APPLYING MULTIPLE HASH FUNCTIONS TO GENERATE MULTIPLE MASKED KEYS IN A SECURE SLICE IMPLEMENTATION
First Claim
1. A method of storing secure data comprising:
- encrypting data utilizing an encryption key to produce encrypted data;
performing a plurality of deterministic functions on the encrypted data to produce a plurality of deterministic function values;
masking the encryption key utilizing the plurality of deterministic function values to produce a plurality of masked keys; and
combining the encrypted data and the plurality of masked keys to produce a secure package.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for efficiently storing and accessing secure data are disclosed. The method of storing includes encrypting data utilizing an encryption key to produce encrypted data, performing deterministic functions on the encrypted data to produce deterministic function values, masking the encryption key utilizing the deterministic function values to produce masked keys and combining the encrypted data and the masked keys to produce a secure package. The method of accessing includes de-combining a secure package to reproduce encrypted data and masked keys, selecting a deterministic function, performing the selected deterministic function on the reproduced encrypted data to reproduce a deterministic function value, de-masking a corresponding masked key utilizing the reproduced deterministic function value to reproduce an encryption key, and decrypting the reproduced encrypted data utilizing the reproduced encryption key to reproduce data.
7 Citations
20 Claims
-
1. A method of storing secure data comprising:
-
encrypting data utilizing an encryption key to produce encrypted data; performing a plurality of deterministic functions on the encrypted data to produce a plurality of deterministic function values; masking the encryption key utilizing the plurality of deterministic function values to produce a plurality of masked keys; and combining the encrypted data and the plurality of masked keys to produce a secure package. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of accessing secure data comprising:
-
de-combining a secure package to reproduce encrypted data and a plurality of masked keys; selecting a selected deterministic function of a plurality of deterministic functions based on one or more characteristics of the plurality of deterministic functions; performing the selected deterministic function of the plurality of deterministic functions on the encrypted data to reproduce a deterministic function value; de-masking a masked key of the plurality of masked keys corresponding to the selected deterministic function of the plurality of deterministic functions using the deterministic function value to produce an encryption key; and decrypting the encrypted data utilizing the encryption key to produce reproduced data. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A dispersed storage processing unit for use in a dispersed storage network, the dispersed storage processing unit comprising:
-
a communications interface; a memory; and a computer processor; where the memory includes instructions for causing the computer processor to; encrypt first data utilizing a first encryption key to produce first encrypted data; perform a first plurality of deterministic functions on the first encrypted data to produce a first plurality of deterministic function values; mask the first encryption key utilizing the first plurality of deterministic function values to produce a first plurality of masked keys; combine the first encrypted data and the first plurality of masked keys to produce a first secure package; de-combine a second secure package to reproduce second encrypted data and a second plurality of masked keys; select a selected deterministic function of a second plurality of deterministic functions based on one or more characteristics of the second plurality of deterministic functions; perform the selected deterministic function of the second plurality of deterministic functions on the second encrypted data to reproduce a reproduced deterministic function value; de-mask a masked key of the second plurality of masked keys corresponding to the selected deterministic function of the second plurality of deterministic functions using the reproduced deterministic function value to produce a second encryption key; and decrypt the second encrypted data utilizing the second encryption key to produce second data. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification