DISTRIBUTED STORAGE NETWORK AND METHOD FOR ENCRYPTING AND DECRYPTING DATA USING HASH FUNCTIONS
First Claim
1. A method for processing a data segment within a portion of a distributed storage network, the method comprising:
- partitioning the data segment into a plurality of portions;
entering a loop that includes;
generating an encryption key based on a portion of the plurality of portions or on an encrypted portion;
encrypting another portion of the plurality of portions using the encryption key to produce another encrypted portion;
when at least one portion of the plurality of portions is to be encrypted, repeating the loop for one of the at least one portion of the plurality of portions, wherein the other encrypted portion is the encrypted portion for generating the encryption key; and
exiting the loop when the plurality of portions have been encrypted into a plurality of encrypted portions;
dispersed storage error encoding the plurality of encrypted portions to produce a set of encoded data slices; and
outputting the set of encoded data slices for store in the distributed storage network.
5 Assignments
0 Petitions
Accused Products
Abstract
A DS processing unit includes a grid module and a DSN interface. The grid module is operable to encrypt a data segment and to decrypt an encrypted data segment. To encrypt the data segment, the grid module partitions the data segment into portions and encrypts the portions using encryption keys generated from other portions to produce encrypted portions. The grid module then dispersed storage error encodes the encrypted portions to produce a set of encoded data slices, which the DSN interface outputs to a DSN. The DSN interface also receives a set of encoded data slices, which the grid module disperse storage error decodes to produce the encrypted data segment. The grid module then partitions the encrypted data segment into encrypted data portions and decrypts the encrypted data portions using decryption keys generated from other encrypted data portions to produce decrypted portions of a recovered data segment.
-
Citations
20 Claims
-
1. A method for processing a data segment within a portion of a distributed storage network, the method comprising:
-
partitioning the data segment into a plurality of portions; entering a loop that includes; generating an encryption key based on a portion of the plurality of portions or on an encrypted portion; encrypting another portion of the plurality of portions using the encryption key to produce another encrypted portion; when at least one portion of the plurality of portions is to be encrypted, repeating the loop for one of the at least one portion of the plurality of portions, wherein the other encrypted portion is the encrypted portion for generating the encryption key; and exiting the loop when the plurality of portions have been encrypted into a plurality of encrypted portions; dispersed storage error encoding the plurality of encrypted portions to produce a set of encoded data slices; and outputting the set of encoded data slices for store in the distributed storage network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for processing an encrypted data segment within a portion of a distributed storage network, the method comprising:
-
dispersed storage error decoding a set of encoded data slices to produce the encrypted data segment; partitioning the encrypted data segment into a plurality of encrypted portions; entering a loop that includes; generating an encryption key based on an encrypted portion of the plurality of encrypted portions or on a decrypted portion; decrypting another encrypted portion of the plurality of encrypted portions using the encryption key to produce another decrypted portion; when at least one portion of the plurality of encrypted portions is to be decrypted, repeating the loop for one of the at least one encrypted portion of the plurality of encrypted portions, wherein the other decrypted portion is the decrypted portion for generating the encryption key; and exiting the loop when the plurality of encrypted portions have been decrypted into a plurality of decrypted portions; and combining the plurality of decrypted portions to produce a decrypted data segment. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A distributed storage (DS) processing unit comprises:
-
a grid module operable to; encrypt a data segment by; partitioning the data segment into a plurality of portions; encrypting the plurality of portions using encryption keys generated from other portions of the plurality of portions to produce a plurality of encrypted portions; and dispersed storage error encode the plurality of encrypted portions to produce a set of encoded data slices; and decrypt an encrypted data segment by; disperse storage error decode a retrieved set of encoded data slices to produce the encrypted data segment; partitioning the encrypted data segment into a plurality of encrypted data portions; decrypting the plurality of encrypted data portions using decryption keys generated from other encrypted data portions to produce a plurality of decrypted portions; and a distributed storage network (DSN) interface operable to; output the set of encoded data slices to a DSN; and receive the retrieved set of encoded data slices from the DSN. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification