Securely recovering stored data in a dispersed storage network
First Claim
Patent Images
1. A method for execution by a dispersed storage and task (DST) execution unit that includes a hardware processor, the method comprises:
- generating, based on a slice pre-image request from a computing device, a data pre-image by performing a pre-image function on a data slice based on a plurality of storage units indicated in the request; and
generating an encrypted data pre-image for transmission to the computing device by performing an encryption function on the data pre-image based on a key associated with a requesting entity;
wherein the computing device receives a plurality of encrypted data pre-images from a plurality of storage units that includes the DST execution unit for transmission to the requesting entity for decoding;
wherein the requesting entity receives a plurality of storage unit identifiers corresponding to the plurality of storage units from the computing device, and wherein the requesting entity decodes the plurality of encrypted data pre-images by utilizing a plurality of unique keys, each associated with one of the plurality of storage units; and
wherein the requesting entity receives a sum of the encrypted data pre-images from the computing device, and wherein decoding includes subtracting each of the plurality of unique keys from the sum of the encrypted data pre-images.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for execution by a dispersed storage and task (DST) execution unit that includes a processor includes receiving a slice pre-image request from a computing device via a network that indicates a data slice, a requesting entity and a plurality of storage units. A data pre-image is generated by performing a pre-image function on the data slice based on the plurality of storage units. An encrypted data pre-image is generated for transmission to the computing device by performing an encryption function on the data pre-image based on a key associated with the requesting entity.
81 Citations
20 Claims
-
1. A method for execution by a dispersed storage and task (DST) execution unit that includes a hardware processor, the method comprises:
-
generating, based on a slice pre-image request from a computing device, a data pre-image by performing a pre-image function on a data slice based on a plurality of storage units indicated in the request; and generating an encrypted data pre-image for transmission to the computing device by performing an encryption function on the data pre-image based on a key associated with a requesting entity; wherein the computing device receives a plurality of encrypted data pre-images from a plurality of storage units that includes the DST execution unit for transmission to the requesting entity for decoding; wherein the requesting entity receives a plurality of storage unit identifiers corresponding to the plurality of storage units from the computing device, and wherein the requesting entity decodes the plurality of encrypted data pre-images by utilizing a plurality of unique keys, each associated with one of the plurality of storage units; and wherein the requesting entity receives a sum of the encrypted data pre-images from the computing device, and wherein decoding includes subtracting each of the plurality of unique keys from the sum of the encrypted data pre-images. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A processing system of a dispersed storage and task (DST) execution unit comprises:
-
at least one hardware processor; a memory that stores operational instructions, that when executed by the at least one hardware processor cause the processing system to perform operations including; generating, based on a slice pre-image request from a computing device, a data pre-image by performing a pre-image function on a data slice based on a plurality of storage units indicated in the request; and generating an encrypted data pre-image for transmission to the computing device by performing an encryption function on the data pre-image based on a key associated with a requesting entity; wherein the computing device receives a plurality of encrypted data pre-images from a plurality of storage units that includes the DST execution unit for transmission to the requesting entity for decoding; wherein the requesting entity receives a plurality of storage unit identifiers corresponding to the plurality of storage units from the computing device, and wherein the requesting entity decodes the plurality of encrypted data pre-images by utilizing a plurality of unique keys, each associated with one of the plurality of storage units; and wherein the requesting entity receives a sum of the encrypted data pre-images from the computing device, and wherein decoding includes subtracting each of the plurality of unique keys from the sum of the encrypted data pre-images. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium comprises:
-
at least one memory section that stores operational instructions that, when executed by a processing system of a dispersed storage and task (DST) execution unit that includes a hardware processor and a memory, causes the processing system to perform operations including; generating, based on a slice pre-image request from a computing device, a data pre-image by performing a pre-image function on a data slice based on a plurality of storage units indicated in the request; and generating an encrypted data pre-image for transmission to the computing device by performing an encryption function on the data pre-image based on a Key associated with a requesting entity; wherein the computing device receives a plurality of encrypted data pre-images from a plurality of storage units that includes the DST execution unit for transmission to the requesting entity for decoding; wherein the requesting entity receives a plurality of storage unit identifiers corresponding to the plurality of storage units from the computing device, and wherein the requesting entity decodes the plurality of encrypted data pre-images by utilizing a plurality of unique keys, each associated with one of the plurality of storage units; and wherein the requesting entity receives a sum of the encrypted data pre-images from the computing device, and wherein decoding includes subtracting each of the plurality of unique keys from the sum of the encrypted data pre-images. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification