STORING ACCESS INFORMATION IN A DISPERSED STORAGE NETWORK

US 20110286595A1
Filed: 08/04/2011
Published: 11/24/2011
Est. Priority Date: 05/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprises:

applying a share encoding function on data to produce a plurality of encoded shares;

generating a plurality of random numbers;

obtaining a set of personalized authenticating values regarding user access to the data;

generating a plurality of hidden passwords based on the set of personalized authenticating values;

for each encoded share of the plurality of encoded shares;

generating an encryption key based on a corresponding one of the plurality of hidden passwords and a corresponding one of the plurality of random numbers; and

encrypting the encoded share utilizing the encryption key to produce an encrypted share; and

facilitating storage of the plurality of random numbers and each of the encrypted shares.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a processing module applying a share encoding function on data to produce a plurality of encoded shares and generating a plurality of random numbers. The method continues with the processing module obtaining a set of personalized authenticating values regarding user access to the data and generating a plurality of hidden passwords based on the set of personalized authenticating values. The method continues with the processing module generating an encryption key based on a corresponding one of the plurality of hidden passwords and a corresponding one of the plurality of random numbers and encrypting the encoded share utilizing the encryption key to produce an encrypted share for each encoded share of the plurality of encoded shares. The method continues with the processing module facilitating storage of the plurality of random numbers and each of the encrypted shares.

Citations

18 Claims

1. A method comprises:
- applying a share encoding function on data to produce a plurality of encoded shares;
  
  generating a plurality of random numbers;
  
  obtaining a set of personalized authenticating values regarding user access to the data;
  
  generating a plurality of hidden passwords based on the set of personalized authenticating values;
  
  for each encoded share of the plurality of encoded shares;
  
  generating an encryption key based on a corresponding one of the plurality of hidden passwords and a corresponding one of the plurality of random numbers; and
  
  encrypting the encoded share utilizing the encryption key to produce an encrypted share; and
  
  facilitating storage of the plurality of random numbers and each of the encrypted shares.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the share encoding function comprises at least one of:
    - a dispersed storage error encoding function; and
      
      a secret sharing function.
  - 3. The method of claim 1, wherein the generating the corresponding plurality of random numbers comprises:
    - obtaining a plurality of base random numbers; and
      
      expanding each base random number of the plurality of base random numbers based on security parameters to produce the corresponding plurality of random numbers.
  - 4. The method of claim 1, wherein the set of personalized authenticating values includes at least one of:
    - a user device identifier (ID);
      
      a user ID;
      
      a personal information number (PIN);
      
      a badge ID;
      
      a district ID;
      
      a work-shift ID;
      
      an assignment ID;
      
      a mission ID;
      
      a passcode;
      
      a password;
      
      a picture file;
      
      a video file;
      
      an audio file;
      
      a retinal scan;
      
      a facial scan;
      
      a fingerprint scan;
      
      a personal secret; and
      
      a password index number.
  - 5. The method of claim 1, wherein the generating the corresponding plurality of hidden passwords comprises:
    - transforming the set of personalized authenticating values in accordance with a set of transformation functions to produce a set of transformed personalized authenticating values; and
      
      for each password of the corresponding plurality of hidden passwords;
      
      combining, in accordance with a combining function, one of the set of transformed personalized authenticating values with at least one of a constant and another one of the set of transformed personalized authenticating values to produce the password.
  - 6. The method of claim 5, wherein the transformation function includes at least one of:
    - a null function;
      
      a concatenation function;
      
      an inverting function;
      
      a hashing function;
      
      an encryption function;
      
      a compressing function; and
      
      a mask generating function.
  - 7. The method of claim 5, wherein the combining function includes at least one of:
    - an addition function;
      
      a subtraction function;
      
      a multiplication function;
      
      a division function;
      
      a logical exclusive OR function;
      
      a logical OR function; and
      
      a logical AND function.
  - 8. The method of claim 1, wherein the generating the encryption key comprises:
    - transforming the corresponding one of the plurality of hidden passwords utilizing a mask generating function, security parameters, and the corresponding one of the plurality of random numbers.
  - 9. The method of claim 1, wherein the facilitating storage of the corresponding plurality of random numbers and the encrypted shares comprises at least one of:
    - sending the encrypted share and the corresponding one of the corresponding plurality of random numbers to a dispersed storage (DS) processing unit;
      
      dispersed storage error encoding the encrypted share to produce a plurality of encoded share slices and outputting the plurality of encoded share slices for storage; and
      
      dispersed storage error encoding the corresponding one of the corresponding plurality of random numbers to produce a plurality of encoded random number slices and outputting the plurality of encoded random number slices for storage.

10. A computer comprises:
- an interface;
  
  a memory; and
  
  a processing module operable to;
  
  apply a share encoding function on data to produce a plurality of encoded shares;
  
  generate a plurality of random numbers;
  
  obtain a set of personalized authenticating values regarding user access to the data;
  
  generate a plurality of hidden passwords based on the set of personalized authenticating values;
  
  for each encoded share of the plurality of encoded shares;
  
  generate an encryption key based on a corresponding one of the plurality of hidden passwords and a corresponding one of the plurality of random numbers; and
  
  encrypt the encoded share utilizing the encryption key to produce an encrypted share; and
  
  facilitate storage of the plurality of random numbers and each of the encrypted shares.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer of claim 10, wherein the share encoding function comprises at least one of:
    - a dispersed storage error encoding function; and
      
      a secret sharing function.
  - 12. The computer of claim 10, wherein the processing module functions to generate the corresponding plurality of random numbers by:
    - obtaining a plurality of base random numbers; and
      
      expanding each base random number of the plurality of base random numbers based on security parameters to produce the corresponding plurality of random numbers.
  - 13. The computer of claim 10, wherein the set of personalized authenticating values includes at least one of:
    - a user device identifier (ID);
      
      a user ID;
      
      a personal information number (PIN);
      
      a badge ID;
      
      a district ID;
      
      a work-shift ID;
      
      an assignment ID;
      
      a mission ID;
      
      a passcode;
      
      a password;
      
      a picture file;
      
      a video file;
      
      an audio file;
      
      a retinal scan;
      
      a facial scan;
      
      a fingerprint scan;
      
      a personal secret; and
      
      a password index number.
  - 14. The computer of claim 10, wherein the processing module functions to generate the corresponding plurality of hidden passwords by:
    - transforming the set of personalized authenticating values in accordance with a set of transformation functions to produce a set of transformed personalized authenticating values; and
      
      for each password of the corresponding plurality of hidden passwords;
      
      combining, in accordance with a combining function, one of the set of transformed personalized authenticating values with at least one of a constant and another one of the set of transformed personalized authenticating values to produce the password.
  - 15. The computer of claim 14, wherein the transformation function includes at least one of:
    - a null function;
      
      a concatenation function;
      
      an inverting function;
      
      a hashing function;
      
      an encryption function;
      
      a compressing function; and
      
      a mask generating function.
  - 16. The computer of claim 14, wherein the combining function includes at least one of:
    - an addition function;
      
      a subtraction function;
      
      a multiplication function;
      
      a division function;
      
      a logical exclusive OR function;
      
      a logical OR function; and
      
      a logical AND function.
  - 17. The computer of claim 10, wherein the processing module functions to generate the encryption key by:
    - transforming the corresponding one of the plurality of hidden passwords utilizing a mask generating function, security parameters, and the corresponding one of the plurality of random numbers.
  - 18. The computer of claim 10, wherein the processing module functions to facilitate storage of the corresponding plurality of random numbers and the encrypted shares by at least one of:
    - sending, via the interface, the encrypted share and the corresponding one of the corresponding plurality of random numbers to a dispersed storage (DS) processing unit;
      
      dispersed storage error encoding the encrypted share to produce a plurality of encoded share slices and outputting, via the interface, the plurality of encoded share slices for storage; and
      
      dispersed storage error encoding the corresponding one of the corresponding plurality of random numbers to produce a plurality of encoded random number slices and outputting, via the interface, the plurality of encoded random number slices for storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
RESCH, JASON K., GRUBE, GARY W., GLADWIN, S. CHRISTOPHER, MARKISON, TIMOTHY W., SHIRLEY, THOMAS FRANKLIN Jr.

Granted Patent

US 10,193,689 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/46
CPC Class Codes

H04L 2209/04   Masking or blinding

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0863   involving passwords or one-...

H04L 9/0869   involving random numbers or...

H04L 9/0894   Escrow, recovery or storing...

STORING ACCESS INFORMATION IN A DISPERSED STORAGE NETWORK

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

STORING ACCESS INFORMATION IN A DISPERSED STORAGE NETWORK

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links