Efficient secret-key encrypted secure slice
First Claim
1. A method for use in a dispersed storage network (DSN) the method comprising:
- providing a random key to both an encryption module and a masking module;
at the encryption module;
encrypting starting data using the random key to produce encrypted data;
transmitting the encrypted data to a keyed-hash module and to a combining module;
at the keyed-hash module;
performing a secure hash function on the encrypted data using a secret key to produce a hash value;
transmitting the hash value to the masking module;
at the masking module;
masking the random key using the hash value to produce a masked random key;
transmitting the masked random key to the combining module;
at the combining module;
combining the encrypted data and the masked random key to produce a secure package;
transmitting the secure package to a client module;
at the client module;
encoding the secure package to produce a set of encoded data slices, wherein the secret key and a decode threshold number of encoded data slices included in the set of encoded data slices are sufficient to recover the secure package and the starting data, and wherein the decode threshold number is greater than one and less than a total number of encoded data slices in the set of encoded data slices;
transmitting the set of encoded data slices to a DSN memory; and
at the DSN memory, storing the set of encoded data slices in a set of storage units.
3 Assignments
0 Petitions
Accused Products
Abstract
An encryption module encrypts starting data using a random key to produce encrypted data. A hash module performs a secure hash function on the encrypted data using a secret key to produce a hash value. Processing circuitry masks the random key using the hash value to produce a masked random key, and combines the encrypted data and the masked random key to produce a secure package. A distributed storage and task module encodes the secure package to produce a set of encoded data slices. The secret key and a decode threshold number of the encoded data slices included in the set of encoded data slices are sufficient to recover the secure package and the starting data. The set of encoded data slices is stored in a set of storage units.
86 Citations
20 Claims
-
1. A method for use in a dispersed storage network (DSN) the method comprising:
-
providing a random key to both an encryption module and a masking module; at the encryption module; encrypting starting data using the random key to produce encrypted data; transmitting the encrypted data to a keyed-hash module and to a combining module; at the keyed-hash module; performing a secure hash function on the encrypted data using a secret key to produce a hash value; transmitting the hash value to the masking module; at the masking module; masking the random key using the hash value to produce a masked random key; transmitting the masked random key to the combining module; at the combining module; combining the encrypted data and the masked random key to produce a secure package; transmitting the secure package to a client module; at the client module; encoding the secure package to produce a set of encoded data slices, wherein the secret key and a decode threshold number of encoded data slices included in the set of encoded data slices are sufficient to recover the secure package and the starting data, and wherein the decode threshold number is greater than one and less than a total number of encoded data slices in the set of encoded data slices; transmitting the set of encoded data slices to a DSN memory; and at the DSN memory, storing the set of encoded data slices in a set of storage units. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A dispersed storage network (DSN) comprising:
-
an encryption module implemented using a processor and associated memory, the encryption module configured to; receive a random key provided to both the encryption module and to a masking module; encrypt starting data using the random key to produce encrypted data; transmit the encrypted data to a hash module and to a combining module; the hash module implemented using the processor and the associated memory, the hash module configured to; perform a secure hash function on the encrypted data using a secret key to produce a hash value; transmit the hash value to the masking module; processing circuitry configured to implement the masking module, the masking module configured to; receive the random key; mask the random key using the hash value to produce a masked random key;
transmit the masked random key to the combining module;the processing circuitry further configured to implement the combining module, the combining module configured to; combine the encrypted data and the masked random key to produce a secure package; transmit the secure package to a distributed storage and task module; the distributed storage and task module configured to; encode the secure package to produce a set of encoded data slices, wherein the secret key and a decode threshold number of encoded data slices included in the set of encoded data slices are sufficient to recover the secure package and the starting data, and wherein the decode threshold number is greater than one and less than a total number of encoded data slices in the set of encoded data slices; transmit the set of encoded data slices to a DSN memory; and processing circuitry configured to implement the DSN memory, the DSN memory configured to store the set of encoded data slices in a set of storage units. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method for use in a dispersed storage network (DSN) the method comprising:
-
providing a random key to both an encryption module and a masking module; at the encryption module; encrypting starting data using the random key to produce encrypted data; transmitting the encrypted data to a keyed-hash module and to a combining module; at the keyed-hash module; performing a secure hash function on the encrypted data using a secret key to produce a hash value; transmitting the hash value to the masking module; at the masking module; masking the random key using the hash value to produce a masked random key; transmitting the masked random key to the combining module; at the combining module; combining the encrypted data and the masked random key to produce a secure package; transmitting the secure package to a client module; at the client module; encoding the secure package to produce a set of encoded data slices, wherein the secret key and a decode threshold number of encoded data slices included in the set of encoded data slices are sufficient to recover the secure package and the starting data, and wherein the decode threshold number is greater than one and less than a total number of encoded data slices in the set of encoded data slices; transmitting the set of encoded data slices to a DSN memory; at the DSN memory, storing the set of encoded data slices in a set of storage units; and
recovering the starting data using at least the decode threshold number of the encoded data slices and the secret key. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification