Secure data access in a dispersed storage network
First Claim
1. A method for execution by one or more processing modules of a storage device, the method comprises:
- receiving an access request regarding a data object, wherein the access request includes a data object identifier, requestor information, and addressing information;
determining a base key identifier based on the access request;
determining content specific information based on the access request;
retrieving a set of base key slices utilizing the base key identifier;
decoding the set of base key slices in accordance with an error encoding function to recover a base key;
generating an access specific key based on the recovered base key and the content specific information; and
executing the access request regarding the data object utilizing the access specific key.
4 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module receiving an access request regarding a data object, where the access request includes a data object identifier, requestor information, and addressing information. The method continues with the DS processing module determining a base key identifier based on the access request and determining content specific information based on the access request. The method continues with the DS processing module retrieving a set of base key slices utilizing the base key identifier and decoding the set of base key slices in accordance with an error encoding function to recover a base key. The method continues with the DS processing module generating an access specific key based on the recovered base key and the content specific information and executing the access request regarding the data object utilizing the access specific key.
-
Citations
20 Claims
-
1. A method for execution by one or more processing modules of a storage device, the method comprises:
-
receiving an access request regarding a data object, wherein the access request includes a data object identifier, requestor information, and addressing information; determining a base key identifier based on the access request; determining content specific information based on the access request; retrieving a set of base key slices utilizing the base key identifier; decoding the set of base key slices in accordance with an error encoding function to recover a base key; generating an access specific key based on the recovered base key and the content specific information; and executing the access request regarding the data object utilizing the access specific key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A dispersed storage (DS) module of a storage device, the DS module comprises:
-
a processing module, when operable within the storage device, causes the storage device to; receive an access request regarding a data object, wherein the access request includes a data object identifier, requestor information, and addressing information; determine a base key identifier based on the access request; and determine content specific information based on the access request; a key provision module, when operable within the storage device, causes the storage device to; retrieve a set of base key slices utilizing the base key identifier; and decode the set of base key slices in accordance with an error encoding function to recover a base key; a key generator module, when operable within the storage device, causes the storage device to; generate an access specific key based on the recovered base key and the content specific information; and the processing module is further operable to cause the storage device to; execute the access request regarding the data object utilizing the access specific key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification