Encrypting data for storage in a dispersed storage network
First Claim
Patent Images
1. A method for retrieving data, the method comprises:
- retrieving, by a computing device of a dispersed storage network (DSN), a plurality of secure data packages from storage units of the DSN;
separating, by the computing device, the plurality of secure data packages into a plurality of masked keys and a plurality of encrypted data units in accordance with a data intermingling pattern, wherein the data intermingling pattern insures that, when a threshold number of encrypted data units are available, the plurality of masked keys is retrievable regardless of which encrypted data units of the plurality of encrypted data units are included in the threshold number of encrypted data units;
generating, by the computing device, a plurality of deterministic values from the plurality of encrypted data units;
generating, by the computing device, a plurality of encryption keys based on the plurality of masked keys and the plurality of deterministic values;
decrypting, by the computing device, the plurality of encrypted data units using the plurality of encryption keys to produce a plurality of data units; and
recovering, by the computing device, a first portion of the data from a threshold number of the plurality of data units.
5 Assignments
0 Petitions
Accused Products
Abstract
A method includes retrieving a plurality of secure data packages from storage units. The method further includes separating the secure data packages into masked keys and encrypted data units in accordance with a data intermingling pattern. The method further includes generating deterministic values from the encrypted data units and generating encryption keys based on the masked keys and the deterministic values. The method further includes decrypting the encrypted data units using the encryption keys to produce data units. The method further includes recovering a first portion of the data from a threshold number of the data units.
-
Citations
14 Claims
-
1. A method for retrieving data, the method comprises:
-
retrieving, by a computing device of a dispersed storage network (DSN), a plurality of secure data packages from storage units of the DSN; separating, by the computing device, the plurality of secure data packages into a plurality of masked keys and a plurality of encrypted data units in accordance with a data intermingling pattern, wherein the data intermingling pattern insures that, when a threshold number of encrypted data units are available, the plurality of masked keys is retrievable regardless of which encrypted data units of the plurality of encrypted data units are included in the threshold number of encrypted data units; generating, by the computing device, a plurality of deterministic values from the plurality of encrypted data units; generating, by the computing device, a plurality of encryption keys based on the plurality of masked keys and the plurality of deterministic values; decrypting, by the computing device, the plurality of encrypted data units using the plurality of encryption keys to produce a plurality of data units; and recovering, by the computing device, a first portion of the data from a threshold number of the plurality of data units. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computing device of a dispersed storage network (DSN), wherein the computing device comprises:
-
an interface; memory; and a processing module operably coupled to the interface and the memory, wherein the processing module is configured to; retrieve, via the interface, a plurality of secure data packages from storage units of the DSN; separate the plurality of secure data packages into a plurality of masked keys and a plurality of encrypted data units in accordance with a data intermingling pattern, wherein the data intermingling pattern insures that, when a threshold number of encrypted data units are available, the plurality of masked keys is retrievable regardless of which encrypted data units of the plurality of encrypted data units are included in the threshold number of encrypted data units; generate a plurality of deterministic values from the plurality of encrypted data units; generate a plurality of encryption keys based on the plurality of masked keys and the plurality of deterministic values; decrypt the plurality of encrypted data units using the plurality of encryption keys to produce a plurality of data units; and recover a first portion of the data from a threshold number of the plurality of data units. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification