Patent attributes
Embodiments include a method for secure data storage including constructing an encryption key from a plurality of key elements, the constructing including distributing the plurality of key elements to a plurality of key maintenance entities, each of the plurality of key maintenance entities employing a plurality of independent safe guards for their respective key elements of the plurality of key elements; and requiring access to the plurality of key elements to construct the encryption key. The method includes receiving a subset of the plurality of key elements via a twice-encrypted communications channel; and regenerating the encryption key at the client node; and after encrypting data, deleting the subset of the plurality of key elements received over the twice-encrypted communications channel, retaining any of the plurality of key elements previously stored at the client node.
