Storage of sensitive data in a dispersed storage network

US 9,323,603 B2
Filed: 09/09/2014
Issued: 04/26/2016
Est. Priority Date: 05/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method for securely transmitted credential information by one or more transmitting devices, the method comprises:

generating a plurality of random numbers;

encoding the credential information to produce a plurality of encoded shares;

generating a plurality of encryption keys based on a common password and the plurality of random numbers;

encrypting the plurality of encoded shares using the plurality of encryption keys to produce a plurality of encrypted shares;

dispersed storage error encoding the plurality of encrypted shares to produce a plurality of sets of encoded share slices;

dispersed storage error encoding the plurality of random numbers to produce a plurality of sets of encoded random number slices; and

sending the plurality of sets of encoded share slices and the plurality of sets of encoded random number slices to at least one receiving device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a processing module applying a share encoding function on data to produce a plurality of encoded shares and generating a corresponding plurality of random numbers for the plurality of encoded shares. The method continues with the processing module generating an encryption key based on a common password and a corresponding one of the corresponding plurality of random numbers and encrypting the encoded share utilizing the encryption key to produce an encrypted share for each encoded share of the plurality of encoded shares. The method continues with the processing module facilitating storage of the corresponding plurality of random numbers and each of the encrypted shares.

9 Citations

View as Search Results

24 Claims

1. A method for securely transmitted credential information by one or more transmitting devices, the method comprises:
- generating a plurality of random numbers;
  
  encoding the credential information to produce a plurality of encoded shares;
  
  generating a plurality of encryption keys based on a common password and the plurality of random numbers;
  
  encrypting the plurality of encoded shares using the plurality of encryption keys to produce a plurality of encrypted shares;
  
  dispersed storage error encoding the plurality of encrypted shares to produce a plurality of sets of encoded share slices;
  
  dispersed storage error encoding the plurality of random numbers to produce a plurality of sets of encoded random number slices; and
  
  sending the plurality of sets of encoded share slices and the plurality of sets of encoded random number slices to at least one receiving device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the credential information comprises one or more of:
    - a credential; and
      
      a credential hash digest.
  - 3. The method of claim 1, wherein the encoding the credential information comprises:
    - using a secret share function.
  - 4. The method of claim 1, wherein the generating the plurality of encryption keys comprises:
    - transforming the common password utilizing a mask generating function, security parameters, and the plurality of random numbers.
  - 5. The method of claim 4, wherein the generating the plurality of encryption keys further comprises:
    - transforming the common password by;
      
      applying the mask generating function to the common password to produce a result;
      
      squaring the result to produce a squared result;
      
      entering a loop that includes;
      
      raising the squared result by a random number of the plurality of random numbers to produce a raised result;
      
      applying a modulo function based on the security parameters to the raised result to generate an encryption key of the plurality of encryption keys; and
      
      exiting the loop when the number of generated encryption keys equals the number of random numbers in the plurality of random numbers.
  - 6. The method of claim 1 further comprises:
    - generating, by a first transmitting device of the one or more transmitting devices, the plurality of random numbers;
      
      encoding, by the first transmitting device, the credential information to produce the plurality of encoded shares;
      
      generating, by the first transmitting device, the plurality of encryption keys based on the common password and the plurality of random numbers;
      
      encrypting, by the first transmitting device, the plurality of encoded shares using the plurality of encryption keys to produce the plurality of encrypted shares;
      
      sending, by the first transmitting device, the plurality of encrypted shares and the plurality of random numbers to a second transmitting device of the one or more transmitting devices;
      
      dispersed storage error encoding, by the second transmitting device, the plurality of encrypted shares to produce the plurality of sets of encoded share slices;
      
      dispersed storage error encoding, by the second transmitting device, the plurality of random numbers to produce the plurality of sets of encoded random number slices; and
      
      sending, by the second transmitting device, the plurality of sets of encoded share slices and the plurality of sets of encoded random number slices to the at least one receiving device.
  - 7. The method of claim 6 further comprises:
    - the first transmitting device is a user device; and
      
      the second transmitting device is one or more dispersed storage (DS) processing units.
  - 8. The method of claim 1, wherein the at least one receiving device includes a set of storage units.

9. A transmitting device of one or more transmitting devices comprises:
- an interface;
  
  a memory; and
  
  a processing module operable to;
  
  generate a plurality of random numbers;
  
  encode credential information to produce a plurality of encoded shares;
  
  generate a plurality of encryption keys based on a common password and the plurality of random numbers;
  
  encrypt the plurality of encoded shares using the plurality of encryption keys to produce a plurality of encrypted shares;
  
  dispersed storage error encode the plurality of encrypted shares to produce a plurality of sets of encoded share slices;
  
  dispersed storage error encode the plurality of random numbers to produce a plurality of sets of encoded random number slices; and
  
  send, via the interface, the plurality of sets of encoded share slices and the plurality of sets of encoded random number slices to at least one receiving device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The transmitting device of claim 9, wherein the credential information comprises one or more of:
    - a credential; and
      
      a credential hash digest.
  - 11. The transmitting device of claim 9, wherein the processing module further functions to encode the credential information by:
    - using a secret share function.
  - 12. The transmitting device of claim 9, wherein the processing module further functions to generate the plurality of encryption keys by:
    - transforming the common password utilizing a mask generating function, security parameters, and the plurality of random numbers.
  - 13. The transmitting device of claim 12, wherein the processing module further functions to generate the plurality of encryption keys by:
    - transforming the common password by;
      
      applying the mask generating function to the common password to produce a result;
      
      squaring the result to produce a squared result;
      
      entering a loop that includes;
      
      raising the squared result by a random number of the plurality of random numbers to produce a raised result;
      
      applying a modulo function based on the security parameters to the raised result to generate an encryption key of the plurality of encryption keys; and
      
      exiting the loop when the number of generated encryption keys equals the number of random numbers in the plurality of random numbers.
  - 14. The transmitting device of claim 9 wherein the processing module is further operable to:
    - generate, by a first transmitting device of the one or more transmitting devices, the plurality of random numbers;
      
      encode, by the first transmitting device, the credential information to produce the plurality of encoded shares;
      
      generate, by the first transmitting device, the plurality of encryption keys based on the common password and the plurality of random numbers;
      
      encrypt, by the first transmitting device, the plurality of encoded shares using the plurality of encryption keys to produce the plurality of encrypted shares;
      
      send, by the first transmitting device, via the interface, the plurality of encrypted shares and the plurality of random numbers to a second transmitting device of the one or more transmitting devices;
      
      dispersed storage error encode, by the second transmitting device, the plurality of encrypted shares to produce the plurality of sets of encoded share slices;
      
      dispersed storage error encode, by the second transmitting device, the plurality of random numbers to produce the plurality of sets of encoded random number slices; and
      
      send, by the second transmitting device, via the interface, the plurality of sets of encoded share slices and the plurality of sets of encoded random number slices to the at least one receiving device.
  - 15. The transmitting device of claim 14 further comprises:
    - the first transmitting device is a user device; and
      
      the second transmitting device is one or more dispersed storage (DS) processing units.
  - 16. The transmitting device of claim 9, wherein the at least one receiving device includes a set of storage units.

17. One or more computer readable memory devices comprises:
- a first section for storing operational instructions that, when executed by a processing module of one or more transmitting devices, causes the processing module to generate a plurality of random numbers;
  
  a second section for storing operational instructions that, when executed by the processing module of the one or more transmitting devices, causes the processing module to encode credential information to produce a plurality of encoded shares;
  
  a third section for storing operational instructions that, when executed by the processing module of the one or more transmitting devices, causes the processing module to generate a plurality of encryption keys based on a common password and the plurality of random numbers;
  
  a fourth section for storing operational instructions that, when executed by the processing module of the one or more transmitting devices, causes the processing module to encrypt the plurality of encoded shares using the plurality of encryption keys to produce a plurality of encrypted shares;
  
  a fourth section for storing operational instructions that, when executed by the processing module of the one or more transmitting devices, causes the processing module to dispersed storage error encode the plurality of encrypted shares to produce a plurality of sets of encoded share slices;
  
  a fifth section for storing operational instructions that, when executed by the processing module of the one or more transmitting devices, causes the processing module to dispersed storage error encode the plurality of random numbers to produce a plurality of sets of encoded random number slices; and
  
  a sixth section for storing operational instructions that, when executed by the processing module of the one or more transmitting devices, causes the processing module to send the plurality of sets of encoded share slices and the plurality of sets of encoded random number slices to at least one receiving device.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The one or more computer readable memory devices of claim 17, wherein the credential information comprises one or more of:
    - a credential; and
      
      a credential hash digest.
  - 19. The one or more computer readable memory devices of claim 17, wherein the second section further comprises operational instructions that cause the processing module of the one or more transmitting devices to encode the credential information by:
    - using a secret share function.
  - 20. The one or more computer readable memory devices of claim 17, wherein the third section further comprises operational instructions that cause the processing module of the one or more transmitting devices to generate the plurality of encryption keys by:
    - transforming the common password utilizing a mask generating function, security parameters, and the plurality of random numbers.
  - 21. The one or more computer readable memory devices of claim 20, wherein the third section further comprises operational instructions that cause the processing module of the one or more transmitting devices to generate the plurality of encryption keys by:
    - transforming the common password by;
      
      applying the mask generating function to the common password to produce a result;
      
      squaring the result to produce a squared result;
      
      entering a loop that includes;
      
      raising the squared result by a random number of the plurality of random numbers to produce a raised result;
      
      applying a modulo function based on the security parameters to the raised result to generate an encryption key of the plurality of encryption keys; and
      
      exiting the loop when the number of generated encryption keys equals the number of random numbers in the plurality of random numbers.
  - 22. The one or more computer readable memory devices of claim 17 further comprises:
    - generating, by a first transmitting device of the one or more transmitting devices, the plurality of random numbers;
      
      encoding, by the first transmitting device, the credential information to produce the plurality of encoded shares;
      
      generating, by the first transmitting device, the plurality of encryption keys based on the common password and the plurality of random numbers;
      
      encrypting, by the first transmitting device, the plurality of encoded shares using the plurality of encryption keys to produce the plurality of encrypted shares;
      
      sending, by the first transmitting device, the plurality of encrypted shares and the plurality of random numbers to a second transmitting device of the one or more transmitting devices;
      
      dispersed storage error encoding, by the second transmitting device, the plurality of encrypted shares to produce the plurality of sets of encoded share slices;
      
      dispersed storage error encoding, by the second transmitting device, the plurality of random numbers to produce the plurality of sets of encoded random number slices; and
      
      sending, by the second transmitting device, the plurality of sets of encoded share slices and the plurality of sets of encoded random number slices to the at least one receiving device.
  - 23. The one or more computer readable memory devices of claim 22 further comprises:
    - the first transmitting device is a user device; and
      
      the second transmitting device is one or more dispersed storage (DS) processing units.
  - 24. The one or more computer readable memory devices of claim 17, wherein the at least one receiving device includes a set of storage units.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Resch, Jason K., Dhuse, Greg, Leggette, Wesley, Baptist, Andrew
Primary Examiner(s)
Gergiso, Techane

Application Number

US14/481,885
Publication Number

US 20150043732A1
Time in Patent Office

595 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/10   Adding special bits or symb...

G06F 11/1076   Parity data used in redunda...

G06F 3/0619   in relation to data integri...

G06F 3/065   Replication mechanisms

G06F 3/067   Distributed or networked st...

H04L 2209/04   Masking or blinding

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 67/1097   for distributed storage of ...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0863   involving passwords or one-...

H04L 9/0869   involving random numbers or...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

Storage of sensitive data in a dispersed storage network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Storage of sensitive data in a dispersed storage network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links