APPLYING MULTIPLE HASH FUNCTIONS TO GENERATE MULTIPLE MASKED KEYS IN A SECURE SLICE IMPLEMENTATION
First Claim
Patent Images
1. A method of storing secure data comprising:
- encrypting data utilizing an encryption key to produce encrypted data;
performing a plurality of deterministic functions on the encrypted data to produce a plurality of deterministic function values;
masking the encryption key utilizing the plurality of deterministic function values to produce a plurality of masked keys; and
combining the encrypted data and the plurality of masked keys to produce a secure package.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for efficiently storing and accessing secure data are disclosed. The method of storing includes encrypting data utilizing an encryption key to produce encrypted data, performing deterministic functions on the encrypted data to produce deterministic function values, masking the encryption key utilizing the deterministic function values to produce masked keys and combining the encrypted data and the masked keys to produce a secure package. The method of accessing includes de-combining a secure package to reproduce encrypted data and masked keys, selecting a deterministic function, performing the selected deterministic function on the reproduced encrypted data to reproduce a deterministic function value, de-masking a corresponding masked key utilizing the reproduced deterministic function value to reproduce an encryption key, and decrypting the reproduced encrypted data utilizing the reproduced encryption key to reproduce data.
7 Citations
20 Claims
-
1. A method of storing secure data comprising:
-
encrypting data utilizing an encryption key to produce encrypted data; performing a plurality of deterministic functions on the encrypted data to produce a plurality of deterministic function values; masking the encryption key utilizing the plurality of deterministic function values to produce a plurality of masked keys; and combining the encrypted data and the plurality of masked keys to produce a secure package. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of accessing secure data comprising:
-
de-combining a secure package to reproduce encrypted data and a plurality of masked keys; selecting a selected deterministic function of a plurality of deterministic functions based on one or more characteristics of the plurality of deterministic functions; performing the selected deterministic function of the plurality of deterministic functions on the encrypted data to reproduce a deterministic function value; de-masking a masked key of the plurality of masked keys corresponding to the selected deterministic function of the plurality of deterministic functions using the deterministic function value to produce an encryption key; and decrypting the encrypted data utilizing the encryption key to produce reproduced data. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A dispersed storage processing unit for use in a dispersed storage network, the dispersed storage processing unit comprising:
-
a communications interface; a memory; and a computer processor; where the memory includes instructions for causing the computer processor to; encrypt first data utilizing a first encryption key to produce first encrypted data; perform a first plurality of deterministic functions on the first encrypted data to produce a first plurality of deterministic function values; mask the first encryption key utilizing the first plurality of deterministic function values to produce a first plurality of masked keys; combine the first encrypted data and the first plurality of masked keys to produce a first secure package; de-combine a second secure package to reproduce second encrypted data and a second plurality of masked keys; select a selected deterministic function of a second plurality of deterministic functions based on one or more characteristics of the second plurality of deterministic functions; perform the selected deterministic function of the second plurality of deterministic functions on the second encrypted data to reproduce a reproduced deterministic function value; de-mask a masked key of the second plurality of masked keys corresponding to the selected deterministic function of the second plurality of deterministic functions using the reproduced deterministic function value to produce a second encryption key; and decrypt the second encrypted data utilizing the second encryption key to produce second data. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneePure Storage, Inc.
-
Original AssigneeInternational Business Machines Corporation
-
InventorsResch, Jason K.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current
-
CPC Class CodesG06F 11/1076 Parity data used in redunda...G06F 11/1092 Rebuilding, e.g. when physi...G06F 12/0684 with feedback, e.g. presenc...G06F 12/0813 with a network or matrix co...G06F 12/0888 using selective caching, e....G06F 12/1408 by using cryptography for d...G06F 16/182 Distributed file systemsG06F 16/2246 Trees, e.g. B+treesG06F 2212/154 Networked environmentG06F 2212/263 Network storage, e.g. SAN o...G06F 3/0604 Improving or facilitating a...G06F 3/0608 Saving storage space on sto...G06F 3/0611 in relation to response timeG06F 3/0616 in relation to life time, e...G06F 3/0619 in relation to data integri...G06F 3/0623 in relation to contentG06F 3/0631 by allocating resources to ...G06F 3/064 Management of blocksG06F 3/0644 Management of space entitie...G06F 3/0647 Migration mechanismsView All
