Securely distributing random keys in a dispersed storage network
First Claim
1. A method comprises:
- encrypting, by a computing device of a dispersed storage network (DSN), a first data segment of a data object using a first encryption key to produce a first encrypted data segment;
appending, by the computing device, the first encrypted data segment with a second encryption key to produce a first encrypted appended data segment;
dispersed storage error encoding, by the computing device, the first encrypted appended data segment to produce a first set of error encoded data slices;
encrypting, by the computing device, the first encryption key using the second encryption key to produce a first encryption key layer;
encrypting, by the computing device, a second data segment of the data object using a third encryption key to produce a second encrypted data segment;
appending, by the computing device, the second encrypted data segment with a fourth encryption key to produce a second encrypted appended data segment;
dispersed storage error encoding, by the computing device, the second encrypted appended data segment to produce a second set of error encoded data slices;
appending, by the computing device, the third encryption key with the first encryption key layer to produce a first appended encryption key layer;
encrypting, by the computing device, the first appended encryption key layer using the fourth encryption key to produce a second encryption key layer;
generating, by the computing device, a final encryption key layer in accordance with an encryption key layering scheme and the second encryption key layer; and
dispersed storage error encoding, by the computing device, the final encryption key layer to produce a set of error encoded encryption key layer slices.
5 Assignments
0 Petitions
Accused Products
Abstract
A method includes encrypting first data segment using first encryption key (EK1) to produce first encrypted data segment (DS), appending the first encrypted DS with EK2 to produce first encrypted appended DS, and dispersed error encoding the first encrypted appended DS to produce first set of error encoded data slices (EDSs). The method further includes encrypting EK1 using EK2 to produce EK layer1, encrypting second DS using EK3 to produce second encrypted DS, appending the second encrypted DS with EK4 to produce second encrypted appended DS, dispersed error encoding the second encrypted appended DS to produce second set of EDSs, appending EK3 with EK layer1 to produce appended EK layer1, encrypting appended EK layer1 using EK4 to produce EK layer2, generating EK layer-final in accordance with an EK layering scheme and EK layer2, and dispersed error encoding EK layer-final to produce set of error encoded layered key slices.
-
Citations
18 Claims
-
1. A method comprises:
-
encrypting, by a computing device of a dispersed storage network (DSN), a first data segment of a data object using a first encryption key to produce a first encrypted data segment; appending, by the computing device, the first encrypted data segment with a second encryption key to produce a first encrypted appended data segment; dispersed storage error encoding, by the computing device, the first encrypted appended data segment to produce a first set of error encoded data slices; encrypting, by the computing device, the first encryption key using the second encryption key to produce a first encryption key layer; encrypting, by the computing device, a second data segment of the data object using a third encryption key to produce a second encrypted data segment; appending, by the computing device, the second encrypted data segment with a fourth encryption key to produce a second encrypted appended data segment; dispersed storage error encoding, by the computing device, the second encrypted appended data segment to produce a second set of error encoded data slices; appending, by the computing device, the third encryption key with the first encryption key layer to produce a first appended encryption key layer; encrypting, by the computing device, the first appended encryption key layer using the fourth encryption key to produce a second encryption key layer; generating, by the computing device, a final encryption key layer in accordance with an encryption key layering scheme and the second encryption key layer; and dispersed storage error encoding, by the computing device, the final encryption key layer to produce a set of error encoded encryption key layer slices. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computing device of a dispersed storage network (DSN), the computing device comprises:
-
an interface; memory; and a processing module operably coupled to the memory and the interface, wherein the processing module is configured to; encrypt a first data segment of a data object using a first encryption key to produce a first encrypted data segment; append the first encrypted data segment with a second encryption key to produce a first encrypted appended data segment; dispersed storage error encode the first encrypted appended data segment to produce a first set of error encoded data slices; encrypt the first encryption key using the second encryption key to produce a first encryption key layer; encrypt a second data segment of the data object using a third encryption key to produce a second encrypted data segment; append the second encrypted data segment with a fourth encryption key to produce a second encrypted appended data segment; dispersed storage error encode the second encrypted appended data segment to produce a second set of error encoded data slices; append the third encryption key with the first encryption key layer to produce a first appended encryption key layer; encrypt the first appended encryption key layer using the fourth encryption key to produce a second encryption key layer; generate a final encryption key layer in accordance with an encryption key layering scheme and the second encryption key layer; and dispersed storage error encode the final encryption key layer to produce a set of error encoded encryption key layer slices. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer readable memory comprises:
-
a first memory element that stores operational instructions that, when executed by a computing device of a dispersed storage network (DSN), causes the computing device to; encrypt a first data segment of a data object using a first encryption key to produce a first encrypted data segment; append the first encrypted data segment with a second encryption key to produce a first encrypted appended data segment; dispersed storage error encode the first encrypted appended data segment to produce a first set of error encoded data slices; encrypt the first encryption key using the second encryption key to produce a first encryption key layer; encrypt a second data segment of the data object using a third encryption key to produce a second encrypted data segment; append the second encrypted data segment with a fourth encryption key to produce a second encrypted appended data segment; dispersed storage error encode the second encrypted appended data segment to produce a second set of error encoded data slices; append the third encryption key with the first encryption key layer to produce a first appended encryption key layer; encrypt the first appended encryption key layer using the fourth encryption key to produce a second encryption key layer; generate a final encryption key layer in accordance with an encryption key layering scheme and the second encryption key layer; and dispersed storage error encode the final encryption key layer to produce a set of error encoded encryption key layer slices. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification