Systematic erasure code encoding of data packages

US 10,127,402 B2
Filed: 11/02/2016
Issued: 11/13/2018
Est. Priority Date: 06/06/2011
Status: Active Grant

First Claim

Patent Images

1. A method of storing a data segment in a distributed storage (DS) processing unit, the method comprising:

combining integrity information and a data segment to produce a data package;

encrypting the data package using a secret key to produce an encrypted data package;

dispersed storage error encoding the encrypted data package, using a systematic erasure code employing first dispersed storage error coding parameters, to produce a set of encoded encrypted slices;

encoding the secret key utilizing a secret sharing algorithm to produce a set of secret shares, wherein the secret sharing algorithm employs second dispersed storage error coding parameters, and at least one parameter of the second dispersed storage error coding parameters is different from a corresponding parameter of the first dispersed storage error coding parameters;

sending the set of encoded encrypted slices to a distributed storage network (DSN) memory for storage; and

sending the set of secret shares to the DSN memory for storage.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by combining integrity information and a data segment to produce a data package. The data package is encrypted using a secret key to produce an encrypted data package, which is dispersed storage error encoded using a systematic erasure code, to produce a set of encoded encrypted slices. The secret key is encoded utilizing a secret sharing algorithm to produce a set of secret shares. The set of encoded encrypted slices is sent to a distributed storage network (DSN) memory for storage; and the set of secret shares is sent to the DSN memory for storage.

84 Citations

View as Search Results

20 Claims

1. A method of storing a data segment in a distributed storage (DS) processing unit, the method comprising:
- combining integrity information and a data segment to produce a data package;
  
  encrypting the data package using a secret key to produce an encrypted data package;
  
  dispersed storage error encoding the encrypted data package, using a systematic erasure code employing first dispersed storage error coding parameters, to produce a set of encoded encrypted slices;
  
  encoding the secret key utilizing a secret sharing algorithm to produce a set of secret shares, wherein the secret sharing algorithm employs second dispersed storage error coding parameters, and at least one parameter of the second dispersed storage error coding parameters is different from a corresponding parameter of the first dispersed storage error coding parameters;
  
  sending the set of encoded encrypted slices to a distributed storage network (DSN) memory for storage; and
  
  sending the set of secret shares to the DSN memory for storage.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - generating the integrity information for the data segment.
  - 3. The method of claim 1, wherein combining the integrity information includes:
    - interlacing the integrity information and the data segment.
  - 4. The method of claim 1, further comprising:
    - generating the secret key based on a deterministic function.
  - 5. The method of claim 1, wherein using the systematic erasure code includes:
    - matrix multiplying a data matrix of an encrypted data package with an encoding matrix including a unity matrix portion to produce a matrix of encoded codes.
  - 6. The method of claim 5, further comprising:
    - combining the matrix of encoded codes to produce the set of encoded encrypted slices.
  - 7. The method of claim 1, wherein encoding the secret key further comprises:
    - encoding the secret key utilizing a different decode threshold than used for encoding other data types.

8. A non-transitory computer readable medium tangibly embodying a program of computer executable instructions, the program of computer executable instructions including:
- at least one instruction to combine integrity information and a data segment to produce a data package;
  
  at least one instruction to encrypt the data package using a secret key to produce an encrypted data package;
  
  at least one instruction to dispersed storage error encode the encrypted data package, using a systematic erasure code employing first dispersed storage error coding parameters, to produce a set of encoded encrypted slices;
  
  at least one instruction to encode the secret key utilizing a secret sharing algorithm to produce a set of secret shares, wherein the secret sharing algorithm employs second dispersed storage error coding parameters, and at least one parameter of the second dispersed storage error coding parameters is different from a corresponding parameter of the first dispersed storage error coding parameters;
  
  at least one instruction to send the set of encoded encrypted slices to a distributed storage network (DSN) memory for storage; and
  
  at least one instruction to send the set of secret shares to the DSN memory for storage.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable medium of claim 8, further comprising:
    - at least one instruction to generate the integrity information for the data segment.
  - 10. The non-transitory computer readable medium of claim 8, wherein the at least one instruction to combine the integrity information includes:
    - at least one instruction to interlace the integrity information and the data segment.
  - 11. The non-transitory computer readable medium of claim 8, further comprising:
    - at least one instruction to generate the secret key based on a deterministic function.
  - 12. The non-transitory computer readable medium of claim 8, further comprising:
    - at least one instruction to matrix multiply a data matrix of an encrypted data package with an encoding matrix including a unity matrix portion to produce a matrix of encoded codes.
  - 13. The non-transitory computer readable medium of claim 12, further comprising:
    - at least one instruction to combine the matrix of encoded codes to produce the set of encoded encrypted slices.
  - 14. The non-transitory computer readable medium of claim 8, further comprising:
    - at least one instruction to encode the secret key utilizing a different decode threshold than used for encoding other data types.

15. A distributed storage (DS) processing unit comprising:
- a processing unit;
  
  memory coupled to the processing unit and configured to store a program of computer executable instructions, the program of computer executable instructions including;
  
  at least one instruction to combine integrity information and a data segment to produce a data package;
  
  at least one instruction to encrypt the data package using a secret key to produce an encrypted data package;
  
  at least one instruction to dispersed storage error encode the encrypted data package, using a systematic erasure code employing first dispersed storage error coding parameters, to produce a set of encoded encrypted slices;
  
  at least one instruction to encode the secret key utilizing a secret sharing algorithm to produce a set of secret shares, wherein the secret sharing algorithm employs second dispersed storage error coding parameters, and at least one parameter of the second dispersed storage error coding parameters is different from a corresponding parameter of the first dispersed storage error coding parameters;
  
  at least one instruction to send the set of encoded encrypted slices to a distributed storage network (DSN) memory for storage; and
  
  at least one instruction to send the set of secret shares to the DSN memory for storage.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The DS processing unit of claim 15, the program of computer executable instructions further comprising:
    - at least one instruction to generate the integrity information for the data segment.
  - 17. The DS processing unit of claim 15, wherein the at least one instruction to combine the integrity information includes:
    - at least one instruction to append the integrity information to the data segment.
  - 18. The DS processing unit of claim 15, the program of computer executable instructions further comprising:
    - at least one instruction to generate the secret key based on a deterministic function.
  - 19. The DS processing unit of claim 15, the program of computer executable instructions further comprising:
    - at least one instruction to matrix multiply a data matrix of an encrypted data package with an encoding matrix including a unity matrix portion to produce a matrix of encoded codes.
  - 20. The DS processing unit of claim 15, the program of computer executable instructions further comprising:
    - at least one instruction to encode the secret key utilizing a different width and decode threshold than used for encoding other data slices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Resch, Jason K.
Primary Examiner(s)
Lagor, Alexander

Application Number

US15/341,456
Publication Number

US 20170053132A1
Time in Patent Office

741 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/10   Adding special bits or symb...

G06F 11/1076   Parity data used in redunda...

G06F 11/2089   Redundant storage control f...

G06F 12/1408   by using cryptography for d...

G06F 15/17331   Distributed shared memory [...

G06F 16/27   Replication, distribution o...

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/64   Protecting data integrity, ...

G06F 2212/263   Network storage, e.g. SAN o...

G06F 2221/2107   File encryption

G06F 3/0604   Improving or facilitating a...

G06F 3/0644   Management of space entitie...

G06F 3/067   Distributed or networked st...

G06F 8/65   Updates security arrangemen...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0861   Generation of secret inform...

Systematic erasure code encoding of data packages

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systematic erasure code encoding of data packages

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links