Securely recovering stored data in a dispersed storage network
First Claim
Patent Images
1. A method for execution by a dispersed storage and task (DST) execution unit that includes a hardware processor, the method comprises:
- receiving a slice pre-image request from a computing device via a network, wherein the slice pre-image request indicates a data slice, a requesting entity, and a plurality of storage units;
generating a data pre-image by performing a pre-image function on the data slice based on the plurality of storage units; and
generating an encrypted data pre-image for transmission to the computing device by performing an encryption function on the data pre-image based on a key associated with the requesting entity;
wherein the computing device receives a plurality of encrypted data pre-images from a plurality of storage units that includes the DST execution unit for transmission to the requesting entity for decoding;
wherein the requesting entity receives a plurality of storage unit identifiers corresponding to the plurality of storage units from the computing device, and wherein the requesting entity decodes the plurality of encrypted data pre-images by utilizing a plurality of unique keys, each associated with one of the plurality of storage units; and
wherein the requesting entity receives a sum of the encrypted data pre-images from the computing device, and wherein decoding includes subtracting each of the plurality of unique keys from the sum of the encrypted data pre-images.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for execution by a dispersed storage and task (DST) execution unit that includes a processor includes receiving a slice pre-image request from a computing device via a network that indicates a data slice, a requesting entity and a plurality of storage units. A data pre-image is generated by performing a pre-image function on the data slice based on the plurality of storage units. An encrypted data pre-image is generated for transmission to the computing device by performing an encryption function on the data pre-image based on a key associated with the requesting entity.
-
Citations
14 Claims
-
1. A method for execution by a dispersed storage and task (DST) execution unit that includes a hardware processor, the method comprises:
-
receiving a slice pre-image request from a computing device via a network, wherein the slice pre-image request indicates a data slice, a requesting entity, and a plurality of storage units; generating a data pre-image by performing a pre-image function on the data slice based on the plurality of storage units; and generating an encrypted data pre-image for transmission to the computing device by performing an encryption function on the data pre-image based on a key associated with the requesting entity; wherein the computing device receives a plurality of encrypted data pre-images from a plurality of storage units that includes the DST execution unit for transmission to the requesting entity for decoding; wherein the requesting entity receives a plurality of storage unit identifiers corresponding to the plurality of storage units from the computing device, and wherein the requesting entity decodes the plurality of encrypted data pre-images by utilizing a plurality of unique keys, each associated with one of the plurality of storage units; and wherein the requesting entity receives a sum of the encrypted data pre-images from the computing device, and wherein decoding includes subtracting each of the plurality of unique keys from the sum of the encrypted data pre-images. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A processing system of a dispersed storage and task (DST) execution unit comprises:
-
at least one hardware processor; a memory that stores operational instructions, that when executed by the at least one hardware processor cause the processing system to; receive a slice pre-image request from a computing device via a network, wherein the slice pre-image request indicates a data slice, a requesting entity, and a plurality of storage units; generate a data pre-image by performing a pre-image function on the data slice based on the plurality of storage units; and generate an encrypted data pre-image for transmission to the computing device by performing an encryption function on the data pre-image based on a key associated with the requesting entity; wherein the computing device receives a plurality of encrypted data pre-images from a plurality of storage units that includes the DST execution unit for transmission to the requesting entity for decoding; wherein the requesting entity receives a plurality of storage unit identifiers corresponding to the plurality of storage units from the computing device, and wherein the requesting entity decodes the plurality of encrypted data pre-images by utilizing a plurality of unique keys, each associated with one of the plurality of storage units; and wherein the requesting entity receives a sum of the encrypted data pre-images from the computing device, and wherein decoding includes subtracting each of the plurality of unique keys from the sum of the encrypted data pre-images. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer readable storage medium comprises:
-
at least one memory section that stores operational instructions that, when executed by a processing system of a dispersed storage network (DSN) that includes a hardware processor and a memory, causes the processing system to; receive a slice pre-image request from a computing device via a network, wherein the slice pre-image request indicates a data slice, a requesting entity, and a plurality of storage units; generate a data pre-image by performing a pre-image function on the data slice based on the plurality of storage units; and generate an encrypted data pre-image for transmission to the computing device by performing an encryption function on the data pre-image based on a key associated with) the requesting entity; wherein the computing device receives a plurality of encrypted data pre-images from a plurality of storage units that includes the DST execution unit for transmission to the requesting entity for decoding; wherein the requesting entity receives a plurality of storage unit identifiers corresponding to the plurality of storage units from the computing device, and wherein the requesting entity decodes the plurality of encrypted data pre-images by utilizing a plurality of unique keys, each associated with one of the plurality of storage units; and wherein the requesting entity receives a sum of the encrypted data pre-images from the computing device, and wherein decoding includes subtracting each of the plurality of unique keys from the sum of the encrypted data pre-images. - View Dependent Claims (12, 13, 14)
-
Specification