公开(公告)号：US11068609B2

公开(公告)日：2021-07-20

申请号：US16658506

申请日：2019-10-21

申请人： Security First Corp.

发明人： Mark S. O'Hare ,  Rick L. Orsini ,  Roger S. Davenport ,  Steven Winick

IPC分类号： G06F21/62 ,  H04L9/32 ,  H04L9/08 ,  H04L29/06

摘要： A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

公开(公告)号：US20190052463A1

公开(公告)日：2019-02-14

申请号：US16036749

申请日：2018-07-16

申请人： Security First Corp.

发明人： Mark S. O'Hare ,  Rick L. Orsini ,  Don Martin

IPC分类号： H04L9/32 ,  H04L29/08 ,  G06F21/31 ,  H04L9/08 ,  G06Q40/08 ,  H04L29/06 ,  G06F21/64 ,  G06F21/62 ,  G06F21/60 ,  G06F21/33 ,  G06F21/32

CPC分类号： H04L9/321 ,  G06F21/31 ,  G06F21/32 ,  G06F21/33 ,  G06F21/606 ,  G06F21/6209 ,  G06F21/6218 ,  G06F21/645 ,  G06F2221/2107 ,  G06Q40/08 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/085 ,  H04L9/0894 ,  H04L9/3231 ,  H04L9/3247 ,  H04L63/0428 ,  H04L67/1097

摘要： Systems and methods are provided for securely sharing data. A processor forms two or more shares of a data set encrypted with a symmetric key, the data set associated with a first user device, and causes the encrypted data set shares to be stored separately from each other in at least one remote storage location. The processor generates first and second encrypted keys by encrypting data indicative of the symmetric key with a first asymmetric key of first and second asymmetric key pairs associated with the first user device and a second user device, respectively, and causes the encrypted key to be stored in the at least one storage location. To restore the data set, a predetermined number of the two or more encrypted data set shares and at least one of the second asymmetric keys of the first and second asymmetric key pairs are needed.

公开(公告)号：US20190026479A1

公开(公告)日：2019-01-24

申请号：US16127066

申请日：2018-09-10

申请人： Security First Corp.

发明人： Mark S. O'Hare ,  Rick L. Orsini ,  John VanZandt ,  Roger S. Davenport

IPC分类号： G06F21/62 ,  G06F21/31 ,  H04L9/08 ,  G06F21/60 ,  H04L9/32 ,  H04L29/06 ,  G07F7/10 ,  G06Q20/38 ,  G06Q20/12 ,  G06Q20/04 ,  G06Q20/02 ,  G06F21/41 ,  G06F21/40 ,  G06F21/33 ,  G06F21/32

摘要： The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.

公开(公告)号：US10068103B2

公开(公告)日：2018-09-04

申请号：US13866452

申请日：2013-04-19

申请人： Security First Corp.

发明人： Mark S. O'Hare ,  Rick L. Orsini

IPC分类号： H04L29/06 ,  G06F21/62 ,  G06F11/10 ,  G06F21/60 ,  H04L9/08 ,  G06F21/72 ,  H04L29/08 ,  G06F11/18 ,  G06F11/20

摘要： The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access.

公开(公告)号：US10027484B2

公开(公告)日：2018-07-17

申请号：US14749172

申请日：2015-06-24

申请人： Security First Corp.

发明人： Mark S. O'Hare ,  Rick L. Orsini ,  Don Martin

IPC分类号： H04L9/32 ,  H04L9/08 ,  H04L29/06 ,  G06Q40/08 ,  H04L29/08 ,  G06F21/62 ,  G06F21/31 ,  G06F21/32 ,  G06F21/33 ,  G06F21/60 ,  G06F21/64

摘要： Systems and methods are provided for securely sharing data. A processor forms two or more shares of a data set encrypted with a symmetric key, the data set associated with a first user device, and causes the encrypted data set shares to be stored separately from each other in at least one remote storage location. The processor generates first and second encrypted keys by encrypting data indicative of the symmetric key with a first asymmetric key of first and second asymmetric key pairs associated with the first user device and a second user device, respectively, and causes the encrypted key to be stored in the at least one storage location. To restore the data set, a predetermined number of the two or more encrypted data set shares and at least one of the second asymmetric keys of the first and second asymmetric key pairs are needed.

公开(公告)号：US20170286669A1

公开(公告)日：2017-10-05

申请号：US15352094

申请日：2016-11-15

申请人： Security First Corp.

发明人： Mark S. O'Hare ,  Matthew Staker ,  John Robert Mumaugh ,  Rick L. Orsini

IPC分类号： G06F21/53 ,  G06F21/62

CPC分类号： G06F21/53 ,  G06F9/45558 ,  G06F21/60 ,  G06F21/6281 ,  G06F2009/45587 ,  H04L63/0823

摘要： Systems and methods are provided for securing data in virtual machine computing environments. A request is received for a security operation from a first virtual machine operating in a host operating system of a first device. In response to receiving the request, a first security module executes the security operation, the first security module implemented in a kernel of the host operating system. The result of the security operation is provided to the first virtual machine.

公开(公告)号：US09529998B2

公开(公告)日：2016-12-27

申请号：US14749058

申请日：2015-06-24

申请人： Security First Corp.

