Data encryption parameter dispersal

US 8,468,368 B2
Filed: 09/17/2010
Issued: 06/18/2013
Est. Priority Date: 12/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprises:

obtaining encoded key slices from a plurality of devices;

when a threshold number of the encoded key slices have been obtained, decoding the threshold number of the encoded key slices utilizing a first error coding dispersal storage function to produce a key;

receiving encoded data slices;

when a threshold number of the encoded data slices have been received, decoding the threshold number of encoded data slices utilizing a second error coding dispersal storage function to produce encrypted data;

obtaining encoded encryption function slices; and

when a threshold number of encoded encryption function slices have been obtained, decoding the encoded encryption function slices in accordance with the first or second error coding dispersal storage function to produce an encryption function; and

decrypting the encrypted data utilizing the key and the encryption function to produce data.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins with a processing module obtaining encoded key slices from a plurality of user devices and decoding a threshold number of the encoded key slices utilizing a first error coding dispersal storage function to produce a key when the threshold number of the encoded key slices has been obtained. The method continues with the processing module receiving encoded data slices and decoding a threshold number of encoded data slices utilizing a second error coding dispersal storage function to produce encrypted data when the threshold number of the encoded data slices has been received. The method continues with the processing module decrypting the encrypted data utilizing the key and an encryption function to produce data.

Citations

16 Claims

1. A method comprises:
- obtaining encoded key slices from a plurality of devices;
  
  when a threshold number of the encoded key slices have been obtained, decoding the threshold number of the encoded key slices utilizing a first error coding dispersal storage function to produce a key;
  
  receiving encoded data slices;
  
  when a threshold number of the encoded data slices have been received, decoding the threshold number of encoded data slices utilizing a second error coding dispersal storage function to produce encrypted data;
  
  obtaining encoded encryption function slices; and
  
  when a threshold number of encoded encryption function slices have been obtained, decoding the encoded encryption function slices in accordance with the first or second error coding dispersal storage function to produce an encryption function; and
  
  decrypting the encrypted data utilizing the key and the encryption function to produce data.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the obtaining the encoded key slices further comprises at least one of:
    - retrieving an encoded key slice of the encoded key slices from a local memory of a user device of the plurality of user devices and retrieving other encoded key slices of the encoded key slices from other user devices of the plurality of user devices; and
      
      receiving the encoded key slices from the other user devices of the plurality of user devices.
  - 3. The method of claim 1, wherein the receiving the encoded data slices further comprises at least one of:
    - receiving the encoded data slices from a dispersed storage network (DSN) memory in response to a request; and
      
      receiving the encoded data slices from the plurality of user devices in response to a user device request.
  - 4. The method of claim 1 further comprises:
    - the first error coding dispersal storage function is substantially equal to the second error coding dispersal storage function.

5. A method comprises:
- obtaining a key;
  
  encoding the key utilizing a first error coding dispersal storage function to produce a set of encoded key slices;
  
  outputting the set of encoded key slices;
  
  encrypting a portion of data utilizing the key in accordance with an encryption function to produce an encrypted portion of data;
  
  encoding the encrypted portion of data utilizing a second error coding dispersal storage function to produce a set of encoded data slices;
  
  outputting the set of encoded data slices;
  
  encoding the encryption function using the first or second error coding dispersal storage function to produce a set of encoded encryption function slices; and
  
  outputting the set of encoded encryption function slices.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the outputting of the encoded key slices further comprises at least one of:
    - storing at least one encoded key slice of the set of encoded key slices in a local memory of a user device and outputting at least one other encoded key slice of the set of encoded key slices to a second user device for storage therein; and
      
      outputting the set of encoded key slices to a plurality of user devices for storage therein.
  - 7. The method of claim 5, wherein the outputting the set of encoded data slices further comprises at least one of:
    - outputting the set of encoded data slices to a dispersed storage network (DSN) memory for storage therein; and
      
      outputting the set of encoded data slices to a plurality of user devices for storage therein.
  - 8. The method of claim 5 further comprises:
    - the first error coding dispersal storage function is substantially equal to the second error coding dispersal storage function.

9. A computer comprises:
- an interface;
  
  a local memory; and
  
  a processing module operable to;
  
  obtain encoded key slices from a plurality of devices;
  
  decode a threshold number of the encoded key slices utilizing a first error coding dispersal storage function to produce a key when the threshold number of the encoded key slices have been obtained;
  
  receive, via the interface, encoded data slices;
  
  decode a threshold number of the encoded data slices utilizing a second error coding dispersal storage function to produce encrypted data when the threshold number of the encoded data slices have been received;
  
  obtain encoded encryption function slices;
  
  decode the encoded encryption function slices in accordance with the first or second error coding dispersal storage function to produce an encryption function when a threshold number of encoded encryption function slices have been obtained; and
  
  decrypt the encrypted data utilizing the key and the encryption function to produce data.
- View Dependent Claims (10, 11, 12)
- - 10. The computer of claim 9, wherein the processing module further functions to obtain the encoded key slices by at least one of:
    - retrieving an encoded key slice of the encoded key slices from the local memory of a user device of the plurality of user devices and retrieving, via the interface, other encoded key slices of the encoded key slices from other user devices of the plurality of user devices; and
      
      receiving, via the interface, the encoded key slices from the other user devices of the plurality of user devices.
  - 11. The computer of claim 9, wherein the processing module further functions to receive the encoded data slices by at least one of:
    - receiving, via the interface, the encoded data slices from a dispersed storage network (DSN) memory in response to a request; and
      
      receiving, via the interface, the encoded data slices from the plurality of user devices in response to a user device request.
  - 12. The computer of claim 9 further comprises:
    - the first error coding dispersal storage function is substantially equal to the second error coding dispersal storage function.

13. A computer comprises:
- an interface;
  
  a local memory; and
  
  a processing module operable to;
  
  obtain a key;
  
  encode the key utilizing a first error coding dispersal storage function to produce a set of encoded key slices;
  
  output, via the interface, the set of encoded key slices;
  
  encrypt a portion of data utilizing the key in accordance with an encryption function to produce an encrypted portion of data;
  
  encode the encrypted portion of data utilizing a second error coding dispersal storage function to produce a set of encoded data slices; and
  
  output, via the interface, the set of encoded data slicesencode the encryption function using the first or second error coding dispersal storage function to produce a set of encoded encryption function slices; and
  
  output, via the interface, the set of encoded encryption function slices.
- View Dependent Claims (14, 15, 16)
- - 14. The computer of claim 13, wherein the processing module further functions to output the encoded key slices by at least one of:
    - storing at least one encoded key slice of the set of encoded key slices in the local memory of a user device and outputting, via the interface, at least one other encoded key slice of the set of encoded key slices to a second user device for storage therein; and
      
      outputting, via the interface, the set of encoded key slices to a plurality of user devices for storage therein.
  - 15. The computer of claim 13, wherein the processing module further functions to output the set of encoded data slices by at least one of:
    - outputting, via the interface, the set of encoded data slices to a dispersed storage network (DSN) memory for storage therein; and
      
      outputting, via the interface, the set of encoded data slices to a plurality of user devices for storage therein.
  - 16. The computer of claim 13 further comprises:
    - the first error coding dispersal storage function is substantially equal to the second error coding dispersal storage function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Gladwin, S. Christopher, Abhijeet, Kumar, Dhuse, Greg, Resch, Jason K.
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Zhu, Zhimei

Application Number

US12/885,160
Publication Number

US 20110161655A1
Time in Patent Office

1,005 Days
Field of Search

380/277, 380/286, 707/999.202, 713/150, 713/153
US Class Current

713/193
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

G06F 2221/2107   File encryption

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 63/0428   wherein the data content is...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0894   Escrow, recovery or storing...

Data encryption parameter dispersal

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Data encryption parameter dispersal

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links