End-to-end secure data retrieval in a dispersed storage network
First Claim
1. A method for secure data retrieval in a dispersed storage network (DSN), the method comprises:
- retrieving, by an interface of a first computing device of the DSN, a decode threshold number of encrypted encoded data slices of a set of encrypted encoded data slices from at least some storage units of a set storage units of the DSN, wherein the set of storage units encrypt a set of encoded data slices using a set of encryption keys to produce the set of encrypted encoded data slices, and wherein a first encoded data slice of the set of encoded data slices is encrypted based on a first encryption key of the set of encryption keys to produce a first encrypted encoded data slice of the set of encrypted encoded data slices;
generating, by the first computing device, a decoding matrix based on pillar numbers of the decode threshold number of encrypted encoded data slices and an encoding matrix;
dispersed storage error decoding, by the first computing device, the decode threshold number of encrypted encoded data slices based on the decoding matrix to produce an encrypted data segment;
sending, by the interface of the first computing device, the encrypted data segment and the pillar numbers to a second computing device of the DSN;
identifying, by the second computing device, a particular subset of encryption keys of the set of encryption keys based on the pillar numbers; and
decrypting, by the second computing device, the encrypted data segment based on the particular subset of encryption keys.
4 Assignments
0 Petitions
Accused Products
Abstract
A method includes a first computing device retrieving a decode threshold number of encrypted encoded data slices. The method further includes the first computing device generating a decoding matrix based on pillar numbers of the decode threshold number of encrypted encoded data slices and an encoding matrix. The method further includes the first computing device dispersed storage error decoding the decode threshold number of encrypted encoded data slices based on the decoding matrix to produce an encrypted data segment. The method further includes the first computing device sending the encrypted data segment and the pillar numbers to a second computing device. The method further includes the second computing device identifying a particular subset of encryption keys of the set of encryption keys based on the pillar numbers. The method further includes the second computing device decrypting the encrypted data segment based on the particular subset of encryption keys.
82 Citations
14 Claims
-
1. A method for secure data retrieval in a dispersed storage network (DSN), the method comprises:
-
retrieving, by an interface of a first computing device of the DSN, a decode threshold number of encrypted encoded data slices of a set of encrypted encoded data slices from at least some storage units of a set storage units of the DSN, wherein the set of storage units encrypt a set of encoded data slices using a set of encryption keys to produce the set of encrypted encoded data slices, and wherein a first encoded data slice of the set of encoded data slices is encrypted based on a first encryption key of the set of encryption keys to produce a first encrypted encoded data slice of the set of encrypted encoded data slices; generating, by the first computing device, a decoding matrix based on pillar numbers of the decode threshold number of encrypted encoded data slices and an encoding matrix; dispersed storage error decoding, by the first computing device, the decode threshold number of encrypted encoded data slices based on the decoding matrix to produce an encrypted data segment; sending, by the interface of the first computing device, the encrypted data segment and the pillar numbers to a second computing device of the DSN; identifying, by the second computing device, a particular subset of encryption keys of the set of encryption keys based on the pillar numbers; and decrypting, by the second computing device, the encrypted data segment based on the particular subset of encryption keys. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer readable memory comprises:
-
a first memory element that stores operational instructions, which, when executed by a first computing device of a dispersed storage network (DSN), causes the first computing device to; retrieve a decode threshold number of encrypted encoded data slices of a set of encrypted encoded data slices from at least some storage units of a set storage units of the DSN, wherein the set of storage units encrypt a set of encoded data slices using a set of encryption keys to produce the set of encrypted encoded data slices, and wherein a first encoded data slice of the set of encoded data slices is encrypted based on a first encryption key of the set of encryption keys to produce a first encrypted encoded data slice of the set of encrypted encoded data slices; generate a decoding matrix based on pillar numbers of the decode threshold number of encrypted encoded data slices and an encoding matrix; dispersed storage error decode the decode threshold number of encrypted encoded data slices based on the decoding matrix to produce an encrypted data segment; send the encrypted data segment and the pillar numbers to a second computing device of the DSN; and a second memory element that stores operational instructions, which, when executed by the second computing device, causes the second computing device to; identify a particular subset of encryption keys of the set of encryption keys based on the pillar numbers; and decrypt the encrypted data segment based on the particular subset of encryption keys. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification