Distributed storage network and method for storing and retrieving encryption keys

US 9,819,484 B2
Filed: 08/05/2016
Issued: 11/14/2017
Est. Priority Date: 10/30/2009
Status: Active Grant

First Claim

Patent Images

1. A method for execution by a computing device of a dispersed storage network (DSN), the method comprises:

encrypting a data segment of a data object using a security key to produce an encrypted data segment;

dispersed storage error encoding the encrypted data segment to produce a set of encoded data slices;

sending the set of encoded data slices to storage units of the DSN for storage therein;

encrypting the security key using an encryption key to produce an encrypted security key;

dispersed storage error encoding the encrypted security key to produce a set of encoded key slices, wherein a decode threshold number of encoded key slices is needed to recover the encrypted security key; and

sending the set of encoded key slices to a set of storage units of the DSN for storage therein.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for execution by a computing device of a dispersed storage network (DSN). The method begins by encrypting a data segment of a data object using a security key to produce an encrypted data segment. The method continues by dispersed storage error encoding the encrypted data segment to produce a set of encoded data slices and sending the set of encoded data slices to storage units of the DSN for storage. The method continues by encrypting the security key using an encryption key to produce an encrypted security key and dispersed storage error encoding the encrypted security key to produce a set of encoded key slices, wherein a decode threshold number of encoded key slices is needed to recover the encrypted security key. The method continues by sending the set of encoded key slices to a set of storage units of the DSN for storage therein.

86 Citations

12 Claims

1. A method for execution by a computing device of a dispersed storage network (DSN), the method comprises:
- encrypting a data segment of a data object using a security key to produce an encrypted data segment;
  
  dispersed storage error encoding the encrypted data segment to produce a set of encoded data slices;
  
  sending the set of encoded data slices to storage units of the DSN for storage therein;
  
  encrypting the security key using an encryption key to produce an encrypted security key;
  
  dispersed storage error encoding the encrypted security key to produce a set of encoded key slices, wherein a decode threshold number of encoded key slices is needed to recover the encrypted security key; and
  
  sending the set of encoded key slices to a set of storage units of the DSN for storage therein.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprises one of:
    - generating the encryption key based on a public key; and
      
      generating the encryption key based on a password.
  - 3. The method of claim 1 further comprises one of:
    - increasing the decode threshold to increase a level of security; and
      
      decreasing the decode threshold to decrease a level of security.
  - 4. The method of claim 1 further comprises:
    - dispersed storage error encoding the encrypted data segment using first dispersed storage error encoding parameters; and
      
      dispersed storage error encoding the encrypted security key using second dispersed storage error encoding parameters.
  - 5. The method of claim 1 further comprises:
    - the storage units being mutually exclusive of the set of storage units.
  - 6. The method of claim 1 further comprises:
    - the storage units including at least one storage unit in common with the set of storage units.

7. A computing device comprises:
- an interface;
  
  memory; and
  
  a processing module operably coupled to the memory and the interface, wherein the processing module is operable to;
  
  encrypt a data segment of a data object using a security key to produce an encrypted data segment;
  
  dispersed storage error encode the encrypted data segment to produce a set of encoded data slices;
  
  send, via the interface, the set of encoded data slices to storage units of the DSN for storage therein;
  
  encrypt the security key using an encryption key to produce an encrypted security key;
  
  dispersed storage error encode the encrypted security key to produce a set of encoded key slices, wherein a decode threshold number of encoded key slices is needed to recover the encrypted security key; and
  
  send, via the interface, the set of encoded key slices to a set of storage units of the DSN for storage therein.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computing device of claim 7, wherein the processing module is further operable to perform one of:
    - generating the encryption key based on a public key; and
      
      generating the encryption key based on a password.
  - 9. The computing device of claim 7, wherein the processing module is further operable to perform one of:
    - increasing the decode threshold to increase a level of security; and
      
      decreasing the decode threshold to decrease a level of security.
  - 10. The computing device of claim 7, wherein the processing module is further operable to:
    - dispersed storage error encode the encrypted data segment using first dispersed storage error encoding parameters; and
      
      dispersed storage error encode the encrypted security key using second dispersed storage error encoding parameters.
  - 11. The computing device of claim 7 further comprises:
    - the storage units being mutually exclusive of the set of storage units.
  - 12. The computing device of claim 7 further comprises:
    - the storage units including at least one storage unit in common with the set of storage units.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Resch, Jason K.
Primary Examiner(s)
Lipman, Jacob

Application Number

US15/230,145
Publication Number

US 20160344546A1
Time in Patent Office

466 Days
Field of Search

713167
US Class Current
CPC Class Codes

G06F 11/1004   to protect a block of data ...

G06F 11/1068   in sector programmable memo...

G06F 11/1076   Parity data used in redunda...

G06F 12/1408   by using cryptography for d...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

G06F 2221/2151   Time stamp

G06F 3/0619   in relation to data integri...

G06F 3/064   Management of blocks

G06F 3/067   Distributed or networked st...

G11C 29/52   Protection of memory conten...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 67/1097   for distributed storage of ...

H04L 9/0822   using key encryption key

H04L 9/085   Secret sharing or secret sp...

H04L 9/0863   involving passwords or one-...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04N 21/2347   involving video stream encr...

H04N 21/23476 : by partially encrypting, e....

H04N 21/26613 : for generating or managing ...

H04N 21/4405 : involving video stream decr...

H04N 21/44055 : by partially decrypting, e....

H04N 21/8456 : by decomposing the content ...

View All

Distributed storage network and method for storing and retrieving encryption keys

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed storage network and method for storing and retrieving encryption keys

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links