ACCESSING DATA UTILIZING ENTITY REGISTRATION IN MULTIPLE DISPERSED STORAGE NETWORKS

US 20110289577A1
Filed: 05/11/2011
Published: 11/24/2011
Est. Priority Date: 05/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprises:

determining whether a data access request is requesting access to data stored in a plurality of dispersed storage networks (DSNs);

when the data access request is requesting access to data stored in the plurality of DSNs, determining whether one of the plurality of DSNs is a home DSN to a requesting entity; and

when the plurality of DSNs includes the home DSN;

utilizing a local signed certificate to access one or more dispersed storage (DS) units of the home DSN;

validating a global signed certificate with one or more DS units of a non-home DSN of the plurality of DSNs to produce a valid global signed certificate; and

utilizing the valid global signed certificate to access the one or more DS units of the non-home DSN.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a processing module determining whether a data access request is requesting access to data stored in a plurality of dispersed storage networks (DSNs). The method continues with the processing module determining whether one of the plurality of DSNs is a home DSN to a requesting entity when the data access request is requesting access to data stored in the plurality of DSNs. The method continues with the processing module utilizing a local signed certificate to access one or more dispersed storage (DS) units of the home DSN, validating a global signed certificate with one or more DS units of a non-home DSN of the plurality of DSNs to produce a valid global signed certificate, and utilizing the valid signed certificate to access the one or more DS units of the non-home DSN when the plurality of DSNs includes the home DSN.

34 Citations

View as Search Results

18 Claims

1. A method comprises:
- determining whether a data access request is requesting access to data stored in a plurality of dispersed storage networks (DSNs);
  
  when the data access request is requesting access to data stored in the plurality of DSNs, determining whether one of the plurality of DSNs is a home DSN to a requesting entity; and
  
  when the plurality of DSNs includes the home DSN;
  
  utilizing a local signed certificate to access one or more dispersed storage (DS) units of the home DSN;
  
  validating a global signed certificate with one or more DS units of a non-home DSN of the plurality of DSNs to produce a valid global signed certificate; and
  
  utilizing the valid global signed certificate to access the one or more DS units of the non-home DSN.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprises:
    - when the data access request is requesting access to data stored in one of the plurality of DSNs, determining whether the one of the plurality of DSNs is the home DSN or the non-home DSN; and
      
      when the one of the plurality of DSNs is the non-home DSN;
      
      validating a global signed certificate with a set of DS units of a non-home DSN of the plurality of DSNs to produce the valid global signed certificate; and
      
      utilizing the valid global signed certificate to access the set of DS units of the non-home DSN.
  - 3. The method of claim 1, wherein the validating the global signed certificate with the one or more DS units of the non-home DSN comprises at least one of:
    - validating the global signed certificate with each of the one or more DS units of the non-home DSN of the plurality of DSNs to produce a set of valid global signed certificates; and
      
      validating the global signed certificate with a proxy unit of the one or more DS units of the non-home DSN of the plurality of DSNs to produce the valid global signed certificate.
  - 4. The method of claim 1, wherein the validating the global signed certificate with the one or more DS units of the non-home DSN comprises:
    - obtaining the global signed certificate from a local memory or from a certificate authority;
      
      sending the global signed certificate to the one or more DS units of the non-home DSN;
      
      receiving a challenge message from the one or more DS units of the non-home DSN;
      
      generating a challenge response message in accordance with the challenge message and based on the global signed certificate;
      
      sending the challenge response message to the one or more DS units of the non-home DSN; and
      
      receiving validation from the one or more DS units of the non-home DSN.
  - 5. The method of claim 1, wherein the determining whether the data access request is requesting access to data stored in the plurality of DSNs further comprises:
    - determining whether access to the plurality of DSNs is established;
      
      when the access to the plurality of DSNs is not established, establishing access to the plurality of DSNs; and
      
      when the access to the plurality of DSNs is established, accessing a DSN look up table based on the data access request.

6. A method comprises:
- receiving, from a requesting entity, an access request that includes a signed certificate;
  
  determining whether the requesting entity is affiliated with a home dispersed storage network (DSN); and
  
  when the requesting entity is not affiliated with the home DSN, validating the signed certificate by;
  
  authenticating the signed certificate in accordance with an authenticating function; and
  
  when the signed certificate is authenticated;
  
  generating a challenge message based on the access request;
  
  outputting the challenge message to the requesting entity;
  
  receiving a challenge response message from the requesting entity; and
  
  executing the access request when the challenge response message compares favorably to an expected response.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein the determining whether the signed certificate is authentic comprises at least one of:
    - sending the signed certificate to an authenticating authority entity; and
      
      determining that a hash of at least a portion of the signed certificate compares favorably to a decrypted corresponding portion of the signed certificate utilizing a public key associated with the requesting entity.
  - 8. The method of claim 6, wherein the generating the challenge message further comprises at least one of:
    - generating a message to include a secret;
      
      generating a challenge instruction that includes an instruction to return a signature of the message using a private key associated with the requesting entity;
      
      encrypting the secret utilizing a public key associated with the requesting entity to produce an encrypted secret for inclusion in the message; and
      
      generating the challenge instruction to include an instruction to return a decrypted secret using the private key.
  - 9. The method of claim 8, wherein the determining whether the challenge response message compares favorably to the expected response comprises at least one of:
    - determining that the signature of the message using the private key is valid based on the public key; and
      
      determining that the decrypted secret compares favorably to the secret.

10. A computer comprises:
- an interface;
  
  a memory; and
  
  a processing module operable to;
  
  determine whether a data access request is requesting access to data stored in a plurality of dispersed storage networks (DSNs);
  
  when the data access request is requesting access to data stored in the plurality of DSNs, determine whether one of the plurality of DSNs is a home DSN to a requesting entity; and
  
  when the plurality of DSNs includes the home DSN;
  
  utilize a local signed certificate to access, via the interface, one or more dispersed storage (DS) units of the home DSN;
  
  validate a global signed certificate with one or more DS units of a non-home DSN of the plurality of DSNs to produce a valid global signed certificate; and
  
  utilize the valid global signed certificate to access, via the interface, the one or more DS units of the non-home DSN.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer of claim 10, wherein the processing module further functions to:
    - when the data access request is requesting access to data stored in one of the plurality of DSNs, determine whether the one of the plurality of DSNs is the home DSN or the non-home DSN; and
      
      when the one of the plurality of DSNs is the non-home DSN;
      
      validate a global signed certificate with a set of DS units of a non-home DSN of the plurality of DSNs to produce the valid global signed certificate; and
      
      utilize the valid global signed certificate to access, via the interface, the set of DS units of the non-home DSN.
  - 12. The computer of claim 10, wherein the processing module functions to validate the global signed certificate with the one or more DS units of the non-home DSN by at least one of:
    - validating the global signed certificate with each of the one or more DS units of the non-home DSN of the plurality of DSNs to produce a set of valid global signed certificates; and
      
      validating the global signed certificate with a proxy unit of the one or more DS units of the non-home DSN of the plurality of DSNs to produce the valid global signed certificate.
  - 13. The computer of claim 10, wherein the processing module functions to validate the global signed certificate with the one or more DS units of the non-home DSN by:
    - obtaining the global signed certificate from a local memory or, via the interface, from a certificate authority;
      
      sending, via the interface, the global signed certificate to the one or more DS units of the non-home DSN;
      
      receiving, via interface, a challenge message from the one or more DS units of the non-home DSN;
      
      generating a challenge response message in accordance with the challenge message and based on the global signed certificate;
      
      sending, via the interface, the challenge response message to the one or more DS units of the non-home DSN; and
      
      receiving, via the interface, validation from the one or more DS units of the non-home DSN.
  - 14. The computer of claim 10, wherein the processing module functions to determine whether the data access request is requesting access to data stored in the plurality of DSNs further by:
    - determining whether access to the plurality of DSNs is established;
      
      when the access to the plurality of DSNs is not established, establishing access to the plurality of DSNs; and
      
      when the access to the plurality of DSNs is established, accessing a DSN look up table, in the memory, based on the data access request.

15. A computer comprises:
- an interface;
  
  a memory; and
  
  a processing module operable to;
  
  receive, from a requesting entity via the interface, an access request that includes a signed certificate;
  
  determine whether the requesting entity is affiliated with a home dispersed storage network (DSN); and
  
  when the requesting entity is not affiliated with the home DSN, validate the signed certificate by;
  
  authenticating the signed certificate in accordance with an authenticating function; and
  
  when the signed certificate is authenticated;
  
  generating a challenge message based on the access request;
  
  outputting, via the interface, the challenge message to the requesting entity;
  
  receiving, via the interface, a challenge response message from the requesting entity; and
  
  executing the access request when the challenge response message compares favorably to an expected response.
- View Dependent Claims (16, 17, 18)
- - 16. The computer of claim 15, wherein the processing module functions to determine whether the signed certificate is authentic by at least one of:
    - sending, via the interface, the signed certificate to an authenticating authority entity; and
      
      determining that a hash of at least a portion of the signed certificate compares favorably to a decrypted corresponding portion of the signed certificate utilizing a public key associated with the requesting entity.
  - 17. The computer of claim 15, wherein the processing module functions to generate the challenge message further by at least one of:
    - generating a message to include a secret;
      
      generating a challenge instruction that includes an instruction to return a signature of the message using a private key associated with the requesting entity;
      
      encrypting the secret utilizing a public key associated with the requesting entity to produce an encrypted secret for inclusion in the message; and
      
      generating the challenge instruction to include an instruction to return a decrypted secret using the private key.
  - 18. The computer of claim 17, wherein the processing module functions to determine whether the challenge response message compares favorably to the expected response by at least one of:
    - determining that the signature of the message using the private key is valid based on the public key; and
      
      determining that the decrypted secret compares favorably to the secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Resch, Jason K., Markison, Timothy W., Grube, Gary W.

Granted Patent

US 8,683,205 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 11/2094   Redundant storage or storag...

G06F 2211/1028   Distributed, i.e. distribut...

H04L 67/1097   for distributed storage of ...

H04L 67/52   specially adapted for the l...

ACCESSING DATA UTILIZING ENTITY REGISTRATION IN MULTIPLE DISPERSED STORAGE NETWORKS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESSING DATA UTILIZING ENTITY REGISTRATION IN MULTIPLE DISPERSED STORAGE NETWORKS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links