Abstract: Described herein are techniques related to shielding data in transit and in memory. A method and system for shielding data in transit and in memory may include using a transformation knowledge key (TKK). For shielding data in transit, the TKK is configured to include a splitting algorithm component that is configured to split a message into N segments of shielded data and route the N segments via M communications paths, where M and N are integers greater than 1. For shielding data in memory, the memory is segmented into M memory blocks. The splitting algorithm component of the TKK is configured to split data into N segments of shielded data and store the N segments of shielded data in the M memory blocks. The TKK is reused to unshield and reconstruct the original message or the data from the N segments of shielded data.

Abstract: Described herein are techniques related to shielding data, thereby enabling the shielded data to be distributively placed in untrusted computing environments for cost effective storage. A method and system may include a trusted agent operable in a trusted computing environment. The trusted agent includes a transformation knowledge key generator and a data transformer. The transformation knowledge key generator is operable to generate a transformation knowledge key, the transformation knowledge key being generated with at least two shielding algorithms to shield the data. The data transformer is operable to transform the data into N segments of shielded data using the transformation knowledge key. A communications agent securely coupled to the trusted agent is operable to securely transfer one or more of the N segments of shielded data to one or more storage devices in untrusted computing environments.

Abstract: Described herein are techniques related to shielding data. A method and system for generating a transformation knowledge key (TKK) may include a TKK generator operable to generate a TKK used to shield the data. The TKK is configured to include at least two components. A library of shielding algorithms is configured to include at least two types of shielding algorithms. The TKK generator is configured to select the at least two types of shielding algorithms to generate the at least two components. The TKK generator is operable to concatenate the at least two components in a configurable order to generate the TKK.

Abstract: Described herein are techniques related to shielding data. A method and system for generating a transformation knowledge key (TKK) may include a TKK generator operable to generate a TKK used to shield the data. The TKK is configured to include at least two components. A library of shielding algorithms is configured to include at least two types of shielding algorithms. The TKK generator is configured to select the at least two types of shielding algorithms to generate the at least two components. The TKK generator is operable to concatenate the at least two components in a configurable order to generate the TKK.

Abstract: Described herein are techniques related to shielding data, thereby enabling the shielded data to be distributively placed in untrusted computing environments for cost effective storage. A method and system may include a trusted agent operable in a trusted computing environment. The trusted agent includes a transformation knowledge key generator and a data transformer. The transformation knowledge key generator is operable to generate a transformation knowledge key, the transformation knowledge key being generated with at least two shielding algorithms to shield the data. The data transformer is operable to transform the data into N segments of shielded data using the transformation knowledge key. A communications agent securely coupled to the trusted agent is operable to securely transfer one or more of the N segments of shielded data to one or more storage devices in untrusted computing environments.