ENCRYPTING DATA FOR STORAGE IN A DISPERSED STORAGE NETWORK
First Claim
1. A method comprises:
- dividing data into a plurality of data segments;
for a data segment of the plurality of data segments;
encoding the data segment using a dispersed storage error encoding function to produce a set of encoded data slices;
generating slice names for each encoded data slice of the set of encoded data slices to produce a plurality of slice names, wherein a slice name of the plurality of slice names includes a data identifier, a data segment identifier, and an encoded slice identifier;
when a subset of encoded data slices of the set of encoded data slices is to be encrypted;
generating a master key;
selecting a portion of the slice names for the subset of encoded data slices to produce a subset of selected slice name portions;
generating a subset of encryption keys based on the master key and the subset of selected slice name portions;
encrypting the subset of encoded data slices using the subset of encryption keys to produce a subset of encrypted encoded data slices;
outputting the subset of encrypted encoded data slices to a dispersed storage network (DSN) for storage therein; and
outputting remaining encoded data slices of the set of encoded data slices to the DSN for storage therein.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module dividing data into a plurality of data segments, encoding a data segment using a dispersed storage error encoding function to produce a set of encoded data slices, and generating slice names for each encoded data slice to produce a plurality of slice names. When a subset of encoded data slices of the set of encoded data slices is to be encrypted, the method continues with the DS processing module generating a master key, selecting a portion of the slice names for the subset of encoded data slices to produce a subset of selected slice name portions, generating a subset of encryption keys, encrypting the subset of encoded data slices using the subset of encryption keys to produce a subset of encrypted encoded data slices, and outputting the subset of encrypted encoded data slices to a dispersed storage network (DSN).
-
Citations
18 Claims
-
1. A method comprises:
-
dividing data into a plurality of data segments; for a data segment of the plurality of data segments; encoding the data segment using a dispersed storage error encoding function to produce a set of encoded data slices; generating slice names for each encoded data slice of the set of encoded data slices to produce a plurality of slice names, wherein a slice name of the plurality of slice names includes a data identifier, a data segment identifier, and an encoded slice identifier; when a subset of encoded data slices of the set of encoded data slices is to be encrypted; generating a master key; selecting a portion of the slice names for the subset of encoded data slices to produce a subset of selected slice name portions; generating a subset of encryption keys based on the master key and the subset of selected slice name portions; encrypting the subset of encoded data slices using the subset of encryption keys to produce a subset of encrypted encoded data slices; outputting the subset of encrypted encoded data slices to a dispersed storage network (DSN) for storage therein; and outputting remaining encoded data slices of the set of encoded data slices to the DSN for storage therein. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A dispersed storage (DS) module comprises:
-
a first module, when operable within a computing device, causes the computing device to; divide data into a plurality of data segments; for a data segment of the plurality of data segments; encode the data segment using a dispersed storage error encoding function to produce a set of encoded data slices; and generate slice names for each encoded data slice of the set of encoded data slices to produce a plurality of slice names, wherein a slice name of the plurality of slice names includes a data identifier, a data segment identifier, and an encoded slice identifier; a second module, when operable within the computing device, causes the computing device to; when a subset of encoded data slices of the set of encoded data slices is to be encrypted; generate a master key; select a portion of the slice names for the subset of encoded data slices to produce a subset of selected slice name portions; generate a subset of encryption keys based on the master key and the subset of selected slice name portions; and encrypt the subset of encoded data slices using the subset of encryption keys to produce a subset of encrypted encoded data slices; and a third module, when operable within the computing device, causes the computing device to; output the subset of encrypted encoded data slices to a dispersed storage network (DSN) for storage therein; and output remaining encoded data slices of the set of encoded data slices to the DSN for storage therein. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification