Distributed storage network and method for encrypting and decrypting data using hash functions
First Claim
1. A method for processing a data segment within a portion of a distributed storage network, the method comprising:
- segmenting data into a plurality of data segments;
determining a data segment partitioning scheme for the plurality of data segments, wherein the data segment partitioning scheme partitions each of at least some data segments of the plurality of data segments into a plurality of portions and wherein size of portions of the plurality of portions of a first data segment of the at least some data segments is different than size of portions of the plurality of portions of a second data segment of the at least some data segments;
partitioning, in accordance with the data segment partitioning scheme, the plurality of data segments into a multitude of pluralities of portions;
for one of the multitude of pluralities of portions, entering a loop that includes;
generating an encryption key based on a portion of the one of the multitude of pluralities of portions or on an encrypted portion;
encrypting another portion of the one of the multitude of pluralities of portions using the encryption key to produce another encrypted portion;
when at least one portion of the one of the multitude of pluralities of portions is to be encrypted, repeating the loop for one of the at least one portion of the one of the multitude of pluralities of portions, wherein the other encrypted portion is the encrypted portion for generating the encryption key; and
exiting the loop when the one of the multitude of pluralities of portions have been encrypted into a plurality of encrypted portions;
encoding, in accordance with an error-coding dispersal storage function, the plurality of encrypted portions to produce a set of encoded data slices; and
outputting a plurality of sets of encoded data slices for storage in the distributed storage network, wherein the plurality of sets of encoded data slices includes the set of encoded data slices.
5 Assignments
0 Petitions
Accused Products
Abstract
A DS processing unit includes a grid module and a DSN interface. The grid module is operable to encrypt a data segment and to decrypt an encrypted data segment. To encrypt the data segment, the grid module partitions the data segment into portions and encrypts the portions using encryption keys generated from other portions to produce encrypted portions. The grid module then dispersed storage error encodes the encrypted portions to produce a set of encoded data slices, which the DSN interface outputs to a DSN. The DSN interface also receives a set of encoded data slices, which the grid module disperse storage error decodes to produce the encrypted data segment. The grid module then partitions the encrypted data segment into encrypted data portions and decrypts the encrypted data portions using decryption keys generated from other encrypted data portions to produce decrypted portions of a recovered data segment.
-
Citations
17 Claims
-
1. A method for processing a data segment within a portion of a distributed storage network, the method comprising:
-
segmenting data into a plurality of data segments; determining a data segment partitioning scheme for the plurality of data segments, wherein the data segment partitioning scheme partitions each of at least some data segments of the plurality of data segments into a plurality of portions and wherein size of portions of the plurality of portions of a first data segment of the at least some data segments is different than size of portions of the plurality of portions of a second data segment of the at least some data segments; partitioning, in accordance with the data segment partitioning scheme, the plurality of data segments into a multitude of pluralities of portions; for one of the multitude of pluralities of portions, entering a loop that includes; generating an encryption key based on a portion of the one of the multitude of pluralities of portions or on an encrypted portion; encrypting another portion of the one of the multitude of pluralities of portions using the encryption key to produce another encrypted portion; when at least one portion of the one of the multitude of pluralities of portions is to be encrypted, repeating the loop for one of the at least one portion of the one of the multitude of pluralities of portions, wherein the other encrypted portion is the encrypted portion for generating the encryption key; and exiting the loop when the one of the multitude of pluralities of portions have been encrypted into a plurality of encrypted portions; encoding, in accordance with an error-coding dispersal storage function, the plurality of encrypted portions to produce a set of encoded data slices; and outputting a plurality of sets of encoded data slices for storage in the distributed storage network, wherein the plurality of sets of encoded data slices includes the set of encoded data slices. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for processing an encrypted data segment within a portion of a distributed storage network, the method comprising:
-
decoding, in accordance with an error-coding dispersal storage function, a set of encoded data slices to produce encrypted data; segmenting encrypted data into a plurality of encrypted data segments; determining a data segment partitioning scheme for the plurality of encrypted data segments, wherein the data segment partitioning scheme partitions each of at least some encrypted data segments of the plurality of encrypted data segments into a plurality of encrypted portions and wherein size of encrypted portions of the plurality of encrypted portions of a first encrypted data segment of the at least some encrypted data segments is different than size of encrypted portions of the plurality of encrypted portions of a second encrypted data segment of the at least some encrypted data segments; partitioning, in accordance with the data segment partitioning scheme, the plurality of encrypted data segments into a multitude of pluralities of encrypted portions; for one of the multitude of pluralities of encrypted portions, entering a loop that includes; generating an encryption key based on an encrypted portion of the one of the multitude of pluralities of encrypted portions or on a decrypted portion; decrypting another encrypted portion of the one of the multitude of pluralities of encrypted portions using the encryption key to produce another decrypted portion; when at least one portion of the one of the multitude of pluralities of encrypted portions is to be decrypted, repeating the loop for one of the at least one encrypted portion of the one of the multitude of pluralities of encrypted portions, wherein the other decrypted portion is the decrypted portion for generating the encryption key; and exiting the loop when the one of the multitude of pluralities of encrypted portions have been decrypted into a plurality of decrypted portions; and combining multitudes of pluralities of decrypted portions to produce a plurality of decrypted data segments, wherein the multitude of pluralities of decrypted portions includes the plurality of decrypted portions. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A distributed storage (DS) processing unit comprises:
-
a distributed storage network (DSN) interface; and a grid module operable to encrypt data by; segmenting the data into a plurality of data segments; determining a data segment partitioning scheme for the plurality of data segments, wherein the data segment partitioning scheme partitions each of at least some data segments of the plurality of data segments into a plurality of portions and wherein size of portions of the plurality of portions of a first data segment of the at least some data segments is different than size of portions of the plurality of portions of a second data segment of the at least some data segments; partitioning, in accordance with the data segment partitioning scheme, the plurality of data segments into a multitude of pluralities of portions; encrypting the multitude of pluralities of portions using encryption keys generated from other portions of the multitude of pluralities of portions to produce a multitude of pluralities of encrypted portions; and encoding, in accordance with an error-coding dispersal storage function, the multitude of pluralities of encrypted portions to produce a plurality of sets of encoded data slices; and outputting, via the DSN interface, the plurality of sets of encoded data slices for storage in DSN; the grid module is further operable to decrypt encrypted data by; receiving, via the DSN interface, a plurality of sets of encoded encrypted data slices; decode, in accordance with the error-coding dispersal storage function, the plurality of sets of encoded encrypted data slices to produce the encrypted data; segmenting encrypted data into a plurality of encrypted data segments; determining a data segment partitioning scheme for the plurality of encrypted data segments, wherein the data segment partitioning scheme partitions each of at least some encrypted data segments of the plurality of encrypted data segments into a plurality of encrypted portions and wherein size of encrypted portions of the plurality of encrypted portions of a first encrypted data segment of the at least some encrypted data segments is different than size of encrypted portions of the plurality of encrypted portions of a second encrypted data segment of the at least some encrypted data segments; partitioning, in accordance with the data segment partitioning scheme, the plurality of encrypted data segments into a multitude of pluralities of encrypted data portions; decrypting the multitude of pluralities of encrypted data portions using decryption keys generated from other encrypted data portions of the multitude of pluralities of encrypted data portions to produce a multitude of pluralities of decrypted portions; and combining the multitude of pluralities of decrypted portions to produce decrypted data. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification