Storage of sensitive data in a dispersed storage network
First Claim
Patent Images
1. A method comprises:
- applying a share encoding function on data to produce a plurality of encoded shares;
generating a corresponding plurality of random numbers for the plurality of encoded shares;
for an encoded share of the plurality of encoded shares;
generating an encryption key based on a common password and a random number of the corresponding plurality of random numbers;
encrypting the encoded share utilizing the encryption key to produce an encrypted share;
dispersed storage error encoding the encrypted share to produce a group of encoded share slices;
sending the group of encoded share slices to a dispersed storage network (DSN) memory for storage therein; and
for the random number;
dispersed storage error encoding the random number to produce a group of encoded random number slices; and
sending the group of encoded random number slices to the DSN memory or another DSN memory for storage therein.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a processing module applying a share encoding function on data to produce a plurality of encoded shares and generating a corresponding plurality of random numbers for the plurality of encoded shares. The method continues with the processing module generating an encryption key based on a common password and a corresponding one of the corresponding plurality of random numbers and encrypting the encoded share utilizing the encryption key to produce an encrypted share for each encoded share of the plurality of encoded shares. The method continues with the processing module facilitating storage of the corresponding plurality of random numbers and each of the encrypted shares.
91 Citations
28 Claims
-
1. A method comprises:
-
applying a share encoding function on data to produce a plurality of encoded shares; generating a corresponding plurality of random numbers for the plurality of encoded shares; for an encoded share of the plurality of encoded shares; generating an encryption key based on a common password and a random number of the corresponding plurality of random numbers; encrypting the encoded share utilizing the encryption key to produce an encrypted share; dispersed storage error encoding the encrypted share to produce a group of encoded share slices; sending the group of encoded share slices to a dispersed storage network (DSN) memory for storage therein; and for the random number; dispersed storage error encoding the random number to produce a group of encoded random number slices; and sending the group of encoded random number slices to the DSN memory or another DSN memory for storage therein. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprises:
-
retrieving at least a decode threshold number of stored random numbers to produce a set of stored random numbers; retrieving at least a decode threshold number of encrypted shares to produce a set of encrypted shares, wherein the set of encrypted shares corresponds to the set of stored random numbers; generating a set of blinded passwords based on a common password and a set of blinded random numbers; generating a set of passkeys based on the set of blinded passwords and the set of stored random numbers; generating a set of decryption keys based on the set of blinded random numbers and the set of passkeys; decrypting each encrypted share of the set of encrypted shares utilizing a corresponding decryption key of the set of decryption keys to produce a set of shares; and decoding the set of shares to reproduce data. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer comprises:
-
an interface; a memory; and a processing module operable to; apply a share encoding function on data to produce a plurality of encoded shares; generate a corresponding plurality of random numbers for the plurality of encoded shares; for an encoded share of the plurality of encoded shares; generate an encryption key based on a common password and a random number of the corresponding plurality of random numbers; encrypt the encoded share utilizing the encryption key to produce an encrypted share; dispersed storage error encode the encrypted share to produce a group of encoded share slices; send, via the interface, the group of encoded share slices to a dispersed storage network (DSN) memory for storage therein; and for the random number; dispersed storage error encode the random number to produce a group of encoded random number slices; and send, via the interface, the group of encoded random number slices to the DSN memory or another DSN memory for storage therein. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A computer comprises:
-
an interface; a memory; and a processing module operable to; retrieve, view the interface, at least a decode threshold number of stored random numbers to produce a set of stored random numbers; retrieve, via the interface, at least a decode threshold number of encrypted shares to produce a set of encrypted shares, wherein the set of encrypted shares corresponds to the set of stored random numbers; generate a set of blinded passwords based on a common password and a set of blinded random numbers; generate a set of passkeys based on the set of blinded passwords and the set of stored random numbers; generate a set of decryption keys based on the set of blinded random numbers and the set of passkeys; decrypt each encrypted share of the set of encrypted shares utilizing a corresponding decryption key of the set of decryption keys to produce a set of shares; and decode the set of shares to reproduce data. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
Specification