Dispersed storage network with encrypted portion withholding and methods for use therewith
First Claim
1. A method for use in a pre-data manipulator of a computing device, the method comprising:
- receiving a data segment at the pre-data manipulator;
combining the data segment with a sentinel value to generate a combined data segment;
encrypting the combined data segment;
calculating a digest of the encrypted combined data segment;
encrypting an encryption key using the digest to produce a masked key;
appending the masked key to the encrypted combined data segment to generate an encrypted package;
determining when to withhold a portion of the encrypted package;
removing the portion of the encrypted package when the portion of the encrypted package is to be withheld; and
transmitting the encrypted package less the portion to be withheld.
5 Assignments
0 Petitions
Accused Products
Abstract
An integrity record is appended to data slices prior to being sent to multiple slice storage units. Each of the data slices includes a different encoded version of the same data segment. An integrity indicator of each data slice is computed, and the integrity record is generated based on each of the individual integrity indicators, and may be, for example, list or a hash of the combined integrity indicators. When retrieving data slices from storage, the integrity record can be stripped off, a new integrity indicator of the data slice calculated, and a new integrity record created. The new integrity record can be compared to the original integrity record, and used to verify the integrity of the data slices.
80 Citations
20 Claims
-
1. A method for use in a pre-data manipulator of a computing device, the method comprising:
-
receiving a data segment at the pre-data manipulator; combining the data segment with a sentinel value to generate a combined data segment; encrypting the combined data segment; calculating a digest of the encrypted combined data segment; encrypting an encryption key using the digest to produce a masked key; appending the masked key to the encrypted combined data segment to generate an encrypted package; determining when to withhold a portion of the encrypted package; removing the portion of the encrypted package when the portion of the encrypted package is to be withheld; and transmitting the encrypted package less the portion to be withheld. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A processing unit adapted to be coupled to a dispersed storage network (DSN), the processing unit comprising:
-
input/output interface circuitry adapted to be coupled to the DSN; memory; and a processing module operably coupled to the memory and to the input/output interface circuitry, wherein the processing module is operable to; receive a data segment at the processing unit; combine the data segment with a sentinel value to generate a combined data segment; encrypt the combined data segment; calculate a digest of the encrypted combined data segment; encrypt an encryption key using the digest to produce a masked key; append the masked key to the encrypted combined data segment to generate an encrypted package; determine when to withhold a portion of the encrypted package; remove the portion of the encrypted package when the portion of the encrypted package is to be withheld; and transmit the encrypted package less the portion to be withheld. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer readable storage medium comprises:
at least one memory section that stores operational instructions that, when executed by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), causes the one or more computing devices to; receive a data segment at the one or more processing modules; combine the data segment with a sentinel value to generate a combined data segment; encrypt the combined data segment; calculate a digest of the encrypted combined data segment; encrypt an encryption key using the digest to produce a masked key; append the masked key to the encrypted combined data segment to generate an encrypted package; determine when to withhold a portion of the encrypted package; remove the portion of the encrypted package when the portion of the encrypted package is to be withheld; and transmit the encrypted package less the portion to be withheld. - View Dependent Claims (16, 17, 18, 19, 20)
Specification