Utilizing a deterministic all or nothing transformation in a dispersed storage network
First Claim
Patent Images
1. A method for execution by a computing device, the method comprises:
- performing a function to generate a deterministic key from a data segment, in which the data segment is one of a plurality of data segments generated by segmenting a data object and in which the data segments are processed separately for storage to store the data object;
encrypting the data segment using the deterministic key to produce encrypted data;
performing a transform function on the encrypted data to produce transformed data;
performing a masking function on the deterministic key and the transformed data to generate a masked key;
combining the masked key and the encrypted data to produce a secure package; and
error encoding the secure package to generate a plurality of data slices for storage, wherein a threshold number of data slices of the secure package are needed to reconstruct the secure package when retrieved, the threshold number of data slices being less than the plurality of data slices generated.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a processing module generating a deterministic key from data and encrypting the data using the deterministic key to produce encrypted data. The method continues with the processing module generating transformed data from the encrypted data and generating a masked key from the deterministic key and the transformed data. The method continues with the processing module combining the masked key and the encrypted data to produce a secure package.
84 Citations
22 Claims
-
1. A method for execution by a computing device, the method comprises:
-
performing a function to generate a deterministic key from a data segment, in which the data segment is one of a plurality of data segments generated by segmenting a data object and in which the data segments are processed separately for storage to store the data object; encrypting the data segment using the deterministic key to produce encrypted data; performing a transform function on the encrypted data to produce transformed data; performing a masking function on the deterministic key and the transformed data to generate a masked key; combining the masked key and the encrypted data to produce a secure package; and error encoding the secure package to generate a plurality of data slices for storage, wherein a threshold number of data slices of the secure package are needed to reconstruct the secure package when retrieved, the threshold number of data slices being less than the plurality of data slices generated. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for execution by a computing device, the method comprises:
-
retrieving a threshold number of data slices to recover a secure package, in which the secure package was initially error encoded to generate a plurality of data slices for storage, wherein the threshold number of data slices of the plurality of data slices are needed to reconstruct the secure package when retrieved, the threshold number of data slices being less than the plurality of data slices generated; extracting a masked key and encrypted data from the secure package; performing a transform function on the encrypted data to produce transformed data; performing a de-masking function on the masked key and the transformed data to generate a deterministic key; and decrypting the encrypted data based on the deterministic key to recover a data segment of a data object, in which the data segment is one of a plurality of data segments generated by segmenting the data object, wherein the data segments were processed separately for storage to store the data object. - View Dependent Claims (9, 10, 11)
-
-
12. A computer comprises:
-
an interface; a memory; and a processing module operably coupled to the memory and the interface, wherein the processing module is operable to; perform a function to generate a deterministic key from a data segment, in which the data segment is one of a plurality of data segments generated by segmenting a data object and in which the data segments are processed separately for storage to store the data object; encrypt the data segment using the deterministic key to produce encrypted data; perform a transform function on the encrypted data produce transformed data; perform a masking function on the deterministic key and the transformed data to generate a masked key; combine the masked key and the encrypted data to produce a secure package; and error encode the secure package to generate a plurality of data slices for storage, wherein a threshold number of data slices of the secure package are needed to reconstruct the secure package when retrieved, the threshold number of data slices being less than the plurality of data slices generated. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer comprises:
-
an interface; a memory; and a processing module operably coupled to the memory and the interface, the processing module is operable to; retrieve, via the interface, a threshold number of data slices to recover a secure package, in which the secure package was initially error encoded to generate a plurality of data slices for storage, wherein the threshold number of data slices of the plurality of data slices are needed to reconstruct the secure package when retrieved, the threshold number of data slices being less than the plurality of data slices generated; extract a masked key and encrypted data from the secure package; perform a transform function on the encrypted data to produce transformed data; perform a de-masking function on the masked key and the transformed data to generate a deterministic key; and decrypt the encrypted data based on the deterministic key to recover a data segment of a data object, in which the data segment is one of a plurality of data segments generated by segmenting the data object, wherein the data segments were processed separately for storage to store the data object. - View Dependent Claims (20, 21, 22)
-
Specification