DECRYPTING SEGMENTED DATA IN A DISTRIBUTED COMPUTING SYSTEM
First Claim
1. A method for execution by one or more processing modules of one or more computing devices, the method comprises:
- receiving at least a decode threshold number of encoded data slices of a set of encoded data slices;
decoding the at least a decode threshold number of encoded data slices to reproduce a secure data segment;
de-combining the secure data segment to reproduce encrypted data and a masked key;
performing a deterministic function on the encrypted data to produce transformed data;
de-masking the masked key based on the transformed data to produce a master key;
de-aggregating the encrypted data to reproduce a decode threshold number of encrypted data sub-segments;
for each of at least a decode threshold number of encrypted data sub-segments, generating a sub-key based on the master key;
outputting a decode threshold number of sub-keys to a corresponding decode threshold number of distributed storage and task execution units;
for each encrypted data sub-segment, decrypting the encrypted data sub-segment utilizing a corresponding sub-key; and
de-partitioning the decode threshold number of data sub-segments to re-produce a data segment.
3 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module receiving encoded data slices and decoding encoded data slices to reproduce a secure data segment, followed by de-combining the secure data segment to reproduce encrypted data and a masked key. The method continues by performing a deterministic function on the encrypted data to produce transformed data, de-masking the masked key based on the transformed data to produce a master key and de-aggregating the encrypted data to reproduce encrypted data sub-segments. A sub-key is generated based on the master key and a decode threshold number of sub-keys are output to a corresponding number of distributed storage and task execution units, followed by decrypting the encrypted data sub-segment utilizing a corresponding sub-key for each encrypted data sub-segment and de-partitioning the decode threshold number of data sub-segments to re-produce a data segment.
9 Citations
18 Claims
-
1. A method for execution by one or more processing modules of one or more computing devices, the method comprises:
-
receiving at least a decode threshold number of encoded data slices of a set of encoded data slices; decoding the at least a decode threshold number of encoded data slices to reproduce a secure data segment; de-combining the secure data segment to reproduce encrypted data and a masked key; performing a deterministic function on the encrypted data to produce transformed data; de-masking the masked key based on the transformed data to produce a master key; de-aggregating the encrypted data to reproduce a decode threshold number of encrypted data sub-segments; for each of at least a decode threshold number of encrypted data sub-segments, generating a sub-key based on the master key; outputting a decode threshold number of sub-keys to a corresponding decode threshold number of distributed storage and task execution units; for each encrypted data sub-segment, decrypting the encrypted data sub-segment utilizing a corresponding sub-key; and de-partitioning the decode threshold number of data sub-segments to re-produce a data segment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A dispersed storage (DS) module comprises:
-
a first module, when operable within a computing device, causes the computing device to;
receive encoded data slices; andunsecure each encoded data slice for a partition based on slice de-security information to generate sliced encoded data; a second module, when operable within the computing device, causes the computing device to;
de-slice the sliced encoded data into encoded data segments;a third module, when operable within the computing device, causes the computing device to;
decode the encoded data segments to produce secure data segments;a fourth module, when operable within the computing device, causes the computing device to;
unsecure the secured data segments to produce data segments; anda fifth module, when operable within the computing device, causes the computing device to;
de-segment the data segments into one or more data partitions. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification