Securing data in a dispersed storage network

US 10,015,152 B2
Filed: 07/22/2016
Issued: 07/03/2018
Est. Priority Date: 04/02/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A method for execution by a dispersed storage and task (DST) processing unit that includes a processor, the method comprises:

transforming a counter seed into a set of counter values;

obtaining an encryption key;

encrypting, via an encryption module having a first block cipher module and a second block cipher module, at least two portions of data utilizing the encryption key and at least two of the set of counter values, in parallel, to produce at least two ciphertexts, wherein the encrypting the at least two portions in parallel to produce at least two ciphertexts includes encrypting a first portion of the data using the first block cipher module to produce a first ciphertext and encrypting a second portion of the data using the second block cipher module to generate a second ciphertext;

performing, via a deterministic function module having a first deterministic function unit and a second deterministic function unit, a first deterministic function on the at least two ciphertexts, in parallel, to produce at least two transformed ciphertexts, wherein the performing the first deterministic function on the at least two ciphertexts in parallel includes processing the first ciphertext using the first deterministic function unit to produce a first transformed ciphertext and processing the second ciphertext using the second deterministic function unit to produce a second transformed ciphertext;

performing, via the deterministic function module, a second deterministic function on the first transformed ciphertext and the second transformed ciphertext to produce a mask;

masking the encryption key using the mask to produce a masked key; and

combining the at least two ciphertexts and the masked key to produce secure data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for execution by a dispersed storage and task (DST) processing unit includes transforming a counter seed into a set of counter values; obtaining an encryption key; encrypting at least two portions of data utilizing the encryption key and at least two of the set of counter values, in parallel, to produce at least two ciphertexts; performing a first deterministic function on the at least two ciphertexts, in parallel, to produce at least two transformed ciphertexts; performing a second deterministic function on the at least two transformed ciphertexts to produce a mask; masking the encryption key using the mask to produce a masked key; and combining the at least two ciphertexts and the masked key to produce secure data.

103 Citations

View as Search Results

20 Claims

1. A method for execution by a dispersed storage and task (DST) processing unit that includes a processor, the method comprises:
- transforming a counter seed into a set of counter values;
  
  obtaining an encryption key;
  
  encrypting, via an encryption module having a first block cipher module and a second block cipher module, at least two portions of data utilizing the encryption key and at least two of the set of counter values, in parallel, to produce at least two ciphertexts, wherein the encrypting the at least two portions in parallel to produce at least two ciphertexts includes encrypting a first portion of the data using the first block cipher module to produce a first ciphertext and encrypting a second portion of the data using the second block cipher module to generate a second ciphertext;
  
  performing, via a deterministic function module having a first deterministic function unit and a second deterministic function unit, a first deterministic function on the at least two ciphertexts, in parallel, to produce at least two transformed ciphertexts, wherein the performing the first deterministic function on the at least two ciphertexts in parallel includes processing the first ciphertext using the first deterministic function unit to produce a first transformed ciphertext and processing the second ciphertext using the second deterministic function unit to produce a second transformed ciphertext;
  
  performing, via the deterministic function module, a second deterministic function on the first transformed ciphertext and the second transformed ciphertext to produce a mask;
  
  masking the encryption key using the mask to produce a masked key; and
  
  combining the at least two ciphertexts and the masked key to produce secure data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein obtaining the encryption key includes at least one of retrieving, receiving, generating based on a random number, and generating based on a pseudo-random algorithm and a key seed.
  - 3. The method of claim 1 wherein the second deterministic function is an exclusive OR function.
  - 4. The method of claim 1 wherein the masking includes applying a masking function based on the mask.
  - 5. The method of claim 1 wherein the masking includes performing an exclusive OR function on the encryption key and the mask to produce the masked key.
  - 6. The method of claim 1 wherein combining the at least two ciphertexts and the masked key includes appending the masked key to the at least two ciphertexts to produce the secure data.
  - 7. The method of claim 1 wherein combining the at least two ciphertexts and the masked key includes interleaving the masked key with the at least two ciphertexts to produce the secure data.

8. A processing system of a dispersed storage and task (DST) processing unit comprises:
- a plurality of processors;
  
  a memory that stores operational instructions, that when executed by the plurality of processors cause the processing system to;
  
  transform a counter seed into a set of counter values;
  
  obtain an encryption key;
  
  encrypt, via an encryption module having a first block cipher module and a second block cipher module, at least two portions of data utilizing the encryption key and at least two of the set of counter values, in parallel, to produce at least two ciphertexts, wherein encrypting the at least two portions in parallel to produce at least two ciphertexts includes encrypting a first portion of the data using the first block cipher module to produce a first ciphertext and encrypting a second portion of the data using the second block cipher module to generate a second ciphertext;
  
  perform, via a deterministic function module having a first deterministic function unit and a second deterministic function unit, a first deterministic function on the at least two ciphertexts, in parallel, to produce at least two transformed ciphertexts, wherein performing the first deterministic function on the at least two ciphertexts in parallel includes processing the first ciphertext using the first deterministic function unit to produce a first transformed ciphertext and processing the second ciphertext using the second deterministic function unit to produce a second transformed ciphertext;
  
  perform, via the deterministic function module, a second deterministic function on the first transformed ciphertext and the second transformed ciphertext to produce a mask;
  
  mask the encryption key using the mask to produce a masked key; and
  
  combine the at least two ciphertexts and the masked key to produce secure data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The processing system of claim 8 wherein obtaining the encryption key includes at least one of retrieving, receiving, generating based on a random number, and generating based on a pseudo-random algorithm and a key seed.
  - 10. The processing system of claim 8 wherein the second deterministic function is an exclusive OR function.
  - 11. The processing system of claim 8 wherein the masking includes applying a masking function based on the mask.
  - 12. The processing system of claim 8 wherein the masking includes performing an exclusive OR function on the encryption key and the mask to produce the masked key.
  - 13. The processing system of claim 8 wherein combining the at least two ciphertexts and the masked key includes appending the masked key to the at least two ciphertexts to produce the secure data.
  - 14. The processing system of claim 8 wherein combining the at least two ciphertexts and the masked key includes interleaving the masked key with the at least two ciphertexts to produce the secure data.

15. A non-transitory computer readable storage medium comprises:
- at least one memory section that stores operational instructions that, when executed by a processing system of a dispersed storage network (DSN) that includes a plurality of processors and a memory, causes the processing system to;
  
  transform a counter seed into a set of counter values;
  
  obtain an encryption key;
  
  encrypt, via an encryption module having a first block cipher module and a second block cipher module, at least two portions of data utilizing the encryption key and at least two of the set of counter values, in parallel, to produce at least two ciphertexts, wherein encrypting the at least two portions in parallel to produce at least two ciphertexts includes encrypting a first portion of the data using the first block cipher module to produce a first ciphertext and encrypting a second portion of the data using the second block cipher module to generate a second ciphertext;
  
  perform, via a deterministic function module having a first deterministic function unit and a second deterministic function unit, a first deterministic function on the at least two ciphertexts, in parallel, to produce at least two transformed ciphertexts, wherein performing the first deterministic function on the at least two ciphertexts in parallel includes processing the first ciphertext using the first deterministic function unit to produce a first transformed ciphertext and processing the second ciphertext using the second deterministic function unit to produce a second transformed ciphertext;
  
  perform, via the deterministic function module, a second deterministic function on the first transformed ciphertext and the second transformed ciphertext to produce a mask;
  
  mask the encryption key using the mask to produce a masked key; and
  
  combine the at least two ciphertexts and the masked key to produce secure data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15 wherein obtaining the encryption key includes at least one of retrieving, receiving, generating based on a random number, and generating based on a pseudo-random algorithm and a key seed.
  - 17. The non-transitory computer readable storage medium of claim 15 wherein the second deterministic function is an exclusive OR function.
  - 18. The non-transitory computer readable storage medium of claim 15 wherein masking includes applying a masking function based on the mask.
  - 19. The non-transitory computer readable storage medium of claim 15 wherein masking includes performing an exclusive OR function on the encryption key and the mask to produce the masked key.
  - 20. The non-transitory computer readable storage medium of claim 15 wherein combining the at least two ciphertexts and the masked key includes appending the masked key to the at least two ciphertexts to produce the secure data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Resch, Jason K., Leggette, Wesley B.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/217,242
Publication Number

US 20160330181A1
Time in Patent Office

711 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/6272   by registering files or doc...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

H04L 63/104   Grouping of entities

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

H04L 9/0618   Block ciphers, i.e. encrypt...

Securing data in a dispersed storage network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing data in a dispersed storage network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links