METHOD AND APPARATUS FOR ACCESSING SECURE DATA IN A DISPERSED STORAGE SYSTEM

US 20110078774A1
Filed: 06/09/2010
Published: 03/31/2011
Est. Priority Date: 09/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method for a computing device to securely access dispersedly stored data, the method comprises:

generating a request to access secure data, wherein the request includes a user identification code (ID) and at least one object name for the secure data;

transmitting the request to a first dispersed storage network (DSN) access portal;

receiving, from the first DSN access portal, a first response that includes, for a data segment of the secure data, a first set of encoded data slices, wherein the first set of encoded data slices includes less than a reconstruction threshold number of encoded data slices, and wherein the first response is based on security level associated with the user ID and security parameters of the secure data;

generating a second request to access the secure data in response to receiving the first response, wherein the second request includes the user ID and the at least one object name for the secure data;

transmitting the second request to a second DSN access portal;

receiving, from the second DSN access portal, a second response that includes, for the data segment of the secure data, a second set of encoded data slices, wherein the second set of the encoded data slices includes less than the reconstruction threshold number of encoded data slices, wherein the second response is based on the security level associated with the user ID, the first response, and the security parameters of the secure data; and

when the first and second sets of encoded data slices include at least the reconstruction threshold number of encoded data slices, decoding the first and second sets of encoded data slices to reconstruct the data segment.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a processing module receiving, from a user device, a request to access secure data, wherein the request includes a user identification code and at least one object name for the secure data. The method continues with the processing module processing the request to determine a security level associated with the user device and to determine security parameters associated with the secure data. The method continues with the processing module determining a level of access to the secure data based on the security level associated with the user device and the security parameters. The method continues with the processing module retrieving a set of encoded data slices from dispersed storage units, wherein the set of encoded data slices includes less than a reconstruction threshold number of encoded data slices and generating a response that includes the set of encoded data slices when the level of access is a partial access level.

128 Citations

View as Search Results

20 Claims

1. A method for a computing device to securely access dispersedly stored data, the method comprises:
- generating a request to access secure data, wherein the request includes a user identification code (ID) and at least one object name for the secure data;
  
  transmitting the request to a first dispersed storage network (DSN) access portal;
  
  receiving, from the first DSN access portal, a first response that includes, for a data segment of the secure data, a first set of encoded data slices, wherein the first set of encoded data slices includes less than a reconstruction threshold number of encoded data slices, and wherein the first response is based on security level associated with the user ID and security parameters of the secure data;
  
  generating a second request to access the secure data in response to receiving the first response, wherein the second request includes the user ID and the at least one object name for the secure data;
  
  transmitting the second request to a second DSN access portal;
  
  receiving, from the second DSN access portal, a second response that includes, for the data segment of the secure data, a second set of encoded data slices, wherein the second set of the encoded data slices includes less than the reconstruction threshold number of encoded data slices, wherein the second response is based on the security level associated with the user ID, the first response, and the security parameters of the secure data; and
  
  when the first and second sets of encoded data slices include at least the reconstruction threshold number of encoded data slices, decoding the first and second sets of encoded data slices to reconstruct the data segment.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the second request further comprises a representation of the first response.
  - 3. The method of claim 1 further comprises:
    - when the first and second sets of encoded data slices do not include at least the reconstruction threshold number of encoded data slices;
      
      generating a third request to access the secure data in response to receiving the first response and the second response, wherein the third request includes the user ID and the at least one object name for the secure data;
      
      transmitting the third request to a third DSN access portal;
      
      receiving, from the third DSN access portal, a third response that includes, for the data segment of the secure data, a third set of encoded data slices, wherein the third set of the encoded data slices includes less than the reconstruction threshold number of encoded data slices, wherein the third response is based on the security level associated with the user ID, the first response, the second response, and the security parameters of the secure data; and
      
      when the first, second, and third sets of encoded data slices include at least the reconstruction threshold number of encoded data slices, decoding the first, second, and third sets of encoded data slices to reconstruct the data segment.
  - 4. The method of claim 1, wherein the security parameters comprises at least one of:
    - a secrecy level of data;
      
      an amount of data;
      
      encryption information regarding the data;
      
      codec information regarding the data; and
      
      error coding dispersal storage function parameters.
  - 5. The method of claim 1, wherein the secure data includes one or more of:
    - financial account information;
      
      user password information;
      
      security credential information; and
      
      personal data.

6. A method for a computing device to facilitate secure access to dispersedly stored data, the method comprises:
- receiving, from a user device, a request to access secure data, wherein the request includes a user identification code (ID) and at least one object name for the secure data;
  
  processing the request to;
  
  determine security level associated with the user device; and
  
  determine security parameters associated with the secure data;
  
  determining a level of access to the secure data based on the security level associated with the user device and the security parameters;
  
  when the level of access is a partial access level;
  
  retrieve a set of encoded data slices from dispersed storage units, wherein the set of encoded data slices includes less than a reconstruction threshold number of encoded data slices; and
  
  generate a response that includes the set of encoded data slices.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the processing further comprises one or more of:
    - communicating with a dispersed storage (DS) managing unit regarding the security level associated with the user device; and
      
      communicating with the dispersed storage (DS) managing unit regarding the security parameters associated with the secure data.
  - 8. The method of claim 6, wherein the determining the level of access further comprises:
    - determining whether the request includes a representation of a response from another computing device;
      
      when the request does not include the representation, determining whether the request is a first request; and
      
      when the request is not the first request, generate a deny request message.
  - 9. The method of claim 6, wherein determining a level of access to the secure data further comprises:
    - determining a number of slices of the set of encoded data slices to include based on a variable function of the security parameters and the security level associated with the user ID, wherein the security parameters includes at least one of;
      
      a secrecy level of data, an amount of data, codec information regarding the data, and error coding dispersal storage function parameters.
  - 10. The method of claim 6, wherein the secure data includes one or more of:
    - financial account information;
      
      user password information;
      
      security credential information; and
      
      personal data.

11. A computing device comprises:
- an interface; and
  
  a processing module operable to;
  
  generate a request to access secure data, wherein the request includes a user identification code (ID) and at least one object name for the secure data;
  
  transmit, via the interface, the request to a first dispersed storage network (DSN) access portal;
  
  receive, from the first DSN access portal via the interface, a first response that includes, for a data segment of the secure data, a first set of encoded data slices, wherein the first set of encoded data slices includes less than a reconstruction threshold number of encoded data slices, and wherein the first response is based on security level associated with the user ID and security parameters of the secure data;
  
  generate a second request to access the secure data in response to receiving the first response, wherein the second request includes the user ID and the at least one object name for the secure data;
  
  transmit, via the interface, the second request to a second DSN access portal;
  
  receive, from the second DSN access portal via the interface, a second response that includes, for the data segment of the secure data, a second set of encoded data slices, wherein the second set of the encoded data slices includes less than the reconstruction threshold number of encoded data slices, wherein the second response is based on the security level associated with the user ID, the first response, and the security parameters of the secure data; and
  
  when the first and second sets of encoded data slices include at least the reconstruction threshold number of encoded data slices, decode the first and second sets of encoded data slices to reconstruct the data segment.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computing device of claim 11, wherein the second request further comprises a representation of the first response.
  - 13. The computing device of claim 11, wherein the processing module further functions to:
    - when the first and second sets of encoded data slices do not include at least the reconstruction threshold number of encoded data slices;
      
      generate a third request to access the secure data in response to receiving the first response and the second response, wherein the third request includes the user ID and the at least one object name for the secure data;
      
      transmit, via the interface, the third request to a third DSN access portal;
      
      receive, from the third DSN access portal via the interface, a third response that includes, for the data segment of the secure data, a third set of encoded data slices, wherein the third set of the encoded data slices includes less than the reconstruction threshold number of encoded data slices, wherein the third response is based on the security level associated with the user ID, the first response, the second response, and the security parameters of the secure data; and
      
      when the first, second, and third sets of encoded data slices include at least the reconstruction threshold number of encoded data slices, decode the first, second, and third sets of encoded data slices to reconstruct the data segment.
  - 14. The computing device of claim 11, wherein the security parameters comprises at least one of:
    - a secrecy level of data;
      
      an amount of data;
      
      encryption information regarding the data;
      
      codec information regarding the data; and
      
      error coding dispersal storage function parameters.
  - 15. The computing device of claim 11, wherein the secure data includes one or more of:
    - financial account information;
      
      user password information;
      
      security credential information; and
      
      personal data.

16. A computing device comprises:
- an interface; and
  
  a processing module operable to;
  
  receive, from a user device via the interface, a request to access secure data, wherein the request includes a user identification code (ID) and at least one object name for the secure data;
  
  process the request to;
  
  determine security level associated with the user device; and
  
  determine security parameters associated with the secure data;
  
  determine a level of access to the secure data based on the security level associated with the user device and the security parameters;
  
  when the level of access is a partial access level;
  
  retrieve, via the interface, a set of encoded data slices from dispersed storage units, wherein the set of encoded data slices includes less than a reconstruction threshold number of encoded data slices; and
  
  generate a response that includes the set of encoded data slices.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computing device of claim 16, wherein the processing module further functions to process the request by:
    - communicating with a dispersed storage (DS) managing unit regarding the security level associated with the user device; and
      
      communicating with the dispersed storage (DS) managing unit regarding the security parameters associated with the secure data.
  - 18. The computing device of claim 16, wherein the processing module further functions to determine the level of access by:
    - determining whether the request includes a representation of a response from another computing device;
      
      when the request does not include the representation, determining whether the request is a first request; and
      
      when the request is not the first request, generate a deny request message.
  - 19. The computing device of claim 16, wherein the processing module further functions to determine the level of access by:
    - determining a number of slices of the set of encoded data slices to include based on a variable function of the security parameters and the security level associated with the user ID, wherein the security parameters includes at least one of;
      
      a secrecy level of data, an amount of data, codec information regarding the data, and error coding dispersal storage function parameters.
  - 20. The computing device of claim 16, wherein the secure data includes one or more of:
    - financial account information;
      
      user password information;
      
      security credential information; and
      
      personal data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
GRUBE, GARY W., MARKISON, TIMOTHY W.

Granted Patent

US 8,689,354 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 2211/1028   Distributed, i.e. distribut...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/202   Interconnection or interact...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

METHOD AND APPARATUS FOR ACCESSING SECURE DATA IN A DISPERSED STORAGE SYSTEM

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

128 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR ACCESSING SECURE DATA IN A DISPERSED STORAGE SYSTEM

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links