Shared security utility appliance for secure application and data processing
US-9438627-B2 · Sep 6, 2016 · US
Enhancing security for multiple storage configurations
US10129023B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10129023-B2 |
| Application number | US-201615234306-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 11, 2016 |
| Priority date | Aug 11, 2016 |
| Publication date | Nov 13, 2018 |
| Grant date | Nov 13, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method begins by a processing module identifying, for a DSN (Dispersed Storage Network) memory using multiple IDA (Information Dispersal Algorithms) configurations simultaneously, a first IDA configuration with a highest security level relative to each of the multiple IDA configurations. The method continues by generating at least one master key. The method continues by encoding the master key with a secure error coding function to produce master key slices according to the first IDA configuration. The method continues by storing the master key slices in the DSN memory using the first IDA configuration. The method continues by, when storing data with a second IDA configuration having a security level lower than the first IDA configuration, retrieving the master key slices, decoding the master key slices to obtain the master key and encrypting the data using the master key.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method comprises: identifying, for a DSN memory using multiple IDA (Information Dispersal Algorithm) configurations simultaneously, a first IDA configuration with a highest security level relative to each of the multiple IDA configurations; generating a master key; encoding the master key with a secure error coding function to produce master key slices according to the first IDA configuration; storing the master key slices in the DSN memory using the first IDA configuration; and when storing data with a second IDA configuration having a security level lower than the first IDA configuration, retrieving the master key slices, decoding the master key slices to obtain the master key and encrypting the data using the master key. 2. The method of claim 1 , wherein the highest security level is determined based one or more relative levels of: reliability, physical protection of the DSN memory, geographical distribution of the DSN memory, or IDA threshold. 3. The method of claim 1 , wherein the secure error coding function further includes signing keys using any of: a digital signature algorithm, an HMAC function, or message authentication code requiring knowledge of the master key. 4. The method of claim 1 , wherein the secure error coding function includes any of: AONT (all-or-nothing transform) or Shamir Secret Sharing. 5. The method of claim 1 , wherein the encrypting data includes and of: encrypting the data prior to error coding or resulting slices after error coding the data. 6. The method of claim 1 , wherein the encrypting data includes using unique keys derived the master key or wrapped by the master key. 7. The method of claim 1 , wherein the master key is any of: a key wrapping key, a master encryption key, or a master signing key. 8. The method of claim 1 , wherein the master key is cached for future decoding. 9. A computing device of a group of computing devices of a dispersed storage network (DSN), the computing device comprises: an interface; a local memory; and a processing module operably coupled to the interface and the local memory, wherein the processing module functions to: identify, for a DSN memory using multiple IDA (Information Dispersal Algorithm) configurations simultaneously, a first IDA configuration with a highest security level relative to each of the multiple IDA configurations; generate a master key; encode the master key with a secure error coding function to produce master key slices according to the first IDA configuration; store the master key slices in the DSN memory using the first IDA configuration; and when storing data with a second IDA configuration having a security level lower than the first IDA configuration, retrieve the master key slices, decode the master key slices to obtain the master key and encrypt the data using the master key. 10. The computing device of claim 9 , wherein the highest security level is determined based one or more relative levels of: reliability, physical protection of the DSN memory, geographical distribution of the DSN memory, or IDA threshold. 11. The computing device of claim 9 , wherein the secure error coding function further includes signing keys using any of: a digital signature algorithm, an HMAC function, or message authentication code requiring knowledge of the master key. 12. The computing device of claim 9 , wherein the secure error coding function includes any of: AONT (all-or-nothing transform) or Shamir Secret Sharing. 13. The computing device of claim 9 , wherein the encrypting data includes and of: encrypting the data prior to error coding or resulting slices after error coding the data. 14. The computing device of claim 9 , wherein the encrypting data includes using unique keys derived the master key or wrapped by the master key. 15. The computing device of claim 9 , wherein the master key is any of: a key wrapping key, a master encryption key, or a master signing key. 16. The computing device of claim 9 , wherein the master key is cached for future decoding of the data.
Assignees
Inventors
Classifications
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS] · CPC title
Parity data used in redundant arrays of independent storages, e.g. in RAID systems · CPC title
Error detection; Error correction; Monitoring (error detection, correction or monitoring in information storage based on relative movement between record carrier and transducer G11B20/18; monitoring, i.e. supervising the progress of recording or reproducing G11B27/36; in static stores G11C29/00) · CPC title
received data contents, e.g. message integrity · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10129023B2 cover?
- A method begins by a processing module identifying, for a DSN (Dispersed Storage Network) memory using multiple IDA (Information Dispersal Algorithms) configurations simultaneously, a first IDA configuration with a highest security level relative to each of the multiple IDA configurations. The method continues by generating at least one master key. The method continues by encoding the master ke…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 13 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).