发明人： Mark S. O'Hare ,  Rick L. Orsini ,  John R. Mumaugh ,  Matt Staker

IPC分类号： G06F3/00 ,  G06F21/53 ,  G06F21/62 ,  G06F9/455 ,  G06F21/60 ,  H04L29/06

CPC分类号： G06F21/53 ,  G06F9/45558 ,  G06F21/60 ,  G06F21/6281 ,  G06F2009/45587 ,  H04L63/0823

摘要： Systems and methods are provided for securing data in virtual machine computing environments. A request is received for a security operation from a first virtual machine operating in a host operating system of a first device. In response to receiving the request, a first security module executes the security operation, the first security module implemented in a kernel of the host operating system. The result of the security operation is provided to the first virtual machine.

公开(公告)号：US09516002B2

公开(公告)日：2016-12-06

申请号：US14253588

申请日：2014-04-15

申请人： Security First Corp.

发明人： Mark S. O'Hare ,  Rick L. Orsini ,  Stephen C. Bono ,  Gabriel D. Landau ,  Seth James Nielson

IPC分类号： H04L9/00 ,  H04L29/06 ,  H04L12/46 ,  G06F21/60 ,  H04L9/08 ,  H04L9/32

CPC分类号： H04L63/062 ,  G06F21/602 ,  H04L9/00 ,  H04L9/0816 ,  H04L9/085 ,  H04L9/3263 ,  H04L12/4641 ,  H04L63/0272 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0823

摘要： Two approaches are provided for distributing trust among certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which a secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach of the present invention provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.

摘要翻译： 提供了两种方法，用于在证书颁发机构之间分配信任。 每种方法都可用于保护运动中的数据。 一种方法提供了方法和系统，其中安全数据解析器用于在两个设备之间的连接的初始协商（例如，密钥建立阶段）期间分发一组证书颁发机构中的信任。 本发明的另一种方法提供了使用安全数据解析器将数据包分散到共享中的方法和系统。 在通信信道内建立一组隧道，使用一组证书机构，在建立隧道期间开发的密钥用于加密每条隧道的数据共享，数据共享通过每个隧道传输 。 因此，在通信信道本身的结构中的一组认证机构中分配信任。

公开(公告)号：US09264224B2

公开(公告)日：2016-02-16

申请号：US14247971

申请日：2014-04-08

申请人： Security First Corp.

发明人： Mark S. O'Hare ,  Rick L. Orsini ,  Gabriel D. Landau ,  Matthew Staker ,  William Yakamovich

IPC分类号： G06F21/62 ,  H04L9/08 ,  H04L9/32

CPC分类号： G06F21/6209 ,  G06F21/6218 ,  G06F2221/2107 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/3231 ,  H04L9/3268 ,  H04L63/10 ,  H04L63/102 ,  H04L2209/24 ,  H04L2209/42 ,  H04L2209/56 ,  H04L2209/80

摘要： Systems and methods are provided for creating and using a sharable file-level key to secure data files. The file-level key is generated based on a workgroup key associated with the data file and unique information associated with the data file. The file-level key may be used to encrypt and split data. Systems and methods are also provided for sharing data without replicating the data on an end user machine. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.

摘要翻译： 提供了系统和方法来创建和使用可共享的文件级密钥来保护数据文件。 基于与数据文件相关联的工作组密钥和与数据文件相关联的唯一信息生成文件级密钥。 文件级密钥可用于加密和分割数据。 还提供了系统和方法来共享数据，而不在最终用户机器上复制数据。 数据在外部/消费者网络和企业/生产者网络上进行加密和拆分。 使用由企业/生产者网络中的服务器生成的计算图像来提供对数据的访问，然后分发给外部/消费者网络的最终用户。 该计算图像可以包括提供指向数据的指针的预加载文件。 为了外部/消费者网络的用户访问数据，不需要对企业/生产者网络上的数据进行访问或复制。

公开(公告)号：US09213857B2

公开(公告)日：2015-12-15

申请号：US13866411

申请日：2013-04-19

申请人： Security First Corp.

发明人： Mark S. O'Hare ,  Rick L. Orsini

IPC分类号： H04L29/06 ,  G06F21/62 ,  G06F11/10 ,  G06F21/60 ,  H04L9/08 ,  G06F21/72 ,  H04L29/08 ,  G06F15/16 ,  H04N7/167 ,  G06F11/18 ,  G06F11/20

CPC分类号： G06F21/6218 ,  G06F11/1076 ,  G06F11/182 ,  G06F11/2094 ,  G06F21/60 ,  G06F21/602 ,  G06F21/6227 ,  G06F21/72 ,  G06F2221/2101 ,  G06F2221/2107 ,  H04L9/085 ,  H04L9/0894 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/0861 ,  H04L67/1097

摘要： The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access.

摘要翻译： 本发明的系统和方法提供了一种解决方案，使得数据可靠地安全和可访问 - 在位级别处理数据安全性，从而消除对多周边硬件和软件技术的需要。 将数据安全性直接并入或编织在位级别的数据中。 本发明的系统和方法使企业社区能够利用共同的企业基础架构。 由于安全性已经被编入数据，因此可以使用这种通用的基础架构，而不会影响数据安全性和访问控制。 在某些应用中，数据在被发送到多个位置（例如私有云或公共云）之前被认证，加密和解析或分割成多个共享。 数据在传输到存储位置时被隐藏，并且对于没有正确凭据进行访问的用户无法访问。