Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Security kernel or utility
Reexamination Certificate
1998-08-03
2002-03-26
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Security kernel or utility
Reexamination Certificate
active
06363481
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention pertains to data storage mechanisms. More particularly, this invention relates to secure data storage using distributed databases.
2. Background
As technology has advanced and the “information age” has grown, the need for data storage has become increasingly important. It is also increasingly becoming a requirement that such data storage be secure so that data confidentiality is maintained. Additionally, it is also becoming a requirement that storage of such data be fault-tolerant in order to insure against accidental loss of the data due to, for example, equipment failures.
Current mechanisms for providing secure data storage typically encrypt the data using an encryption key. Encryption typically requires that a user trying to access the data have an encryption key in order to decrypt the data. Thus, if the encryption key is compromised (e.g., stolen or “broken”), an unauthorized individual can access the data. While such systems can provide a significant amount of security, they are still vulnerable because compromising a single key provides an unauthorized individual with the protected data.
One solution to this problem is to separate a document into multiple pieces and encrypt each piece separately using the same or different encryption keys. This solution provides an additional level of security because possibly multiple keys must be compromised in order to access the entire data. However, this solution can still be problematic because compromising of a single key allows an entire piece of data to be accessible to the unauthorized user. For example, one piece of a document may be the most important (e.g., the body of a letter), so that having that one piece compromised and accessible to an unauthorized individual circumvents this additional level of security.
Thus, a need exists for an improved way to securely store data.
SUMMARY OF THE INVENTION
A method and apparatus for secure data storage using distributed databases is described herein. According to a method of the present invention, a first plurality of shares are generated, using a first threshold scheme, based on a block of data, with at least a subset of the first plurality of shares being needed to re-create the block of data. The first plurality of shares are then distributed to a plurality of distributed databases.
According to one embodiment, the block of data and/or the generated shares are encrypted using an encryption key. A second plurality of shares is also generated, using the same or a different threshold scheme, based on the encryption key, with at least a subset of the second plurality of shares being needed to re-create the encryption key. The second plurality of shares is then also distributed to the plurality of distributed databases.
REFERENCES:
patent: 4417338 (1983-11-01), Davida
patent: 5625692 (1997-04-01), Herzberg et al.
patent: 5675649 (1997-10-01), Brennan et al.
patent: 5764767 (1998-06-01), Beimel et al.
patent: 6035041 (2000-03-01), Frankel et al.
patent: 6052468 (2000-04-01), Hillhouse
Zheng et al. Reusing shares in secret sharing schemes. The Computer Journal. vol. 37, issue 3. 1994. pp. 199-205.*
Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed. Oct. 1995. sections 3.6-3.8 and 23.2.*
Shamir, Adi, “How to Share a Secret,” Communications of the ACM, Nov. 1979, vol. 22, No. 11, pp. 612-613.
Blakely , Sokoloff, Taylor & Zafman LLP
Hayes Gail
Nortel Networks Limited
Tucker Chris
LandOfFree
Method and apparatus for secure data storage using... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for secure data storage using..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for secure data storage using... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2860139