Encrypting data for storage in a dispersed storage network
First Claim
1. A method for storing data, the method comprises:
- encrypting a plurality of data segments of the data using a plurality of encryption keys to produce a plurality of encrypted data segments;
generating a plurality of deterministic values from the plurality of encrypted data segments using one or more deterministic functions;
establishing a data intermingling pattern for the plurality of encrypted data segments;
generating a plurality of masked keys by;
selecting one or more of the plurality of deterministic values in accordance with the data intermingling pattern; and
performing a masking function on the plurality of encryption keys and the selected one or more of the plurality of deterministic values;
appending the plurality of masked keys to the plurality of encrypted data segments in accordance with the data intermingling pattern to produce a plurality of secure data packages; and
outputting the plurality of secure data packages for storage.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module encrypting a plurality of data segments of the data using a plurality of encryption keys to produce a plurality of encrypted data segments and generating a plurality of deterministic values from the plurality of encrypted data segments. The method continues with the DS processing module establishing a data intermingling pattern and generating a plurality of masked keys by selecting one or more of the plurality of deterministic values in accordance with the data intermingling pattern and performing a masking function on the plurality of encryption keys and the selected one or more of the plurality of deterministic values. The method continues with the DS processing module appending the plurality of masked keys to the plurality of encrypted data segments to produce a plurality of secure data packages and outputting the plurality of secure data packages.
86 Citations
18 Claims
-
1. A method for storing data, the method comprises:
-
encrypting a plurality of data segments of the data using a plurality of encryption keys to produce a plurality of encrypted data segments; generating a plurality of deterministic values from the plurality of encrypted data segments using one or more deterministic functions; establishing a data intermingling pattern for the plurality of encrypted data segments; generating a plurality of masked keys by; selecting one or more of the plurality of deterministic values in accordance with the data intermingling pattern; and performing a masking function on the plurality of encryption keys and the selected one or more of the plurality of deterministic values; appending the plurality of masked keys to the plurality of encrypted data segments in accordance with the data intermingling pattern to produce a plurality of secure data packages; and outputting the plurality of secure data packages for storage. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for retrieving stored data, the method comprises:
-
retrieving a plurality of secure data packages; establishing a data intermingling pattern for the plurality of secure data packages; segregating the plurality of secure data packages in accordance with the data intermingling pattern to produce a plurality of masked keys and a plurality of encrypted data segments; generating a plurality of deterministic values from the plurality of encrypted data segments using one or more deterministic functions; performing a masking function on the plurality of masked keys and the plurality of deterministic values in accordance with the data intermingling pattern to produce a plurality of encryption keys; and decrypting the plurality of encrypted data segments using the plurality of encryption keys to produce a plurality of data segments of the stored data. - View Dependent Claims (7, 8, 9)
-
-
10. A dispersed storage (DS) module comprises:
-
a first module, when operable within a computing device, causes the computing device to; encrypt a plurality of data segments of the data using a plurality of encryption keys to produce a plurality of encrypted data segments; a second module, when operable within the computing device, causes the computing device to; generate a plurality of deterministic values from the plurality of encrypted data segments using one or more deterministic functions; a third module, when operable within the computing device, causes the computing device to; establish a data intermingling pattern for the plurality of encrypted data segments; a fourth module, when operable within the computing device, causes the computing device to; generate a plurality of masked keys by; selecting one or more of the plurality of deterministic values in accordance with the data intermingling pattern; and performing a masking function on the plurality of encryption keys and the selected one or more of the plurality of deterministic values; a fifth module, when operable within the computing device, causes the computing device to; append the plurality of masked keys to the plurality of encrypted data segments in accordance with the data intermingling pattern to produce a plurality of secure data packages; and a sixth module, when operable within the computing device, causes the computing device to; output the plurality of secure data packages for storage. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A dispersed storage (DS) module comprises:
-
a first module, when operable within a computing device, causes the computing device to; retrieve a plurality of secure data packages; a second module, when operable within the computing device, causes the computing device to; establish a data intermingling pattern for the plurality of secure data packages; a third module, when operable within the computing device, causes the computing device to; segregate the plurality of secure data packages in accordance with the data intermingling pattern to produce a plurality of masked keys and a plurality of encrypted data segments; a fourth module, when operable within the computing device, causes the computing device to; generate a plurality of deterministic values from the plurality of encrypted data segments using one or more deterministic functions; a fifth module, when operable within the computing device, causes the computing device to; perform a masking function on the plurality of masked keys and the plurality of deterministic values in accordance with the data intermingling pattern to produce a plurality of encryption keys; and a sixth module, when operable within the computing device, causes the computing device to; decrypt the plurality of encrypted data segments using the plurality of encryption keys to produce a plurality of data segments of the stored data. - View Dependent Claims (16, 17, 18)
-
Specification