Distributed storage network and method for encrypting and decrypting data using hash functions
First Claim
1. A method for processing a data segment within a portion of a distributed storage network, the method comprising:
- receiving a data segment;
partitioning the data segment into a first portion and a second portion;
determining a first hash value for the first portion;
producing an encrypted second portion utilizing a first encryption key that is based at least in part on the first hash value;
determining a second hash value of the encrypted second portion;
producing an encrypted first portion utilizing a second encryption key that is based at least in part on the second hash value;
combining the encrypted first portion and the encrypted second portion into an encrypted data segment; and
outputting the encrypted data segment for further processing and storage in secure memory locations located across the distributed storage network.
5 Assignments
0 Petitions
Accused Products
Abstract
A distributed storage network received a data segment. The data segment is partitioned into two or more portions. A first portion hash is calculated from the first portion of data and used to encrypt the second portion of data. A hash of the encrypted second portion of data is then used to either encrypt the next portion of data (in this case, a third portion of data) or to circle back to the beginning and encrypt the first portion of the data if the second portion of data is the last in data segment. This iterative process continues until all portions of the data segment are encrypted in a sequence. In essence, the data portions of the segment are sequentially processed in some order to encrypt the various portions in that progressing order. A reverse order is used to derive the hash values and decrypt the encrypted data portions into decrypted original data to recreate the data segment.
-
Citations
21 Claims
-
1. A method for processing a data segment within a portion of a distributed storage network, the method comprising:
-
receiving a data segment; partitioning the data segment into a first portion and a second portion; determining a first hash value for the first portion; producing an encrypted second portion utilizing a first encryption key that is based at least in part on the first hash value; determining a second hash value of the encrypted second portion; producing an encrypted first portion utilizing a second encryption key that is based at least in part on the second hash value; combining the encrypted first portion and the encrypted second portion into an encrypted data segment; and outputting the encrypted data segment for further processing and storage in secure memory locations located across the distributed storage network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for processing a data segment within a portion of a distributed storage network, the method comprising:
-
receiving an encrypted data segment from a storage devices distributed over the distributed storage network; partitioning the encrypted data segment into a first encrypted portion and a second encrypted portion; determining a first hash value for the second encrypted portion; producing a decrypted first portion utilizing the first hash value; determining a second hash value for the decrypted first portion; producing a decrypted second portion utilizing the second hash value; combining the decrypted first portion and the decrypted second portion into a decrypted data segment; and outputting the decrypted data segment to an output. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A distributed storage (DS) grid module adapted to process data segments within a distributed storage network, the distributed storage access grid comprising:
-
an interface for receiving data segments from within the distributed storage access module; and a processing module having a computing core coupled to memory, the processing module being coupled to the interface and being operable to; receive a data segment; partition the data segment into a first portion and a second portion; determine a first hash value for the first portion; produce an encrypted second portion utilizing a first encryption key that is based at least in part on the first hash value; determine a second hash value of the encrypted second portion; produce an encrypted first portion utilizing a second encryption key that is based at least in part on the second hash value; combine the encrypted first portion and the encrypted second portion into an encrypted data segment; and output the encrypted data segment for further processing and storage in secure memory locations located across the distributed storage network.
-
-
21. A distributed storage (DS) grid module adapted to process encrypted data segments within a distributed storage network, the distributed storage access grid comprising:
-
an interface for receiving the encrypted data segments from within the distributed storage access module; and a processing module having a computing core coupled to memory, the processing module being coupled to the interface and being operable to; receive a data segment; partition the data segment into a first portion and a second portion; determine a first hash value for the first portion; produce an encrypted second portion utilizing a first encryption key that is based at least in part on the first hash value; determine a second hash value of the decrypted second portion; produce an encrypted first portion utilizing a second encryption key that is based at least in part on the second hash value; combine the encrypted first portion and the encrypted second portion into an encrypted data segment; and output the encrypted data segment for further processing and storage in secure memory locations located across the distributed storage network.
-
Specification