Securing a data segment for storage
First Claim
1. A method for execution by a computer, the method comprises:
- retrieving a plurality of sets of encoded data slices, wherein a set of encoded data slices corresponds to a dispersed storage error encoded combined partition of a plurality of combined partitions;
dispersed storage error decoding the plurality of sets of encoded data slices to reproduce the plurality of combined partitions;
separating the plurality of combined partitions into a plurality of masked key partitions and a plurality of encrypted data segment partitions;
combining the plurality of masked key partitions to produce a masked key;
combining the plurality of encrypted data segment partitions to produce an encrypted data segment;
performing a deterministic function on the encrypted data segment to produce a transformed representation of the encrypted data segment;
unmasking the masked key utilizing the transformed representation of the encrypted data segment to recover an encryption key; and
decrypting the encrypted data segment using the encryption key to recover a data segment.
4 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module encrypting a data segment utilizing an encryption key to produce an encrypted data segment and performing a deterministic function on the encrypted data to produce a transformed representation of the encrypted data. The method continues with the DS processing module masking the encryption key utilizing the transformed representation of the encrypted data to produce a masked key, partitioning the masked key into a plurality masked key partitions, partitioning the encrypted data segment into a plurality of encrypted data segment partitions, and combining the plurality of masked key partitions with the plurality of encrypted data segment partitions to produce a plurality of combined partitions. For a combined partition of the plurality of combined partitions, the method continues with the DS processing module encoding the combined partition using a dispersed storage error coding function to produce a set of encoded data slices.
4 Citations
15 Claims
-
1. A method for execution by a computer, the method comprises:
-
retrieving a plurality of sets of encoded data slices, wherein a set of encoded data slices corresponds to a dispersed storage error encoded combined partition of a plurality of combined partitions; dispersed storage error decoding the plurality of sets of encoded data slices to reproduce the plurality of combined partitions; separating the plurality of combined partitions into a plurality of masked key partitions and a plurality of encrypted data segment partitions; combining the plurality of masked key partitions to produce a masked key; combining the plurality of encrypted data segment partitions to produce an encrypted data segment; performing a deterministic function on the encrypted data segment to produce a transformed representation of the encrypted data segment; unmasking the masked key utilizing the transformed representation of the encrypted data segment to recover an encryption key; and decrypting the encrypted data segment using the encryption key to recover a data segment. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer readable storage device comprises:
-
a first memory section that stores operational instructions that, when executed by a computing device, causes the computing device to; retrieve a plurality of sets of encoded data slices, wherein a set of encoded data slices corresponds to a dispersed storage error encoded combined partition of a plurality of combined partitions; a second memory section that stores operational instructions that, when executed by the computing device, causes the computing device to; dispersed storage error decode the plurality of sets of encoded data slices to reproduce the plurality of combined partitions; a third memory section that stores operational instructions that, when executed by the computing device, causes the computing device to; separate the plurality of combined partitions into a plurality of masked key partitions and a plurality of encrypted data segment partitions; combine the plurality of masked key partitions to produce a masked key; combine the plurality of encrypted data segment partitions to produce an encrypted data segment; perform a deterministic function on the encrypted data segment to produce a transformed representation of the encrypted data segment; unmask the masked key utilizing the transformed representation of the encrypted data segment to recover an encryption key; and a fourth memory section that stores operational instructions that, when executed by the computing device, causes the computing device to; decrypt the encrypted data segment using the encryption key to recover a data segment. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer comprises:
-
an interface; memory; and a processing module operably coupled to the interface and to the processing module, wherein the processing module is operable to; retrieve a plurality of sets of encoded data slices, wherein a set of encoded data slices corresponds to a dispersed storage error encoded combined partition of a plurality of combined partitions; dispersed storage error decode the plurality of sets of encoded data slices to reproduce the plurality of combined partitions; separate the plurality of combined partitions into a plurality of masked key partitions and a plurality of encrypted data segment partitions; combine the plurality of masked key partitions to produce a masked key; combine the plurality of encrypted data segment partitions to produce an encrypted data segment; perform a deterministic function on the encrypted data segment to produce a transformed representation of the encrypted data segment; unmask the masked key utilizing the transformed representation of the encrypted data segment to recover an encryption key; and decrypt the encrypted data segment using the encryption key to recover a data segment. - View Dependent Claims (12, 13, 14, 15)
-
Specification