to store data to the virtual disk; receive, in response to receiving the request, the data via the network; encrypt the data and split the data into the plurality of shares, wherein each of the plurality of shares comprises a subset of less than all of the data, and wherein splitting the data comprises rearranging the subset in each respective share from an original order, and wherein the plurality of shares includes data indicative of a key used to secure the data; store the plurality of shares on the plurality of physical storage devices; receive a request from the client device to read second data from the virtual disk via the network, wherein the secure storage responds by: reading the second data from the virtual disk by reconstituting the second data from at least a portion of a second plurality of shares on the plurality of physical storage devices; and sending the second data to the client device via the network. 7. The secure storage system of claim 6 , wherein: the secure storage system includes an application layer capable of connecting to the client device using the network; and the client device communicates with the application layer through the network. 8. The secure storage system of claim 6 , wherein: the programmed hardware processor is configured to store the data by distributing the data in the plurality of shares; and the programmed hardware processor is further configured to perform a reconstitution operation to reconstitute the data from the plurality of shares. 9. The secure storage system of claim 7 , wherein the virtual disk is presented to the application layer as a local disk. 10. A method of securely storing data on a network having a client device connected to a secure storage system via a network, the method comprising: presenting a virtual disk via the network, wherein the virtual disk comprises a directory mapped to a plurality of physical storage devices such that physical locations of a plurality of shares are hidden from the client device; receiving a request to write data to the virtual disk via the network; and writing the data to the virtual disk by encrypting the data and splitting the data into the plurality of shares, wherein each of the plurality of shares comprises a subset of less than all of the data, and wherein splitting the data comprises rearranging the subset in each respective share from an original order, and wherein the plurality of shares include data indicative of a key used to secure the data; storing the plurality of shares on the plurality of physical storage devices; receiving a request to read second data from the virtual disk via the network; reading the second data from the virtual disk by reconstituting the second data from at least a portion of a second plurality of shares; and sending the second data to the client device via the network. 11. The method of claim 10 , wherein splitting the data comprises distributing the data into the plurality of shares. 12. The method of claim 10 , wherein data sent across the network is secured by splitting and encrypting operations. 13. A method of securely accessing data the method comprising: presenting, by processing circuitry, to a client device a virtual disk via a network, wherein the virtual disk comprises a directory mapped to a plurality of physical storage devices storing thereon a plurality of shares such that physical locations of the plurality of shares are hidden from the client device; receiving a request from the client device to read data from the virtual disk via the network; reading the data from the virtual disk by reconstituting the data from at least a portion of the plurality of shares, each of the plurality of shares comprising a subset of less than all of the data, and wherein splitting the data comprises rearranging the subset in each respective share from an original order, and wherein the plurality of shares include data indicative of a key used to secure the data; receiving a request to write second data to the virtual disk via the network; encrypting the data and splitting the second data into a second plurality of shares; and storing the second plurality of shares on the plurality of physical storage devices. 14. The method of claim 13 , wherein splitting the data comprises distributing the data into the plurality of shares. 15. The secure storage network of claim 1 , wherein the subset is rearranged using at least one of a deterministic technique, a random technique, and pseudo-random technique. 16. The secure storage system of claim 6 , wherein the subset is rearranged using at least one of a deterministic technique, a random technique, and pseudo-random technique. 17. The method of claim 10 , wherein the subset is rearranged using at least one of a deterministic technique, a random technique, and pseudo-random technique. 18. The method of claim 13 , wherein the subset is rearranged using at least one of a deterministic technique, a random technique, and pseudo-random technique.
Assignees
Inventors
Classifications
characterised by resources being split in blocks or fragments · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
- H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9985932B2 cover?
- A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to pr…
- Who is the assignee on this patent?
- Ohare Mark S, Orsini Rick L, Davenport Roger S, and 2 more
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 29 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).