| 发明名称 |
SECURING DATA IN A DISPERSED STORAGE NETWORK |
| 摘要 |
A method begins by a source processing module securing data based on a key stream to produce secured data, where the key stream is derived from a unilateral encryption key accessible only to the source processing module, and sending the secure data to an intermediator processing module, where desecuring the secured data is divided into two partial desecuring stages. The method continues with the intermediator processing module partially desecuring the secure data in accordance with a first partial desecuring stage to produce partially desecured data and sending the partially desecured data to a destination processing module. The method continues with the destination processing module further partially desecuring the partially desecured data in accordance with a second desecuring stage to recover the data, where the destination processing module does not have access to the encryption key or to the key stream. |
| 申请公布号 |
US2014359276(A1) |
申请公布日期 |
2014.12.04 |
| 申请号 |
US201414256472 |
申请日期 |
2014.04.18 |
| 申请人 |
CLEVERSAFE, INC. |
发明人 |
Resch Jason K.;Dhuse Greg |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprises:
a first set of steps performed by a first computing unit of a dispersed storage network (DSN) includes:
converting an encryption key into a key stream;encrypting data based on the key stream and an encryption function to produce encrypted data;dispersed storage error encoding the key stream to produce a set of encoded key stream slices;dispersed storage error encoding the encrypted data to produce a set of encoded and encrypted data slices; andoutputting the set of encoded key stream slices and the set of encoded and encrypted data slices to storage units of the DSN for storage therein; a second set of steps performed by one of the storage units includes:
receiving a retrieval request regarding an encoded key stream slice of the set of encoded key stream slices and an encoded and encrypted data slice of the set of encoded and encrypted data slices;partially dispersed storage error decoding the encoded key stream slice to produce a partially decoded key stream vector;partially dispersed storage error decoding the encoded and encrypted data slice to produce a partially decoded and encrypted data vector; andpartially decrypting the partially decoded and encrypted data vector in accordance with the encryption function and based on the partially decoded key stream vector to produce a partially decrypted and decoded data vector; and a third set of steps performed by a second computing unit of the DSN includes:
receiving partially decrypted and decoded data vectors in response to sent retrieval requests that includes the retrieval request; andreproducing, without access to the encryption key and without access to the key stream, the data from the partially decrypted and decoded data vectors based on a function in accordance with the encryption function. |
| 地址 |
CHICAGO IL US |
