Password augmented all-or-nothin transform
First Claim
1. A computing device comprising:
- an interface configured to interface and communicate with a dispersed or distributed storage network (DSN);
memory that stores operational instructions; and
processing circuitry operably coupled to the interface and to the memory, wherein the processing circuitry is configured to execute the operational instructions to;
encrypt data using a key to generate encrypted data;
process the encrypted data and a password based on a deterministic function to generate transformed data;
mask the key using a masking function based on the transformed data to generate a masked key;
combine the encrypted data and the masked key to generate a secure package;
encode the secure package in accordance with dispersed error encoding parameters produce a set of encoded data slices (EDSs), wherein the secure package is segmented into a plurality of data segments, wherein a data segment of the plurality of data segments is dispersed error encoded in accordance with the dispersed error encoding parameters to produce the set of EDSs; and
transmit, via the interface, the set of EDSs to a plurality of storage units (SUs) to be distributedly stored within the plurality of SUs and to be accessed by another computing device, wherein a decode threshold number of EDSs are needed by the another computing device to recover the data segment via the DSN.
4 Assignments
0 Petitions
Accused Products
Abstract
A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory. The processing circuitry is configured to execute the operational instructions to perform various operations and functions. The computing device encrypts data using a key to generate encrypted data and processes it and a password based on a deterministic function to generate transformed data. The computing device masks the key based on a masking function based on the transformed data to generate a masked key, and then combines the encrypted data and the masked key to generate a secure package that is encoded in accordance with dispersed error encoding parameters produce a set of encoded data slices (EDSs) and transmits the set of EDSs to a plurality of storage units (SUs) to be distributedly stored therein.
-
Citations
20 Claims
-
1. A computing device comprising:
-
an interface configured to interface and communicate with a dispersed or distributed storage network (DSN); memory that stores operational instructions; and processing circuitry operably coupled to the interface and to the memory, wherein the processing circuitry is configured to execute the operational instructions to; encrypt data using a key to generate encrypted data; process the encrypted data and a password based on a deterministic function to generate transformed data; mask the key using a masking function based on the transformed data to generate a masked key; combine the encrypted data and the masked key to generate a secure package; encode the secure package in accordance with dispersed error encoding parameters produce a set of encoded data slices (EDSs), wherein the secure package is segmented into a plurality of data segments, wherein a data segment of the plurality of data segments is dispersed error encoded in accordance with the dispersed error encoding parameters to produce the set of EDSs; and transmit, via the interface, the set of EDSs to a plurality of storage units (SUs) to be distributedly stored within the plurality of SUs and to be accessed by another computing device, wherein a decode threshold number of EDSs are needed by the another computing device to recover the data segment via the DSN. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computing device comprising:
-
an interface configured to interface and communicate with a dispersed or distributed storage network (DSN); memory that stores operational instructions; and processing circuitry operably coupled to the interface and to the memory, wherein the processing circuitry is configured to execute the operational instructions to; encrypt data using a key to generate encrypted data; process the encrypted data and a password using a deterministic function to generate transformed data including processing the encrypted data and the password based on a hash-based message authentication code function (HMAC) to generate the transformed data; mask the key based on a masking function based on the transformed data to generate a masked key including to perform an exclusive OR (XOR) function on the key and the transformed data to produce the masked key; combine the encrypted data and the masked key to generate a secure package; encode the secure package in accordance with dispersed error encoding parameters produce a set of encoded data slices (EDSs), wherein the secure package is segmented into a plurality of data segments, wherein a data segment of the plurality of data segments is dispersed error encoded in accordance with the dispersed error encoding parameters to produce the set of EDSs; and transmit, via the interface, the set of EDSs to a plurality of storage units (SUs) to be distributedly stored within the plurality of SUs and to be accessed by another computing device, wherein a decode threshold number of EDSs are needed by the another computing device to recover the data segment via the DSN. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method for execution by a computing device, the method comprising:
-
encrypting data using a key to generate encrypted data; processing the encrypted data and a password using a deterministic function to generate transformed data; masking the key based on a masking function based on the transformed data to generate a masked key; combining the encrypted data and the masked key to generate a secure package; encoding the secure package in accordance with dispersed error encoding parameters produce a set of encoded data slices (EDSs), wherein the secure package is segmented into a plurality of data segments, wherein a data segment of the plurality of data segments is dispersed error encoded in accordance with the dispersed error encoding parameters to produce the set of EDSs; and transmitting, via an interface of the computing device that is configured to interface and communicate with a dispersed or distributed storage network (DSN), the set of EDSs to a plurality of storage units (SUs) to be distributedly stored within the plurality of SUs and to be accessed by another computing device, wherein a decode threshold number of EDSs are needed by the another computing device to recover the data segment via the DSN. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification