Storing access information in a dispersed storage network
First Claim
1. A method comprises:
- encoding, in accordance with a share encoding function, an access information packet to produce a first encoded share and a second encoded share;
obtaining a set of personalized authenticating values regarding user access of a user device to the access information packet, wherein each of at least some of the personalized authenticating values of the set of personalized authenticating values is unique;
generating a first hidden password from the set of personalized authenticating values based on a first function;
generating a second hidden password from the set of personalized authenticating values based on a second function;
generating a first encryption key from the first hidden password and a first random number;
generating a second encryption key from the second hidden password and a second random number;
encrypting the first encoded share with the first encryption key to produce a first encrypted encoded share;
encrypting the second encoded share using the second encryption key to produce a second encrypted encoded share;
sending the first encrypted encoded share and the first random number to a first dispersed storage (DS) processing unit, wherein the first DS processing unit generates a first encoded data slice based on the first encrypted encoded share and the first random number; and
sending the second encrypted encoded share and the second random number to a second DS processing unit, wherein the second DS processing unit generates a second encoded data slice based on the second encrypted encoded share and the second random number.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a processing module applying a share encoding function on data to produce a plurality of encoded shares and generating a plurality of random numbers. The method continues with the processing module obtaining a set of personalized authenticating values regarding user access to the data and generating a plurality of hidden passwords based on the set of personalized authenticating values. The method continues with the processing module generating an encryption key based on a corresponding one of the plurality of hidden passwords and a corresponding one of the plurality of random numbers and encrypting the encoded share utilizing the encryption key to produce an encrypted share for each encoded share of the plurality of encoded shares. The method continues with the processing module facilitating storage of the plurality of random numbers and each of the encrypted shares.
89 Citations
18 Claims
-
1. A method comprises:
-
encoding, in accordance with a share encoding function, an access information packet to produce a first encoded share and a second encoded share; obtaining a set of personalized authenticating values regarding user access of a user device to the access information packet, wherein each of at least some of the personalized authenticating values of the set of personalized authenticating values is unique; generating a first hidden password from the set of personalized authenticating values based on a first function; generating a second hidden password from the set of personalized authenticating values based on a second function; generating a first encryption key from the first hidden password and a first random number; generating a second encryption key from the second hidden password and a second random number; encrypting the first encoded share with the first encryption key to produce a first encrypted encoded share; encrypting the second encoded share using the second encryption key to produce a second encrypted encoded share; sending the first encrypted encoded share and the first random number to a first dispersed storage (DS) processing unit, wherein the first DS processing unit generates a first encoded data slice based on the first encrypted encoded share and the first random number; and sending the second encrypted encoded share and the second random number to a second DS processing unit, wherein the second DS processing unit generates a second encoded data slice based on the second encrypted encoded share and the second random number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer comprises:
-
an interface; a memory; and a processing module operably coupled to the interface and the memory, wherein the processing module is operable to; encode, in accordance with a share encoding function, an access information packet to produce a first encoded share and a second encoded share; obtain a set of personalized authenticating values regarding user access of a user device to the access information packet, wherein each of at least some of the personalized authenticating values of the set of personalized authenticating values is unique; generate a first hidden password from the set of personalized authenticating values based on a first function; generate a second hidden password from the set of personalized authenticating values based on a second function; generate a first encryption key from the first hidden password and a first random number; generate a second encryption key from the second hidden password and a second random number; encrypt the first encoded share with the first encryption key to produce a first encrypted encoded share; encrypt the second encoded share using the second encryption key to produce a second encrypted encoded share; send, via the interface, the first encrypted encoded share and the first random number to a first dispersed storage (DS) processing unit, wherein the first DS processing unit generates a first encoded data slice based on the first encrypted encoded share and the first random number; and send, via the interface, the second encrypted encoded share and the second random number to a second DS processing unit, wherein the second DS processing unit generates a second encoded data slice based on the second encrypted encoded share and the second random number. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification