Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Abstract: The systems and methods disclosed herein transparently provide data security using a cryptographic file system layer that selectively intercepts and modifies (e.g., by encrypting) data to be stored in a designated directory. The cryptographic file system layer can be used in combination with one or more cryptographic approaches to provide a server-based secure data solution that makes data more secure and accessible, while eliminating the need for multiple perimeter hardware and software technologies.

Abstract: A robust computational secret sharing scheme that provides for the efficient distribution and subsequent recovery of a private data is disclosed. A cryptographic key may be randomly generated and then shared using a secret sharing algorithm to generate a collection of key shares. The private data may be encrypted using the key, resulting in a ciphertext. The ciphertext may then be broken into ciphertext fragments using an Information Dispersal Algorithm. Each key share and a corresponding ciphertext fragment are provided as input to a committal method of a probabilistic commitment scheme, resulting in a committal value and a decommittal value. The share for the robust computational secret sharing scheme may be obtained by combining the key share, the ciphertext fragment, the decommittal value, and the vector of committal values.

Abstract: Systems and methods are provided for securing data. A processing device receives a data set and identifies a first subset of data from a first dimension of a multi-dimensional representation of the data set. The processing device encrypts the first subset of data using a first encryption technique to yield a first encrypted subset of data and replaces the first subset of data in the multi-dimensional representation of the data set with the first subset of encrypted data. The processing device then identifies a second subset of data from a second dimension of the multi-dimensional representation of the data set, with the second subset of data including at least a portion of the first subset of encrypted data, and encrypts the second subset of data using a second encryption technique to yield a second encrypted subset of data.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.

Abstract: Systems and methods are provided for creating and using a sharable file-level key to secure data files. The sharable file-level key is generated based on a workgroup key associated with the data file, as well as unique information associated with the data file. The sharable file-level key may be used to encrypt and split data using a Secure Parser. Systems and methods are also provided for sharing data without replicating the data on the machine of the end user. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data that was encrypted and split. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.

Abstract: Systems and methods are provided for distributing trust among a set of certificate authorities. One approach provides methods and systems in which the secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation of a connection between two devices. Another approach provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data, and the shares of data are transmitted through each of the tunnels.

Abstract: Two approaches are provided for distributing trust among a set of certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which the secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing data in and communicating data with cloud computing resources. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: Data processing and an accelerator system therefore are described. An embodiment relates generally to a data processing system. In such an embodiment, a bus and an accelerator are coupled to one another. The accelerator has an application function block. The application function block is to process data to provide processed data to storage. A network interface is coupled to obtain the processed data from the storage for transmission.

Abstract: Systems and methods are provided for securing data. A processing device receives a data set and identifies a first subset of data from a first dimension of a multi-dimensional representation of the data set. The processing device encrypts the first subset of data using a first encryption technique to yield a first encrypted subset of data and replaces the first subset of data in the multi-dimensional representation of the data set with the first subset of encrypted data. The processing device then identifies a second subset of data from a second dimension of the multi-dimensional representation of the data set, with the second subset of data including at least a portion of the first subset of encrypted data, and encrypts the second subset of data using a second encryption technique to yield a second encrypted subset of data.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing data in and communicating data with cloud computing resources. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security.

Abstract: Systems and methods are provided for transmitting data for secure storage. For each of two or more data sets, a plurality of shares are generated containing a distribution of data from an encrypted version of the data set. The shares are then stored in a shared memory device, wherein a data set may be reconstructed from a threshold number of the associated plurality of shares using an associated key. Also provided are systems and methods for providing access to secured data. A plurality of shares containing a distribution of data from an encrypted version of a data set are stored in a memory device. A client is provided with a virtual machine that indicates the plurality of shares, and the capability to reconstruct the data set from the plurality of shares using an associated key.

Abstract: Systems and methods for reading and writing a set of data using a journaling service are provided. The journaling service may be used to identify and record data storage operations associated with one or more shares of data stored in one or more share locations. The journaling service may use logs to record each of the read and write requests to the share locations. In some embodiments, the log may be a queue data structure that stores information associated with failed data storage operations. In some embodiments, the journaling service may leverage both memory and disk storage in order to maintain the journaling queue. In some embodiments, the journaling queue may maintain information associated with the state of each share location. In some embodiments, this information may be used by the journaling service to determine when to monitor and record information regarding data storage operations associated with the share locations.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: Systems and methods are provided for transmitting data for secure storage. For each of two or more data sets, a plurality of shares are generated containing a distribution of data from an encrypted version of the data set. The shares are then stored in a shared memory device, wherein a data set may be reconstructed from a threshold number of the associated plurality of shares using an associated key. Also provided are systems and methods for providing access to secured data. A plurality of shares containing a distribution of data from an encrypted version of a data set are stored in a memory device. A client is provided with a virtual machine that indicates the plurality of shares, and the capability to reconstruct the data set from the plurality of shares using an associated key.

Abstract: Data processing and an accelerator system therefore are described. An embodiment relates generally to a data processing system. In such an embodiment, a bus and an accelerator are coupled to one another. The accelerator has an application function block. The application function block is to process data to provide processed data to storage. A network interface is coupled to obtain the processed data from the storage for transmission.

Abstract: Systems and methods are provided for securing a virtual machine by causing a plurality of shares of virtual machine files to be separately stored in response to a stop command. Systems and methods are also provided for restoring a data set with a cryptographic restoration application in response to a series of user inputs received when no visual indicator of the cryptographic restoration algorithm is displayed, and for restoring a data set with data shares received from another computer device in response to detecting a communication link with the device.