SECURING DATA IN A DISPERSED STORAGE NETWORK USING SECURITY SENTINAL VALUE
First Claim
1. A method for use in a pre-data manipulator, the method comprising:
- receiving a data segment at the pre-data manipulator;
combining the data segment with a sentinel value to generate a combined data segment;
encrypting the combined data segment and sentinel value using an encryption key to generate an encrypted combined data segment;
calculating a digest of the encrypted combined data segment;
generating a masked key based on the digest and the encryption key;
appending the masked key to the encrypted combined data segment to generate an encrypted package; and
transmitting the encrypted package to an encoder.
5 Assignments
0 Petitions
Accused Products
Abstract
A sentinel value is combined with a data segment, and encrypted. A digest of the encrypted combined data segment is calculated, and used in conjunction with an encryption key to generate a masked key. This masked key is then appended to the encrypted combined data segment and transmitted to an encoder. When the data segment is retrieved, the original encryption key can be recovered and used to decrypt the data segment. The sentinel value can then be extracted from the data segment and checked for integrity. The data segment can then be delivered, discarded, flagged, or otherwise handled based on the integrity of the sentinel value.
-
Citations
26 Claims
-
1. A method for use in a pre-data manipulator, the method comprising:
-
receiving a data segment at the pre-data manipulator; combining the data segment with a sentinel value to generate a combined data segment; encrypting the combined data segment and sentinel value using an encryption key to generate an encrypted combined data segment; calculating a digest of the encrypted combined data segment; generating a masked key based on the digest and the encryption key; appending the masked key to the encrypted combined data segment to generate an encrypted package; and transmitting the encrypted package to an encoder. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for use in a pre-data de-manipulator, the method comprising:
-
receiving an encrypted package from a decoder; extracting a masked key from the encrypted package to produce an encrypted data segment; calculating a digest of the encrypted data segment; generating a recovered key using the masked key and the digest of the encrypted data segment; decrypting the encrypted data segment using the recovered key to generate a recovered data segment and a recovered sentinel value; determining an integrity of the recovered sentinel value; and outputting the recovered data segment in response to determining a favorable integrity of the recovered sentinel value. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A pre-data manipulator comprising:
-
processing circuitry to; combine a data segment with a sentinel value to generate a combined data segment; encrypt the combined data segment using an encryption key to generate an encrypted combined data segment; calculate a digest of the encrypted combined data segment; generate a masked key based on the digest and the encryption key; append the masked key to the encrypted combined data segment to generate an encrypted package; and an output to transmit the encrypted package to an encoder. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A pre-data de-manipulator comprising:
-
processing circuitry to; extract a masked key from the encrypted package to produce an encrypted data segment; calculate a digest of the encrypted data segment; generate a recovered key using the masked key and the digest of the encrypted data segment; decrypt the encrypted data segment using the recovered key to generate a recovered data segment and a recovered sentinel value; determine an integrity of the recovered sentinel value; and an output to provided the recovered data segment in response to a favorable integrity of the recovered sentinel value. - View Dependent Claims (22, 23, 24, 25, 26)
-
Specification