Encryption of slice partials

US 9,940,195 B2
Filed: 09/28/2017
Issued: 04/10/2018
Est. Priority Date: 08/25/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method for use in a distributed storage network (DSN) including a plurality of distributed storage (DS) units, the method comprising:

receiving, at a DS unit, a rebuilding request indicating that the DS unit is to provide an encrypted partial slice to a requesting DS unit included in the DS network;

determining key pairing requirements associated with the rebuilding request;

selecting an even number of key pairing entities based on the key pairing requirements, the even number of key pairing entities being fewer than a decode threshold number of key pairing entities, wherein the selecting an even number of key pairing entities includes optimizing a match of the key pairing requirements to an estimated performance and estimated security associated with a desired number of candidate key pairing entities;

generating shared secret keys corresponding to each of the even number of key pairing entities;

generating an encrypted partial slice by encrypting a partial slice associated with the DS unit using the shared secret keys corresponding to each of the even number of key pairing entities; and

transmitting the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for use in a distributed storage network (DSN) including a plurality of distributed storage (DS) units includes receiving, at a DS unit, a rebuilding request indicating that the DS unit is to provide an encrypted partial slice to a requesting DS unit included in the DS network. Key pairing requirements associated with the rebuilding request are determined, and an even number of key pairing entities are selected based on the key pairing requirements. The even number of key pairing entities being fewer than a decode threshold number of key pairing entities. The DS unit generates shared secret keys corresponding to each of the even number of key pairing entities, uses those keys to generate an encrypted partial slice, and transmits the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology.

86 Citations

View as Search Results

17 Claims

1. A method for use in a distributed storage network (DSN) including a plurality of distributed storage (DS) units, the method comprising:
- receiving, at a DS unit, a rebuilding request indicating that the DS unit is to provide an encrypted partial slice to a requesting DS unit included in the DS network;
  
  determining key pairing requirements associated with the rebuilding request;
  
  selecting an even number of key pairing entities based on the key pairing requirements, the even number of key pairing entities being fewer than a decode threshold number of key pairing entities, wherein the selecting an even number of key pairing entities includes optimizing a match of the key pairing requirements to an estimated performance and estimated security associated with a desired number of candidate key pairing entities;
  
  generating shared secret keys corresponding to each of the even number of key pairing entities;
  
  generating an encrypted partial slice by encrypting a partial slice associated with the DS unit using the shared secret keys corresponding to each of the even number of key pairing entities; and
  
  transmitting the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - determining candidate key pairing entities; and
      
      selecting the even number of key pairing entities from among the candidate key pairing entities.
  - 3. The method of claim 2, further comprising:
    - determining candidate key pairing entities based on a rebuilding topology.
  - 4. The method of claim 3, further including:
    - selecting, as the even number of key pairing entities, a node ahead of the DS unit and a node behind the DS unit.
  - 5. The method of claim 2, further comprising:
    - determining candidate key pairing entities based on rebuilding participants.
  - 6. The method of claim 1, further comprising:
    - determining the key pairing requirements based on at least one of the following;
      
      the rebuilding request, a predetermination, a message, a DSN performance indicator, a DSN security indicator, a vault ID, or a requester ID.

7. A distributed storage (DS) unit included in a distributed storage network (DSN) including a plurality of DS units, the DS unit comprising:
- a computing core including a processor and associated memory;
  
  a communications interface, coupled to the computing core, and configured to receive a rebuilding request indicating that the DS unit is to provide an encrypted partial slice to a requesting DS unit included in the DS network;
  
  the computing core configured to;
  
  determine key pairing requirements associated with the rebuilding request;
  
  select an even number of key pairing entities based on the key pairing requirements, the even number of key pairing entities being fewer than a decode threshold number of key pairing entities, wherein the selecting an even number of key pairing entities includes optimizing a match of the key pairing requirements to an estimated performance and estimated security associated with a desired number of candidate key pairing entities;
  
  generate shared secret keys corresponding to each of the even number of key pairing entities;
  
  generate an encrypted partial slice by encrypting a partial slice associated with the DS unit using the shared secret keys corresponding to each of the even number of key pairing entities; and
  
  transmit the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The distributed storage (DS) unit of claim 7, further comprising:
    - determining candidate key pairing entities; and
      
      selecting the even number of key pairing entities from among the candidate key pairing entities.
  - 9. The distributed storage (DS) unit of claim 8, further comprising:
    - determining candidate key pairing entities based on a rebuilding topology.
  - 10. The distributed storage (DS) unit of claim 9, further including:
    - selecting, as the even number of key pairing entities, a node ahead of the DS unit and a node behind the DS unit.
  - 11. The distributed storage (DS) unit of claim 8, further comprising:
    - determining candidate key pairing entities based on rebuilding participants.
  - 12. The distributed storage (DS) unit of claim 7, further comprising:
    - determining the key pairing requirements based on at least one of the following;
      
      the rebuilding request, a predetermination, a message, a DSN performance indicator, a DSN security indicator, a vault ID, or a requester ID.

13. A distributed storage network (DSN) comprising:
- a plurality of distributed storage (DS) units each of the plurality of DS units including a processor and associated memory;
  
  a requesting DS unit configured to transmit a rebuilding request to at least one other DS unit, the rebuilding request indicating that the at least one other DS unit is to provide an encrypted partial slice to the requesting DS unit;
  
  the at least one other DS unit configured to respond to the rebuilding request by;
  
  determining key pairing requirements associated with the rebuilding request;
  
  selecting an even number of key pairing entities based on the key pairing requirements, the even number of key pairing entities being fewer than a decode threshold number of key pairing entities, wherein the selecting an even number of key pairing entities includes optimizing a match of the key pairing requirements to an estimated performance and estimated security associated with a desired number of candidate key pairing entities;
  
  generating shared secret keys corresponding to each of the even number of key pairing entities;
  
  generating an encrypted partial slice by encrypting a partial slice associated with the at least one other DS unit using the shared secret keys corresponding to each of the even number of key pairing entities; and
  
  transmitting the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The distributed storage network (DSN) of claim 13, further comprising:
    - determining candidate key pairing entities; and
      
      selecting the even number of key pairing entities from among the candidate key pairing entities.
  - 15. The distributed storage network (DSN) of claim 14, further comprising:
    - determining candidate key pairing entities based on at least one of a rebuilding topology or rebuilding participants.
  - 16. The distributed storage network (DSN) of claim 15, further including:
    - selecting, as the even number of key pairing entities, a node ahead of the at least one other DS unit and a node behind the at least one other DS unit.
  - 17. The distributed storage network (DSN) of claim 13, further comprising:
    - determining the key pairing requirements based on at least one of the following;
      
      the rebuilding request, a predetermination, a message, a DSN performance indicator, a DSN security indicator, a vault ID, or a requester ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Resch, Jason K., Dhuse, Greg R., Leggette, Wesley B.
Primary Examiner(s)
Desrosiers, Evans

Application Number

US15/718,200
Publication Number

US 20180018232A1
Time in Patent Office

194 Days
Field of Search

713189
US Class Current
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 11/1402   Saving, restoring, recoveri...

G06F 11/2089   Redundant storage control f...

G06F 12/1408   by using cryptography for d...

G06F 16/215   Improving data quality; Dat...

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2107   File encryption

H04L 9/085   Secret sharing or secret sp...

H04L 9/0861   Generation of secret inform...

Encryption of slice partials

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Encryption of slice partials

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others