US 8904194

US Patent 8904194: Secure Data Parser Method and System

Title: Secure data parser method and system
Assignee: Security First Innovations LLC (Current), Security First Corp (Original)
Inventors: Rick L. Orsini, Mark S. O'Hare, Roger S. Davenport, Steven Winick
Filing Date: 2012-05-10
Issue Date: 2014-12-02
Abstract: A secure data parser method and system is provided for securing data from unauthorized access or use. The method and system provide for parsing, splitting and/or separating the data to be secured into two or more portions. The portions may be encrypted. The portions may be stored in one or more locations. The system also comprises a data splitting module, a cryptographic handling module, and, optionally, a data assembly module.

Plain-Language Overview of Independent Claims:

Independent Claim 1:
Claim 1 describes a method for securing data. It involves taking the data and parsing it into at least two separate portions. These portions are then encrypted, and the encrypted portions are stored in multiple, distinct data storage facilities. Crucially, each individual data storage facility only holds a portion of the encrypted data, and this single portion is insufficient on its own to reconstruct the original data. The method also includes reassembling these stored portions to recreate the original data when authorized access is granted.

Independent Claim 14:
Claim 14 outlines a system for securing data. This system comprises multiple, distinct data storage facilities, each equipped with a computer-accessible storage medium. These facilities are designed to store portions of data to be secured. The core of the system includes a data splitting module that divides the original data into at least two portions, encrypts them, and distributes them such that no single storage facility can reconstruct the original data. There is also a data assembly module that works to process and reassemble the portions from these storage facilities to recreate the original data. A cryptographic handling module is included to encrypt and decrypt the data. The system is configured so that when data is reconstituted for use by an authorized user, the original data only exists in a usable form within the cryptographic handling module, thus preventing its broader exposure.

Independent Claim 22:
Claim 22 describes a secure cryptographic system, potentially accessible remotely. It includes a depository system with at least one server configured to store private cryptographic keys and enrollment authentication data for multiple users. Each user is linked to one or more of these private keys. The system also has an authentication engine that compares a user's current authentication data with their stored enrollment data, producing an authentication result. Furthermore, a cryptographic engine, upon successful authentication, performs cryptographic functions for the user using their associated private keys, without ever releasing these private keys to the user. A transaction engine routes data between users, the depository system, and the authentication and cryptographic engines.

Independent Claim 30:
Claim 30 presents a method for facilitating cryptographic functions. It begins by associating a user with one or more private cryptographic keys stored securely on a server. The method then involves receiving authentication data from the user and verifying their identity by comparing it to corresponding stored authentication data. Finally, the system utilizes the associated private keys to perform cryptographic functions on behalf of the user, critically, without ever releasing these private keys to the user.

Independent Claim 38:
Claim 38 describes a system for secure authentication. This system features multiple authentication engines. Each engine receives enrollment authentication data to uniquely identify a user and current authentication data for comparison, subsequently determining an authentication result. A key component is a redundancy system that receives authentication results from at least two of these authentication engines and then determines, based on these multiple results, whether the user has been uniquely identified.

Independent Claim 46:
Claim 46 outlines a method for securely storing data, specifically authentication data, in geographically remote secure data storage facilities to protect against compromise of any single facility. The method involves receiving data at a trust engine, combining this data with a first random value to create a first combined value, and also combining the data with a second random value to create a second combined value. It then creates a first pairing of the first random value with the second combined value and a second pairing of the first random value with the second random value. One of these pairings is stored in a first computer-accessible storage medium, and the other pairing is stored in a second computer-accessible storage medium, which is located remotely from the first.

No information regarding US patent 8904194 was found in the CAFC 2026 dockets through the conducted search.