Securing data in a dispersed storage network using shared secret slices

US 8,504,847 B2
Filed: 04/18/2010
Issued: 08/06/2013
Est. Priority Date: 04/20/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A computing device comprising:

an interface to receive a plurality of encoded data slices from a plurality of different storage units included in a vault of a distributed storage network, each of the encoded data slices associated with a pillar having a respective pillar number, and encoded using an encoder algorithm including an encoding function and at least one encoder constant;

memory;

a processing module operably coupled to the interface and the memory, wherein the processing module is operable to implement;

a decoder to recover the at least one encoder constant and determine the encoder algorithm using the plurality of encoded data elements, the respective pillar number, and the encoding function, wherein the at least one encoder constant is recovered using more than one of the plurality of encoded data slices;

the decoder further to decode the plurality of encoded data slices to generate a decoded data element using the encoding algorithm.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data element can be encoded into multiple encoded data elements using an encoding algorithm that includes an encoding function and one or more encoder constant. The encoded data elements can be organized into multiple pillars, each having a respective pillar number. Each of the pillars is sent to a different storage unit of a distributed storage network. To recover the original data element, the encoded data elements are retrieved from storage, and the encoder constant is recovered using multiple encoded data elements. Recovering the encoder constant allows the encoding algorithm originally used to encode the data elements to be determined, and used to recover the original data element. The security of the stored data is enhanced, because an encoded data element from a single pillar is insufficient to identify the encoder constant.

96 Citations

View as Search Results

8 Claims

1. A computing device comprising:
- an interface to receive a plurality of encoded data slices from a plurality of different storage units included in a vault of a distributed storage network, each of the encoded data slices associated with a pillar having a respective pillar number, and encoded using an encoder algorithm including an encoding function and at least one encoder constant;
  
  memory;
  
  a processing module operably coupled to the interface and the memory, wherein the processing module is operable to implement;
  
  a decoder to recover the at least one encoder constant and determine the encoder algorithm using the plurality of encoded data elements, the respective pillar number, and the encoding function, wherein the at least one encoder constant is recovered using more than one of the plurality of encoded data slices;
  
  the decoder further to decode the plurality of encoded data slices to generate a decoded data element using the encoding algorithm.
- View Dependent Claims (2, 3, 4)
- - 2. The computing device of claim 1, wherein the plurality of encoded data slices includes a greater number of encoded data slices than required to recover the encoder constant, the computing device further comprising:
    - the decoder further to recover the at least one encoder constant and determine the encoder algorithm using fewer than all of the plurality of encoded data elements.
  - 3. The computing device of claim 2, further comprising:
    - the decoder to verify an integrity of the decoded data element by solving for the at least one encoder constant, wherein solving includes decoding more than one of the plurality of encoded data segments using the encoding algorithm.
  - 4. The computing device of claim 2, further comprising:
    - the decoder to verify an integrity of the plurality of encoded data slices by recovering the at least one encoder constant using at least one more encoded data slice of the plurality of encoded data elements than minimally required.

5. A method for execution by a processing module of a computing device, the method comprising:
- receiving, via an interface of the computing device, a plurality of encoded data slices from a plurality of different storage units included in a vault of a distributed storage network, each of the encoded data slices associated with a pillar having a respective pillar number, and encoded using an encoder algorithm including an encoding function and at least one encoder constant;
  
  recovering, by the processing module, the at least one encoder constant and determining the encoder algorithm using the plurality of encoded data slices, the respective pillar number, and the encoding function, wherein the at least one encoder constant is recovered using more than one of the plurality of encoded data slices;
  
  decoding, by the processing module, the plurality of encoded data slices to generate a decoded data element using the encoding algorithm.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the plurality of encoded data slices includes a greater number of encoded data slices than required to recover the encoder constant, the method further comprising:
    - recovering the at least one encoder constant and determining the encoder algorithm using fewer than all of the plurality of encoded data slices.
  - 7. The method of claim 5, further comprising:
    - verifying an integrity of the decoded data element by solving for the at least one encoder constant, the solving including decoding more than one of the plurality of encoded data slices using the encoding algorithm.
  - 8. The method of claim 5, further comprising:
    - verifying an integrity of the plurality of encoded data slices by recovering the at least one encoder constant using at least one more encoded data slice of the plurality of encoded data slices than minimally required.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Resch, Jason K., Leggette, Wesley
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US12/762,352
Publication Number

US 20100268877A1
Time in Patent Office

1,206 Days
Field of Search

713/193
US Class Current

713/193
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 16/1844   Management specifically ada...

G06F 21/1083   Partial license transfers

G06F 2211/1059   Parity-single bit-RAID5, i....

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 67/1097   for distributed storage of ...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3236   using cryptographic hash fu...

Securing data in a dispersed storage network using shared secret slices

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

96 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Securing data in a dispersed storage network using shared secret slices

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links