Data encryption parameter dispersal

US 10,097,518 B2
Filed: 06/17/2013
Issued: 10/09/2018
Est. Priority Date: 12/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method for securely distributing a profile regarding a user device to another user device of a dispersed storage network (DSN), the method comprises:

encrypting a profile using a key to produce an encrypted profile;

encoding the encrypted profile in accordance with a dispersed storage error encoding function to produce a set of encoded profile slices;

outputting the set of encoded profile slices to storage units of the DSN for storage therein;

encoding the key in accordance with an error encoding function to produce a set of secure key portions;

outputting the set of secure key portions to a set of user devices of the DSN, wherein user devices of the set of user devices are separate devices of the DSN than storage units of the DSN, wherein a first user device of the set of user devices receives and stores a first secure key portion of the set of secure key portions and a second user device of the set of user devices receives and stores a second secure key portion of the set of secure key portions; and

obtaining the profile by one of the set of user devices by;

retrieving a threshold number of the set of secure key portions from the set of user devices;

recovering the key from the threshold number of the set of secure key portions;

retrieving a decode threshold number of the set of encoded profile slices from the DSN;

decoding the decode threshold number of the set of encoded profile slices to recover the encrypted profile; and

decrypting the encrypted profile using the key to recover the profile.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securely distributing a profile within a dispersed storage network (DSN) that begins by encrypting a profile using a key. The method continues by encoding the encrypted profile in accordance with a dispersed storage error encoding function. The method continues by outputting the set of encoded profile slices to the DSN for storage therein. The method continues by encoding the key in accordance with an error encoding function and outputting the set of secure key portions to a set of devices of the DSN for storage therein. A device obtains the profile by retrieving secure key portions from the set of devices and recovering the key therefrom. The device then retrieves encoded profile slices from the DSN and decodes them to recover the encrypted profile. The device then decrypts the encrypted profile using the key to recover the profile.

14 Citations

14 Claims

1. A method for securely distributing a profile regarding a user device to another user device of a dispersed storage network (DSN), the method comprises:
- encrypting a profile using a key to produce an encrypted profile;
  
  encoding the encrypted profile in accordance with a dispersed storage error encoding function to produce a set of encoded profile slices;
  
  outputting the set of encoded profile slices to storage units of the DSN for storage therein;
  
  encoding the key in accordance with an error encoding function to produce a set of secure key portions;
  
  outputting the set of secure key portions to a set of user devices of the DSN, wherein user devices of the set of user devices are separate devices of the DSN than storage units of the DSN, wherein a first user device of the set of user devices receives and stores a first secure key portion of the set of secure key portions and a second user device of the set of user devices receives and stores a second secure key portion of the set of secure key portions; and
  
  obtaining the profile by one of the set of user devices by;
  
  retrieving a threshold number of the set of secure key portions from the set of user devices;
  
  recovering the key from the threshold number of the set of secure key portions;
  
  retrieving a decode threshold number of the set of encoded profile slices from the DSN;
  
  decoding the decode threshold number of the set of encoded profile slices to recover the encrypted profile; and
  
  decrypting the encrypted profile using the key to recover the profile.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the encoding the key further comprises:
    - encoding the key in accordance with the error encoding function, wherein the error encoding function includes one of the dispersed storage error encoding function and another dispersed storage error encoding function, and wherein the set of secure key portions includes a set of encoded key slices.
  - 3. The method of claim 1, wherein the encoding the key further comprises:
    - encoding the key in accordance with the error encoding function, wherein the error encoding function includes a Shamir share function and wherein the set of secure key portions includes a set of secret key shares.
  - 4. The method of claim 1, wherein the set of user devices comprises at least one of:
    - one or more storage units;
      
      one or more user devices;
      
      one or more storage integrity units; and
      
      one or more managing units.
  - 5. The method of claim 1 further comprises:
    - outputting the set of encoded profile slices to the storage units of the DSN for storage therein; and
      
      outputting the set of secure key portions to at least some of the storage units for storage therein.
  - 6. The method of claim 1 further comprises:
    - outputting the set of encoded profile slices to the set of user devices for storage therein.
  - 7. The method of claim 1, wherein the profile comprises one or more of:
    - authentication information;
      
      permissions;
      
      a name;
      
      personal information;
      
      password; and
      
      a picture.

8. A dispersed storage network (DSN) comprises:
- a plurality of user devices, wherein a first user device of the plurality of user devices securely distributes a profile regarding the first user device to another user device of the plurality of user devices;
  
  the first user device including a first interface, a first memory, and a first processing module operably coupled to the first interface and the first memory, wherein the first processing module is operable to;
  
  encrypt the profile using a key to produce an encrypted profile;
  
  encode the encrypted profile in accordance with a dispersed storage error encoding function to produce a set of encoded profile slices;
  
  output, via the first interface, the set of encoded profile slices to storage units of the DSN for storage therein;
  
  encode the key in accordance with an error encoding function to produce a set of secure key portions;
  
  output, via the first interface, the set of secure key portions to a set of user devices of the plurality of user devices, wherein a first user device of the set of user devices receives and stores a first secure key portion of the set of secure key portions and a second user device of the set of user devices receives and stores a second secure key portion of the set of secure key portions; and
  
  the second user device including a second interface, a second memory, and a second processing module operably coupled to the second interface and the second memory, wherein the second processing module is operable to obtain the profile by;
  
  retrieving, via the second interface, a threshold number of the set of secure key portions from the set of user devices, wherein user devices of the set of user devices are separate devices of the DSN than the storage units of the DSN;
  
  recovering the key from the threshold number of the set of secure key portions;
  
  retrieving, via the second interface, a decode threshold number of the set of encoded profile slices from the DSN;
  
  decoding the decode threshold number of the set of encoded profile slices to recover the encrypted profile; and
  
  decrypting the encrypted profile using the key to recover the profile.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The DSN of claim 8, wherein the first processing module is further operable to:
    - encode the key in accordance with the error encoding function, wherein the error encoding function includes one of the dispersed storage error encoding function and another dispersed storage error encoding function, and wherein the set of secure key portions includes a set of encoded key slices.
  - 10. The DSN of claim 8, wherein the first processing module is further operable to:
    - encode the key in accordance with the error encoding function, wherein the error encoding function includes a Shamir share function and wherein the set of secure key portions includes a set of secret key shares.
  - 11. The DSN of claim 8, wherein the set of user devices comprises at least one of:
    - one or more storage units;
      
      one or more user devices;
      
      one or more storage integrity units; and
      
      one or more managing units.
  - 12. The DSN of claim 8 further comprises:
    - the first processing module further operable to output, via the first interface, the set of encoded profile slices to the storage units of the DSN for storage therein; and
      
      the second processing module further operable to output, via the second interface, the set of secure key portions to at least some of the storage units for storage therein.
  - 13. The DSN of claim 8 further comprises:
    - the first processing module further operable to output, via the first interface, the set of encoded profile slices to the set of user devices for storage therein.
  - 14. The DSN of claim 8, wherein the profile comprises one or more of:
    - authentication information;
      
      permissions;
      
      a name;
      
      personal information;
      
      password; and
      
      a picture.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Gladwin, S. Christopher, Abhijeet, Kumar, Dhuse, Greg, Resch, Jason K.
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Zhu, Zhimei

Application Number

US13/919,210
Publication Number

US 20130275746A1
Time in Patent Office

1,940 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

G06F 2221/2107   File encryption

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 63/0428   wherein the data content is...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0894   Escrow, recovery or storing...

Data encryption parameter dispersal

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Data encryption parameter dispersal

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links