Using a master encryption key to sanitize a dispersed storage network memory
First Claim
1. A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method comprises:
- identifying, for data stored as a set of encoded data slices within a corresponding set of storage units within a DSN memory, one or more encryption keys used to encrypt the data within the DSN memory;
identifying, for data stored within a portion of the DSN memory requiring sanitization, a master key of the one or more encryption keys that reflects a smallest number of encoded data slices in the set of encoded data slices that also includes all encoded data slices of the portion of the DSN memory requiring sanitization;
determining, when the master key is not used to encrypt data stored outside of the portion of the DSN memory requiring sanitization; and
when the master key is not used to encrypt data stored outside the portion of the DSN memory requiring sanitization, sanitizing, by erasing the master key, the data stored within the portion of the DSN memory.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method begins by identifying, for data stored within a DSN memory, one or more encryption keys used to encrypt data stored within the DSN memory. The method continues by identifying, for data stored within a portion of the DSN memory requiring sanitization, a master key of the one or more encryption keys that encrypts all of the data stored within the portion to be sanitized. The method continues by determining, if the master key is not used to encrypt data stored outside of the portion to be sanitized. The method continues, if the master key is not used to encrypt data stored outside of the portion to be sanitized, by sanitizing the data stored within a portion of the DSN memory by erasing the master key.
-
Citations
19 Claims
-
1. A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method comprises:
-
identifying, for data stored as a set of encoded data slices within a corresponding set of storage units within a DSN memory, one or more encryption keys used to encrypt the data within the DSN memory; identifying, for data stored within a portion of the DSN memory requiring sanitization, a master key of the one or more encryption keys that reflects a smallest number of encoded data slices in the set of encoded data slices that also includes all encoded data slices of the portion of the DSN memory requiring sanitization; determining, when the master key is not used to encrypt data stored outside of the portion of the DSN memory requiring sanitization; and when the master key is not used to encrypt data stored outside the portion of the DSN memory requiring sanitization, sanitizing, by erasing the master key, the data stored within the portion of the DSN memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computing device of a group of computing devices of a dispersed storage network (DSN), the computing device comprises:
-
an interface; a local memory; and a processing module operably coupled to the interface and the local memory, wherein the processing module functions to; identify, for data stored as a set of encoded data slices within a corresponding set of storage units within a DSN memory, one or more encryption keys used to encrypt the data stored within the DSN memory; identify, for data stored within a portion of the DSN memory requiring sanitization, a master key of the one or more encryption keys that reflects a smallest number of encoded data slices in the set of encoded data slices that also includes all encoded data slices of the portion of the DSN memory requiring sanitization; determine, when the master key is not used to encrypt data stored outside of the portion of the DSN memory requiring sanitization; and when the master key is not used to encrypt the data stored outside of the portion of the DSN memory requiring sanitization, sanitize, by erasing the master key, the data stored within a portion of the DSN memory requiring sanitization. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method comprises:
-
identifying, for a data storage unit within a DSN memory, one or more encryption keys each used to encrypt data stored as a set of encoded data slices within a corresponding set of storage units within the DSN memory; identifying, for data stored within multiple portions of the data storage unit requiring sanitization, each master key of the one or more encryption keys used to encrypt data stored as a set of encoded data slices within a corresponding set of storage units within the DSN memory that collectively reflects a smallest number of encoded data slices in the set of encoded data slices that also includes all encoded data slices of the portion of the DSN memory requiring sanitization; determining, when the identified master keys are not used to encrypt the data stored outside of the data storage unit to be sanitized; and when the identified master keys are not used to encrypt data stored outside of the data storage unit to be sanitized, sanitizing, by erasing a respective master key of each of the multiple portions of the data storage unit requiring sanitization, the data stored within each of the multiple portions of the data storage unit requiring sanitization. - View Dependent Claims (18, 19)
-
Specification