Encrypting segmented data in a distributed computing system
First Claim
1. A dispersed storage (DS) module comprises:
- a first module, when operable within a computing device, causes the computing device to;
segment a data partition into a plurality of data segments; and
for each of at least some data segments of the plurality of data segments;
divide the data segment into a set of data sub-segments;
a second module, when operable within the computing device, causes the computing device to;
for the data segment of the plurality of data segments;
generate a set of sub keys for the set of data sub-segments based on a master key;
encrypt the set of data sub-segments using the set of sub keys to produce a set of encrypted data sub-segments;
aggregate the set of encrypted data sub-segments into encrypted data; and
generate a masked key based on the encrypted data and the master key; and
a third module, when operable within the computing device, causes the computing device to;
for the data segment of the plurality of data segments;
combine the encrypted data and the masked key to produce an encrypted data segment, wherein encryption of the data partition includes encrypted data segments for the each of the at least some of the data segments, wherein the combining the encrypted data and the masked key includes at least one of;
interleaving the masked key with the encrypted data to produce the encrypted data segment;
appending the masked key to the encrypted data to produce the encrypted data segment; and
distributing, in accordance with a pattern, portions of the masked key within the encrypted data to produce the encrypted data segment.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module segmenting a data partition into a plurality of data segments. For a data segment of the plurality of data segments, the method continues with the DS processing module dividing the data segment into a set of data sub-segments and generating a set of sub keys for the set of data sub-segments based on a master key. The method continues with the DS processing module encrypting the set of data sub-segments using the set of sub keys to produce a set of encrypted data sub-segments and aggregating the set of encrypted data sub-segments into encrypted data. The method continues with the DS processing module generating a masked key based on the encrypted data and the master key and combining the encrypted data and the masked key to produce an encrypted data segment.
-
Citations
8 Claims
-
1. A dispersed storage (DS) module comprises:
-
a first module, when operable within a computing device, causes the computing device to; segment a data partition into a plurality of data segments; and for each of at least some data segments of the plurality of data segments; divide the data segment into a set of data sub-segments; a second module, when operable within the computing device, causes the computing device to; for the data segment of the plurality of data segments; generate a set of sub keys for the set of data sub-segments based on a master key; encrypt the set of data sub-segments using the set of sub keys to produce a set of encrypted data sub-segments; aggregate the set of encrypted data sub-segments into encrypted data; and generate a masked key based on the encrypted data and the master key; and a third module, when operable within the computing device, causes the computing device to; for the data segment of the plurality of data segments; combine the encrypted data and the masked key to produce an encrypted data segment, wherein encryption of the data partition includes encrypted data segments for the each of the at least some of the data segments, wherein the combining the encrypted data and the masked key includes at least one of;
interleaving the masked key with the encrypted data to produce the encrypted data segment;
appending the masked key to the encrypted data to produce the encrypted data segment; and
distributing, in accordance with a pattern, portions of the masked key within the encrypted data to produce the encrypted data segment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification