| 发明名称 | Systems and methods for securing data in motion | ||
| 摘要 | The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access. | ||
| 申请公布号 | US9443097(B2) | 申请公布日期 | 2016.09.13 |
| 申请号 | US201113077770 | 申请日期 | 2011.03.31 |
| 申请人 | Security First Corp. | 发明人 | O'Hare Mark S.;Orsini Rick L. |
| 分类号 | G06F21/62;G06F11/10;G06F21/60;H04L9/08;H04L29/06;G06F21/72;H04L29/08;G06F11/18;G06F11/20 | 主分类号 | G06F21/62 |
| 代理机构 | Ropes & Gray LLP | 代理人 | Ropes & Gray LLP |
| 主权项 | 1. A method for securing data, the method comprising: receiving, using a programmed hardware processor, a first set of data shares that were generated from an encrypted data set by an information dispersal algorithm using a first split key, wherein: (1) the first set of data shares includes at least a minimum number less than all of a plurality of data shares generated from the encrypted data set, and(2) each data share of the first set of data shares is based on a portion less than all of the encrypted data set; and in response to detecting that one or more of the plurality of data shares is unavailable for restoring the encrypted data set: (a) reconstructing the encrypted data set using the first split key and the first set of data shares without decrypting the first set of data shares to obtain a reconstructed encrypted data set, and(b) generating a second set of data shares from the reconstructed encrypted data set using a second split key without decrypting the reconstructed encrypted data set, wherein the second split key is different from the first split key retrieving headers associated with the first set of data shares; extracting a key encryption key from the retrieved headers; encrypting an authentication key with the key encryption key; and storing the encrypted authentication key within headers of the second set of data shares. | ||
| 地址 | Rancho Santa Margarita CA US | ||