Efficient and secure data storage utilizing a dispersed data storage system
First Claim
Patent Images
1. A method operating on a computer, the method comprises:
- determining, for data to be stored, a level of security and system performance;
based on the level of security and system performance;
determining whether the data is to be encrypted and transposed;
determining whether the data is to be transposed;
determining whether the data is to be encoded using an all-or-nothing transformation (AONT); and
determining whether the data is to be encrypted and encoded using the AONT;
when the data is to be encrypted and transposed;
encrypting and transposing the data to produce first secured data; and
performing an information dispersal algorithm (IDA) on the first secured data to produce a first plurality of sets of IDA encoded data slices;
when the data is to be transposed;
transposing the data to produce second secured data; and
performing the IDA on the second secured data to produce a second plurality of sets of IDA encoded data slices;
when the data is to be encrypted and encoded using the AONT;
encrypting and AONT encoding the data to produce third secured data; and
performing the IDA on the third secured data to produce a third plurality of sets of IDA encoded data slices; and
when the data is to be encoded using the AONT;
AONT encoding the data to produce fourth secured data; and
performing the IDA on the fourth secured data to produce a fourth plurality of sets of IDA encoded data slices; and
transmitting the first, second, third, or fourth plurality of sets of IDA encoded data slices to storage units of a dispersed storage network for storage therein.
5 Assignments
0 Petitions
Accused Products
Abstract
A method of securely storing data to a dispersed data storage system is disclosed. A data segment is arranged along the columns or rows of an appropriately sized matrix. Data slices are then created based on either the columns or the rows so that no consecutive data is stored in a data slice. Each data slice is then stored in a separate storage node.
-
Citations
9 Claims
-
1. A method operating on a computer, the method comprises:
-
determining, for data to be stored, a level of security and system performance; based on the level of security and system performance; determining whether the data is to be encrypted and transposed; determining whether the data is to be transposed; determining whether the data is to be encoded using an all-or-nothing transformation (AONT); and determining whether the data is to be encrypted and encoded using the AONT; when the data is to be encrypted and transposed; encrypting and transposing the data to produce first secured data; and performing an information dispersal algorithm (IDA) on the first secured data to produce a first plurality of sets of IDA encoded data slices; when the data is to be transposed; transposing the data to produce second secured data; and performing the IDA on the second secured data to produce a second plurality of sets of IDA encoded data slices; when the data is to be encrypted and encoded using the AONT; encrypting and AONT encoding the data to produce third secured data; and performing the IDA on the third secured data to produce a third plurality of sets of IDA encoded data slices; and when the data is to be encoded using the AONT; AONT encoding the data to produce fourth secured data; and performing the IDA on the fourth secured data to produce a fourth plurality of sets of IDA encoded data slices; and transmitting the first, second, third, or fourth plurality of sets of IDA encoded data slices to storage units of a dispersed storage network for storage therein. - View Dependent Claims (2, 3)
generating an encryption key; encrypting a data segment of the data using the encryption key to produce an encrypted data segment; generating an obfuscated encryption key based on the encryption key; and appending the obfuscated encryption key to the encrypted data segment to produce an all-or-nothing encrypted data segment of the first secured data.
-
-
3. The method of claim 1 further comprises:
-
when the data is to be encrypted and transposed; generating a first one or more sets of a write threshold number of write requests for the first plurality of sets of IDA encoded data slices; when the data is to be transposed; generating a second one or more sets of a write threshold number of write requests for the second plurality of sets of IDA encoded data slices; and when the data is to be encrypted and encoded using the AONT; generating a third one or more sets of a write threshold number of write requests for the third plurality of sets of IDA encoded data slices; and when the data is to be encoded using the AONT; generating a fourth one or more sets of a write threshold number of write requests for the fourth plurality of sets of IDA encoded data slices.
-
-
4. A computer comprising:
-
a network port adapted to couple with a network and receive a data segment; and a processor coupled to said network port wherein said processor; determines, for data to be stored, a level of security and system performance; based on the level of security and system performance; determines whether the data is to be encrypted and transposed; determines whether the data is to be transposed; determines whether the data is to be encrypted and encoded using an all-or-nothing transformation (AONT); and determines whether the data is to be encoded using the AONT; when the data is to be encrypted and transposed; encrypt and transpose the data to produce first secured data; and perform an information dispersal algorithm (IDA) on the first secured data to produce a first plurality of sets of IDA encoded data slices; when the data is to be transposed; transpose the data to produce second secured data; and perform the IDA on the second secured data to produce a second plurality of sets of IDA encoded data slices; when the data is to be encrypted and encoded using the AONT; encrypt and AONT encode the data to produce third secured data; and perform the IDA on the third secured data to produce a third plurality of sets of IDA encoded data slices; and when the data is to be encoded using the AONT; AONT encode the data to produce fourth secured data; and perform the IDA on the fourth secured data to produce a fourth plurality of sets of IDA encoded data slices; and transmit, via the network port, the first, second, third, or fourth plurality of sets of IDA encoded data slices to storage units of a dispersed storage network for storage therein. - View Dependent Claims (5, 6)
generating an encryption key; encrypting a data segment of the data using the encryption key to produce an encrypted data segment; generating an obfuscated encryption key based on the encryption key; and appending the obfuscated encryption key to the encrypted data segment to produce an all-or-nothing encrypted data segment of the first secured data.
-
-
6. The computer of claim 4, wherein the processor further functions to:
-
when the data is to be encrypted and transposed; generate a first one or more sets of a write threshold number of write requests for the first plurality of sets of IDA encoded data slices; when the data is to be transposed; generate a second one or more sets of a write threshold number of write requests for the second plurality of sets of IDA encoded data slices; and when the data is to be encrypted and encoded using the AONT; generate a third one or more sets of a write threshold number of write requests for the third plurality of sets of IDA encoded data slices; and when the data is to be encoded using the AONT; generating a fourth one or more sets of a write threshold number of write requests for the fourth plurality of sets of IDA encoded data slices.
-
-
7. A computer readable memory comprises:
-
a first addressable section that stores software, which, when executed by a processor, causes the processor to determine, for data to be stored, a balance of security and system performance; a second addressable section that stores software, which, when executed by a processor, causes the processor to, based on the balance of security and system performance; determine whether the data is to be encrypted and transposed; determine whether the data is to be transposed; determine whether the data is to be encoded using an all-or-nothing transformation (AONT); and determine whether the data is to be encrypted and encoded using the AONT; a third addressable section that stores software, which, when executed by the processor, causes the processor to; when the data is to be encrypted and transposed; encrypt and transpose the data to produce first secured data; and perform an information dispersal algorithm (IDA) on the first secured data to produce a first plurality of sets of IDA encoded data slices; when the data is to be transposed; transpose the data to produce second secured data; and perform the IDA on the second secured data to produce a second plurality of sets of IDA encoded data slices; when the data is to be encrypted and encoded using the AONT; encrypt and AONT encode the data to produce third secured data; and perform the IDA on the third secured data to produce a third plurality of sets of IDA encoded data slices; and when the data is to be encoded using the AONT; AONT encode the data to produce fourth secured data; and perform the IDA on the fourth secured data to produce a fourth plurality of sets of IDA encoded data slices; and a fourth addressable section that stores software, which, when executed by the processor, causes the processor to; transmit the first, second, third, or fourth plurality of sets of IDA encoded data slices to storage units of a dispersed storage network for storage therein. - View Dependent Claims (8, 9)
generating an encryption key; encrypting a data segment of the data using the encryption key to produce an encrypted data segment; generating an obfuscated encryption key based on the encryption key; and appending the obfuscated encryption key to the encrypted data segment to produce an all-or-nothing encrypted data segment of the first secure data.
-
-
9. The computer readable memory of claim 7 further comprises:
-
a fifth addressable section that stores software, which, when executed by the processor, causes the processor to; when the data is to be encrypted and transposed; generate a first one or more sets of a write threshold number of write requests for the first plurality of sets of IDA encoded data slices; when the data is to be transposed; generate a second one or more sets of a write threshold number of write requests for the second plurality of sets of IDA encoded data slices; when the data is to be encrypted and encoded using the AONT; generate a third one or more sets of a write threshold number of write requests for the third plurality of sets of IDA encoded data slices; and when the data is to be encoded using the AONT; generating a fourth one or more sets of a write threshold number of write requests for the fourth plurality of sets of IDA encoded data slices.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneePure Storage, Inc.
-
Original AssigneeInternational Business Machines Corporation
-
InventorsLeggette, Wesley, Resch, Jason
-
Primary Examiner(s)SIMITOSKI, MICHAEL J
-
Application NumberUS12/426,727Publication NumberTime in Patent Office2,752 DaysField of Search380/28, 380/44, 713/193US Class Current1/1CPC Class CodesG06F 11/1076 Parity data used in redunda...G06F 21/6218 to a system of files or obj...G06F 21/6227 where protection concerns t...G06F 3/067 Distributed or networked st...H04L 9/0618 Block ciphers, i.e. encrypt...H04L 9/085 Secret sharing or secret sp...
