Data encryption parameter dispersal
First Claim
1. A method for securely distributing a profile regarding a user device to another user device of a dispersed storage network (DSN), the method comprises:
- encrypting a profile using a key to produce an encrypted profile;
encoding the encrypted profile in accordance with a dispersed storage error encoding function to produce a set of encoded profile slices;
outputting the set of encoded profile slices to storage units of the DSN for storage therein;
encoding the key in accordance with an error encoding function to produce a set of secure key portions;
outputting the set of secure key portions to a set of user devices of the DSN, wherein user devices of the set of user devices are separate devices of the DSN than storage units of the DSN, wherein a first user device of the set of user devices receives and stores a first secure key portion of the set of secure key portions and a second user device of the set of user devices receives and stores a second secure key portion of the set of secure key portions; and
obtaining the profile by one of the set of user devices by;
retrieving a threshold number of the set of secure key portions from the set of user devices;
recovering the key from the threshold number of the set of secure key portions;
retrieving a decode threshold number of the set of encoded profile slices from the DSN;
decoding the decode threshold number of the set of encoded profile slices to recover the encrypted profile; and
decrypting the encrypted profile using the key to recover the profile.
6 Assignments
0 Petitions
Accused Products
Abstract
A method for securely distributing a profile within a dispersed storage network (DSN) that begins by encrypting a profile using a key. The method continues by encoding the encrypted profile in accordance with a dispersed storage error encoding function. The method continues by outputting the set of encoded profile slices to the DSN for storage therein. The method continues by encoding the key in accordance with an error encoding function and outputting the set of secure key portions to a set of devices of the DSN for storage therein. A device obtains the profile by retrieving secure key portions from the set of devices and recovering the key therefrom. The device then retrieves encoded profile slices from the DSN and decodes them to recover the encrypted profile. The device then decrypts the encrypted profile using the key to recover the profile.
14 Citations
14 Claims
-
1. A method for securely distributing a profile regarding a user device to another user device of a dispersed storage network (DSN), the method comprises:
-
encrypting a profile using a key to produce an encrypted profile; encoding the encrypted profile in accordance with a dispersed storage error encoding function to produce a set of encoded profile slices; outputting the set of encoded profile slices to storage units of the DSN for storage therein; encoding the key in accordance with an error encoding function to produce a set of secure key portions; outputting the set of secure key portions to a set of user devices of the DSN, wherein user devices of the set of user devices are separate devices of the DSN than storage units of the DSN, wherein a first user device of the set of user devices receives and stores a first secure key portion of the set of secure key portions and a second user device of the set of user devices receives and stores a second secure key portion of the set of secure key portions; and obtaining the profile by one of the set of user devices by; retrieving a threshold number of the set of secure key portions from the set of user devices; recovering the key from the threshold number of the set of secure key portions; retrieving a decode threshold number of the set of encoded profile slices from the DSN; decoding the decode threshold number of the set of encoded profile slices to recover the encrypted profile; and decrypting the encrypted profile using the key to recover the profile. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A dispersed storage network (DSN) comprises:
-
a plurality of user devices, wherein a first user device of the plurality of user devices securely distributes a profile regarding the first user device to another user device of the plurality of user devices; the first user device including a first interface, a first memory, and a first processing module operably coupled to the first interface and the first memory, wherein the first processing module is operable to; encrypt the profile using a key to produce an encrypted profile; encode the encrypted profile in accordance with a dispersed storage error encoding function to produce a set of encoded profile slices; output, via the first interface, the set of encoded profile slices to storage units of the DSN for storage therein; encode the key in accordance with an error encoding function to produce a set of secure key portions; output, via the first interface, the set of secure key portions to a set of user devices of the plurality of user devices, wherein a first user device of the set of user devices receives and stores a first secure key portion of the set of secure key portions and a second user device of the set of user devices receives and stores a second secure key portion of the set of secure key portions; and the second user device including a second interface, a second memory, and a second processing module operably coupled to the second interface and the second memory, wherein the second processing module is operable to obtain the profile by; retrieving, via the second interface, a threshold number of the set of secure key portions from the set of user devices, wherein user devices of the set of user devices are separate devices of the DSN than the storage units of the DSN; recovering the key from the threshold number of the set of secure key portions; retrieving, via the second interface, a decode threshold number of the set of encoded profile slices from the DSN; decoding the decode threshold number of the set of encoded profile slices to recover the encrypted profile; and decrypting the encrypted profile using the key to recover the profile. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification