Dispersed storage secure data decoding
First Claim
Patent Images
1. A method operating on a computer and comprising the steps of:
- generating, by a processor of the computer, a read command to read at least some of a plurality of data slices from a dispersed storage network;
de-slicing, by the processor, the at least some of the plurality of data slices using a reverse information dispersal algorithm to produce an all-or-nothing encrypted data segment; and
applying, by the processor, a reverse all-or-nothing transformation on the all-or-nothing encrypted data segment to recover a data segment, wherein the reverse all-or-nothing transformation includes;
retrieving an obfuscated encryption key and an encrypted data segment from the all-or-nothing encrypted data segment;
calculating a digest from the encrypted data segment;
recovering the encryption key from the obfuscated encryption key based on the digest; and
decrypting the encrypted data segment based on the encryption key to produce the data segment.
5 Assignments
0 Petitions
Accused Products
Abstract
A method operating on a computer begins by generating a read command to read at least some of a plurality of data slices from a dispersed storage network. The method continues by receiving the at least some of the plurality of data slices. The method continues by performing a reverse information dispersal algorithm on at least some of the plurality of data slices to produce a plurality of transposed data elements. The method continues by reverse transposing the plurality of transposed data elements to recover data elements of a data segment.
-
Citations
8 Claims
-
1. A method operating on a computer and comprising the steps of:
-
generating, by a processor of the computer, a read command to read at least some of a plurality of data slices from a dispersed storage network; de-slicing, by the processor, the at least some of the plurality of data slices using a reverse information dispersal algorithm to produce an all-or-nothing encrypted data segment; and applying, by the processor, a reverse all-or-nothing transformation on the all-or-nothing encrypted data segment to recover a data segment, wherein the reverse all-or-nothing transformation includes; retrieving an obfuscated encryption key and an encrypted data segment from the all-or-nothing encrypted data segment; calculating a digest from the encrypted data segment; recovering the encryption key from the obfuscated encryption key based on the digest; and decrypting the encrypted data segment based on the encryption key to produce the data segment. - View Dependent Claims (2, 3, 4)
-
-
5. A computer comprising:
-
a network port adapted to couple with a network and receive at least some of a plurality of data slices; and a processor coupled to said network port wherein said processor; receives the at least some of a plurality of data slices from the network port; de-slices the at least some of the plurality of data slices using a reverse information dispersal algorithm to produce an all-or-nothing encrypted data segment; and applies a reverse all-or-nothing transformation on the all-or-nothing encrypted data segment to recover a data segment, wherein the reverse all-or-nothing transformation includes; retrieving an obfuscated encryption key and an encrypted data segment from the all-or-nothing encrypted data segment; calculating a digest from the encrypted data segment; recovering the encryption key from the obfuscated encryption key based on the digest; and decrypting the encrypted data segment based on the encryption key to produce the data segment. - View Dependent Claims (6, 7, 8)
-
Specification