| CPC G06F 21/602 (2013.01) [G06F 21/6227 (2013.01)] | 20 Claims |
|
1. A method comprising:
segmenting a data object into a plurality of chunks;
employing a pseudorandom function to select a first encryption algorithm for a first chunk of the plurality of chunks and a second encryption algorithm for a second chunk of the plurality of chunks;
generating a first encrypted chunk and a second encrypted chunk, including encrypting the first chunk according to the first encryption algorithm and encrypting the second chunk according to the second encryption algorithm;
storing the first encrypted chunk and the second encrypted chunk in a data storage system;
storing metadata that identifies locations in the data storage system at which the first encrypted chunk and the second encrypted chunk are stored, the metadata further identifying the first encryption algorithm and the second encryption algorithm; and
subsequent to storing the first encrypted chunk and the second encrypted chunk, making the data object available for read and write operations, including:
receiving a read or write request for the data object;
identifying the locations in the data storage system, according to the metadata;
identifying the first encryption algorithm and the second encryption algorithm, according to the metadata; and
decrypting the data object, including decrypting the first encrypted chunk and the second encrypted chunk via the first encryption algorithm and the second encryption algorithm, respectively, and according to a permission of a user associated with the read or write request.
|