发明名称 |
SECURING A DATA SEGMENT FOR STORAGE |
摘要 |
A method begins by a dispersed storage (DS) processing module encrypting a data segment utilizing an encryption key to produce an encrypted data segment and performing a deterministic function on the encrypted data to produce a transformed representation of the encrypted data. The method continues with the DS processing module masking the encryption key utilizing the transformed representation of the encrypted data to produce a masked key, partitioning the masked key into a plurality masked key partitions, partitioning the encrypted data segment into a plurality of encrypted data segment partitions, and combining the plurality of masked key partitions with the plurality of encrypted data segment partitions to produce a plurality of combined partitions. For a combined partition of the plurality of combined partitions, the method continues with the DS processing module encoding the combined partition using a dispersed storage error coding function to produce a set of encoded data slices. |
申请公布号 |
US2014331065(A1) |
申请公布日期 |
2014.11.06 |
申请号 |
US201414331676 |
申请日期 |
2014.07.15 |
申请人 |
CLEVERSAFE, INC. |
发明人 |
Resch Jason K. |
分类号 |
G06F12/14;G06F11/20 |
主分类号 |
G06F12/14 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method for execution by a computer, the method comprises:
retrieving a plurality of sets of encoded data slices, wherein a set of encoded data slices corresponds to a dispersed storage error encoded combined partition of a plurality of combined partitions; dispersed storage error decoding the plurality of sets of encoded data slices to reproduce the plurality of combined partitions; separating the plurality of combined partitions into a plurality of masked key partitions and a plurality of encrypted data segment partitions; combining the plurality of masked key partitions to produce a masked key; combining the plurality of encrypted data segment partitions to produce an encrypted data segment; performing a deterministic function on the encrypted data segment to produce a transformed representation of the encrypted data segment; unmasking the masked key utilizing the transformed representation of the encrypted data segment to recover an encryption key; and decrypting the encrypted data segment using the encryption key to recover a data segment. |
地址 |
CHICAGO IL US |