Efficient storage of encrypted data in a dispersed storage network
First Claim
1. A method for storing a data object, the method comprises:
- identifying a plurality of data segments of the data object;
generating a plurality of key indexes for the plurality of data segments;
for a data segment of the plurality of data segments;
accessing data segment key information based on a corresponding key index of the plurality of key indexes to determine whether an encryption key has been generated for a similar data segment, wherein the encryption key is a representation of the similar data segment;
when the encryption key has been generated for the similar data segment;
using the encryption key to encrypt the data segment to produce an encrypted data segment;
compressing the encrypted data segment to produce a compressed and encrypted data segment; and
storing the compressed and encrypted data segment in a storage unit of a dispersed storage network (DSN);
when the encryption key has not been generated for the similar data segment;
generating an encryption key based on a representation of the data segment;
generating the corresponding key index based on a representation of the encryption key;
updating the data segment key information to include the corresponding key index;
dispersed storage error encoding the encryption key to produce a set of encoded key slices;
storing the set of encoded key slices in a plurality of storage units of the DSN;
encrypting the data segment using the encryption key to produce the encrypted data segment;
compressing the encrypted data segment to produce the compressed and encrypted data segment; and
storing the compressed and encrypted data segment in the storage unit.
5 Assignments
0 Petitions
Accused Products
Abstract
A method for storing a data object includes identifying data segments of the data object. The method continues with generating key indexes for the data segments. For a data segment, the method continues with accessing data segment key information based on a corresponding key index of the plurality of key indexes to determine whether an encryption key has been generated for a similar data segment. When the encryption key has been generated for the similar data segment, the method continues with using the encryption key to encrypt the data segment to produce an encrypted data segment. The method continues with compressing the encrypted data segment to produce a compressed and encrypted data segment. The method continues with storing the compressed and encrypted data segment in a storage unit of a dispersed storage network (DSN).
-
Citations
12 Claims
-
1. A method for storing a data object, the method comprises:
-
identifying a plurality of data segments of the data object; generating a plurality of key indexes for the plurality of data segments; for a data segment of the plurality of data segments; accessing data segment key information based on a corresponding key index of the plurality of key indexes to determine whether an encryption key has been generated for a similar data segment, wherein the encryption key is a representation of the similar data segment; when the encryption key has been generated for the similar data segment; using the encryption key to encrypt the data segment to produce an encrypted data segment; compressing the encrypted data segment to produce a compressed and encrypted data segment; and storing the compressed and encrypted data segment in a storage unit of a dispersed storage network (DSN); when the encryption key has not been generated for the similar data segment; generating an encryption key based on a representation of the data segment; generating the corresponding key index based on a representation of the encryption key; updating the data segment key information to include the corresponding key index; dispersed storage error encoding the encryption key to produce a set of encoded key slices; storing the set of encoded key slices in a plurality of storage units of the DSN; encrypting the data segment using the encryption key to produce the encrypted data segment; compressing the encrypted data segment to produce the compressed and encrypted data segment; and storing the compressed and encrypted data segment in the storage unit. - View Dependent Claims (2, 3, 4)
-
-
5. A computer device comprises:
-
an interface;
memory; anda processing module operably coupled to the interface and the memory, wherein the processing module is; identifying a plurality of data segments of a data object; generating a plurality of key indexes for the plurality of data segments; for a data segment of the plurality of data segments; accessing data segment key information based on a corresponding key index of the plurality of key indexes to determine whether an encryption key has been generated for a similar data segment, wherein the encryption key is are presentation of the similar data segment; when the encryption key has been generated for the similar data segment; use the encryption key to encrypt the data segment to produce an encrypted data segment;
compress the encrypted data segment to produce a compressed and encrypted data segment; andoutputting, via the interface, the compressed and encrypted data segment to a storage unit of a dispersed storage network (DSN) for storage therein; when the encryption key has not been generated for the similar data segment; generating an encryption key based on a representation of the data segment; generating the corresponding key index based on a representation of the encryption key;
update the data segment key information to include the corresponding key index;dispersed storage error encode the encryption key to produce a set of encoded key slices; outputting, via the interface, the set of encoded key slices in a plurality of storage units of the DSN for storage therein; encrypting the data segment using the encryption key to produce the encrypted data segment; compressing the encrypted data segment to produce the compressed and encrypted data segment; and outputting, via the interface, the compressed and encrypted data segment to the storage unit for storage therein. - View Dependent Claims (6, 7, 8)
-
-
9. A non-transitory computer readable storage device comprises:
a first memory section that stores operational instructions that, when executed by a computing device, causes the computing device to; identify a plurality of data segments of a data object; a second memory section that stores operational instructions that, when executed by the computing device, causes the computing device to; generate a plurality of key indexes for the plurality of data segments; a third memory section that stores operational instructions that, when executed by the computing device, causes the computing device to; for a data segment of the plurality of data segments;
access data segment key information based on a corresponding key index of the plurality of key indexes to determine whether an encryption key has been generated for a similar data segment, wherein the encryption key is a representation of the similar data segment;
when the encryption key has been generated for the similar data segment;
use the encryption key to encrypt the data segment to produce an encrypted data segment;
compress the encrypted data segment to produce a compressed and encrypted data segment; and
output, via an interface, the compressed and encrypted data segment to a storage unit of a dispersed storage network (DSN) for storage therein;wherein the third memory section further stores operational instructions that, when executed by the computing device, causes the computing device to; when the encryption key has not been generated for the similar data segment; generate an encryption key based on a representation of the data segment; generate the corresponding key index based on a representation of the encryption key; update the data segment key information to include the corresponding key index; dispersed storage error encode the encryption key to produce a set of encoded key slices; output, via the interface, the set of encoded key slices in a plurality of storage units of the DSN for storage therein; encrypt the data segment using the encryption key to produce the encrypted data segment; compress the encrypted data segment to produce the compressed and encrypted data segment; and output, via the interface, the compressed and encrypted data segment to the storage unit for storage therein. - View Dependent Claims (10, 11, 12)
Specification