Distributed storage network and method for storing and retrieving encryption keys
First Claim
1. A method for execution by a computing device of a dispersed storage network (DSN), the method comprises:
- encrypting a data segment of a data object using a security key to produce an encrypted data segment;
dispersed storage error encoding the encrypted data segment to produce a set of encoded data slices;
sending the set of encoded data slices to storage units of the DSN for storage therein;
encrypting the security key using an encryption key to produce an encrypted security key;
dispersed storage error encoding the encrypted security key to produce a set of encoded key slices, wherein a decode threshold number of encoded key slices is needed to recover the encrypted security key; and
sending the set of encoded key slices to a set of storage units of the DSN for storage therein.
5 Assignments
0 Petitions
Accused Products
Abstract
A method for execution by a computing device of a dispersed storage network (DSN). The method begins by encrypting a data segment of a data object using a security key to produce an encrypted data segment. The method continues by dispersed storage error encoding the encrypted data segment to produce a set of encoded data slices and sending the set of encoded data slices to storage units of the DSN for storage. The method continues by encrypting the security key using an encryption key to produce an encrypted security key and dispersed storage error encoding the encrypted security key to produce a set of encoded key slices, wherein a decode threshold number of encoded key slices is needed to recover the encrypted security key. The method continues by sending the set of encoded key slices to a set of storage units of the DSN for storage therein.
86 Citations
12 Claims
-
1. A method for execution by a computing device of a dispersed storage network (DSN), the method comprises:
-
encrypting a data segment of a data object using a security key to produce an encrypted data segment; dispersed storage error encoding the encrypted data segment to produce a set of encoded data slices; sending the set of encoded data slices to storage units of the DSN for storage therein; encrypting the security key using an encryption key to produce an encrypted security key; dispersed storage error encoding the encrypted security key to produce a set of encoded key slices, wherein a decode threshold number of encoded key slices is needed to recover the encrypted security key; and sending the set of encoded key slices to a set of storage units of the DSN for storage therein. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computing device comprises:
-
an interface; memory; and a processing module operably coupled to the memory and the interface, wherein the processing module is operable to; encrypt a data segment of a data object using a security key to produce an encrypted data segment; dispersed storage error encode the encrypted data segment to produce a set of encoded data slices; send, via the interface, the set of encoded data slices to storage units of the DSN for storage therein; encrypt the security key using an encryption key to produce an encrypted security key; dispersed storage error encode the encrypted security key to produce a set of encoded key slices, wherein a decode threshold number of encoded key slices is needed to recover the encrypted security key; and send, via the interface, the set of encoded key slices to a set of storage units of the DSN for storage therein. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification