DATA FORMATS OF SELF-CONTAINED AUDIT OBJECTS

US 20170192705A1
Filed: 03/22/2017
Published: 07/06/2017
Est. Priority Date: 05/09/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method comprises:

generating, by a device of a dispersed storage network (DSN), an audit object, wherein the audit object includes at least one record regarding the device'"'"'s use of the DSN;

dispersed storage error encoding, by the device, the audit object to produce a set of encoded data slices;

generating, by the device, a set of slice names for the set of encoded data slices, wherein each slice name of the set of slice name includes a pillar number section that contains a unique pillar number for a corresponding encoded data slice of the set of slice names and a common section that contains audit object identifying information, wherein the common section includes an audit vault identifier section and an audit object identifier section, wherein the audit object identifier section includes at least some of;

a device identifier section, a timestamp section, a target identifier section, a source identifier section, a sequence number section, and a transaction type identifier section; and

sending, by the device, the set of encoded data slices in accordance with the set of slice names to a set of storage units of the DSN, wherein the set of slice names corresponds to logical DSN addresses for the set of encoded data slices.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by generating an audit object that includes at least one record regarding the device'"'"'s use of a dispersed storage network (DSN). The method continues by dispersed storage error encoding the audit object to produce a set of encoded data slices and generating a set of slice names for the set of encoded data slices, wherein each slice name of the set of slice name includes a pillar number section that contains a unique pillar number for a corresponding encoded data slice of the set of slice names and a common section that contains audit object identifying information. The method continues by sending the set of encoded data slices in accordance with the set of slice names to a set of storage units of the DSN, wherein the set of slice names corresponds to logical DSN addresses for the set of encoded data slices.

Citations

18 Claims

1. A method comprises:
- generating, by a device of a dispersed storage network (DSN), an audit object, wherein the audit object includes at least one record regarding the device'"'"'s use of the DSN;
  
  dispersed storage error encoding, by the device, the audit object to produce a set of encoded data slices;
  
  generating, by the device, a set of slice names for the set of encoded data slices, wherein each slice name of the set of slice name includes a pillar number section that contains a unique pillar number for a corresponding encoded data slice of the set of slice names and a common section that contains audit object identifying information, wherein the common section includes an audit vault identifier section and an audit object identifier section, wherein the audit object identifier section includes at least some of;
  
  a device identifier section, a timestamp section, a target identifier section, a source identifier section, a sequence number section, and a transaction type identifier section; and
  
  sending, by the device, the set of encoded data slices in accordance with the set of slice names to a set of storage units of the DSN, wherein the set of slice names corresponds to logical DSN addresses for the set of encoded data slices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein generating the audit object further comprises:
    - generating a set of audit objects that is regarding a write transaction to storage units of the DSN, wherein the write transaction includes a write sequence number, a write request phase, a write commit phase, and a write final phase, wherein records of the set of audit objects are generated for at least some of;
      
      write requests of the write request phase sent from a user device to the storage units;
      
      write responses to the write requests sent from at least some of the storage units to the user device;
      
      write commit requests of the write commit phase sent from the user device to the storage units;
      
      write commit responses to the write commit requests sent from the at least some of the storage units to the user device;
      
      write finalize requests of the write finalize phase sent from the user device to the storage units; and
      
      write finalize responses to the write finalize requests sent from at least some of the storage units to the user device.
  - 3. The method of claim 2, wherein when the device is the user device, the method further comprises:
    - generating a first audit object of the set of audit objects regarding transactions between the user device and a first storage unit of the storage units, wherein the first audit object includes;
      
      a first record regarding a first write request of the write requests sent to the first storage unit;
      
      a second record regarding a first write response of the write responses received from the first storage unit;
      
      a third record regarding a first write commit request of the write commit requests sent to the first storage unit;
      
      a fourth record regarding a first write commit response of the write commit responses received from the first storage unit;
      
      a fifth record regarding a first write finalize request of the write finalize requests sent to the first storage unit; and
      
      a sixth record regarding a first write finalize response of the write finalize responses received from the first storage unit; and
      
      generating a second audit object of the set of audit objects regarding transactions between the user device and a second storage unit of the storage units.
  - 4. The method of claim 3 further comprises:
    - generating a first set of slice names for the first audit object, wherein;
      
      the device identifier section contains a user device identifier of the user device;
      
      the timestamp section contains a timestamp that corresponds to an initial time of the write transaction;
      
      the target identifier section contains an identifier of the first storage unit;
      
      the source identifier section contains an identifier of a source of the write transaction;
      
      the sequence number section contains the write sequence number; and
      
      the transaction type identifier section contains a write transaction; and
      
      generating a second set of slice names for the second audit object, wherein;
      
      the device identifier section contains the user device identifier;
      
      the timestamp section contains the timestamp;
      
      the target identifier section contains an identifier of the second storage unit;
      
      the source identifier section contains the identifier of the source of the write transaction;
      
      the sequence number section contains the write sequence number; and
      
      the transaction type identifier section contains the write transaction.
  - 5. The method of claim 2, wherein when the device is a first storage unit of the storage units, the method further comprises:
    - generating a first audit object of the set of audit objects regarding transactions between the user device and the first storage unit, wherein the first audit object includes;
      
      a first record regarding a first write request of the write requests received from the user device;
      
      a second record regarding a first write response of the write responses sent to the user device;
      
      a third record regarding a first write commit request of the write commit received from the user device;
      
      a fourth record regarding a first write commit response of the write commit responses sent to the user device;
      
      a fifth record regarding a first write finalize request of the write finalize requests received from the user device; and
      
      a sixth record regarding a first write finalize response of the write finalize responses sent to the user device.
  - 6. The method of claim 5 further comprises:
    - generating a first set of slice names for the first audit object, wherein;
      
      the device identifier section contains an identifier of the first storage unit;
      
      the timestamp section contains a timestamp that corresponds to an initial time of the write transaction;
      
      the target identifier section contains the identifier of the first storage unit;
      
      the source identifier section contains an identifier of a source of the write transaction;
      
      the sequence number section contains the write sequence number; and
      
      the transaction type identifier section contains a write transaction.
  - 7. The method of claim 1, wherein generating the audit object further comprises:
    - generating a first audit object of a set of audit objects of a read transaction, wherein the first audit object is regarding transactions between a user device and a first storage unit of the set of storage units, wherein the first audit object includes;
      
      a first record regarding a first read request of a set of read requests sent to the first storage unit; and
      
      a second record regarding a first read response of a set of read responses received from the first storage unit; and
      
      generating a second audit object of the set of audit objects, wherein the second audit object is regarding transactions between the user device and a second storage unit of the set of storage units, wherein the second audit object includes;
      
      a first record regarding a second read request of the set of read requests sent to the second storage unit; and
      
      a second record regarding a second read response of the set of read responses received from the second storage unit.
  - 8. The method of claim 7 further comprises:
    - generating a first set of slice names for the first audit object, wherein;
      
      the device identifier section contains a user device identifier of the user device;
      
      the timestamp section contains a timestamp that corresponds to an initial time of the read transaction;
      
      the target identifier section contains an identifier of the first storage unit;
      
      the source identifier section contains an identifier of a source of the read transaction;
      
      the sequence number section contains a read sequence number; and
      
      the transaction type identifier section contains a read transaction.
  - 9. The method of claim 1 further comprises:
    - generating the audit object to include one or more of a certificate chain and a digital signature.

10. A computer readable memory comprises:
- a first memory section for storing operational instructions that, when executed by a computing device of a dispersed storage network (DSN), causes the computing device to;
  
  generate an audit object, wherein the audit object includes at least one record regarding a device'"'"'s use of the DSN;
  
  a second memory section for storing operational instructions that, when executed by the computing device, causes the computing device to;
  
  dispersed storage error encode the audit object to produce a set of encoded data slices;
  
  a third memory section for storing operational instructions that, when executed by the computing device, causes the computing device to;
  
  generate a set of slice names for the set of encoded data slices, wherein each slice name of the set of slice name includes a pillar number section that contains a unique pillar number for a corresponding encoded data slice of the set of slice names and a common section that contains audit object identifying information, wherein the common section includes an audit vault identifier section and an audit object identifier section, wherein the audit object identifier section includes at least some of;
  
  a device identifier section, a timestamp section, a target identifier section, a source identifier section, a sequence number section, and a transaction type identifier section; and
  
  a fourth memory section for storing operational instructions that, when executed by the computing device, causes the computing device to;
  
  send the set of encoded data slices in accordance with the set of slice names to a set of storage units of the DSN, wherein the set of slice names corresponds to logical DSN addresses for the set of encoded data slices.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer readable memory of claim 10, wherein the first memory section stores further operational instructions that, when executed by the computing device, causes the computing device to generate the audit object by:
    - generating a set of audit objects that is regarding a write transaction to storage units of the DSN, wherein the write transaction includes a write sequence number, a write request phase, a write commit phase, and a write final phase, wherein records of the set of audit objects are generated for at least some of;
      
      write requests of the write request phase sent from a user device to the storage units;
      
      write responses to the write requests sent from at least some of the storage units to the user device;
      
      write commit requests of the write commit phase sent from the user device to the storage units;
      
      write commit responses to the write commit requests sent from the at least some of the storage units to the user device;
      
      write finalize requests of the write finalize phase sent from the user device to the storage units; and
      
      write finalize responses to the write finalize requests sent from at least some of the storage units to the user device.
  - 12. The computer readable memory of claim 11, wherein the first memory section stores further operational instructions that, when executed by the computing device and the computing device is the user device, causes the computing device to:
    - generate a first audit object of the set of audit objects regarding transactions between the user device and a first storage unit of the storage units, wherein the first audit object includes;
      
      a first record regarding a first write request of the write requests sent to the first storage unit;
      
      a second record regarding a first write response of the write responses received from the first storage unit;
      
      a third record regarding a first write commit request of the write commit requests sent to the first storage unit;
      
      a fourth record regarding a first write commit response of the write commit responses received from the first storage unit;
      
      a fifth record regarding a first write finalize request of the write finalize requests sent to the first storage unit; and
      
      a sixth record regarding a first write finalize response of the write finalize responses received from the first storage unit; and
      
      generate a second audit object of the set of audit objects regarding transactions between the user device and a second storage unit of the storage units.
  - 13. The computer readable memory of claim 12, wherein the third memory section stores further operational instructions that, when executed by the computing device, causes the computing device to:
    - generate a first set of slice names for the first audit object, wherein;
      
      the device identifier section contains a user device identifier of the user device;
      
      the timestamp section contains a timestamp that corresponds to initial of the write transaction;
      
      the target identifier section contains an identifier of the first storage unit;
      
      the source identifier section contains an identifier of a source of the write transaction;
      
      the sequence number section contains the write sequence number; and
      
      the transaction type identifier section contains a write transaction; and
      
      generate a second set of slice names for the second audit object, wherein;
      
      the device identifier section contains the user device identifier;
      
      the timestamp section contains the timestamp;
      
      the target identifier section contains an identifier of the second storage unit;
      
      the source identifier section contains the identifier of the source of the write transaction;
      
      the sequence number section contains the write sequence number; and
      
      the transaction type identifier section contains the write transaction.
  - 14. The computer readable memory of claim 11, wherein the first memory section stores further operational instructions that, when executed by the computing device and the computing device is a first storage unit of the storage units, causes the computing device to:
    - generate a first audit object of the set of audit objects regarding transactions between the user device and the first storage unit, wherein the first audit object includes;
      
      a first record regarding a first write request of the write requests received from the user device;
      
      a second record regarding a first write response of the write responses sent to the user device;
      
      a third record regarding a first write commit request of the write commit received from the user device;
      
      a fourth record regarding a first write commit response of the write commit responses sent to the user device;
      
      a fifth record regarding a first write finalize request of the write finalize requests received from the user device; and
      
      a sixth record regarding a first write finalize response of the write finalize responses sent to the user device.
  - 15. The computer readable memory of claim 14, wherein the third memory section stores further operational instructions that, when executed by the computing device causes the computing device to:
    - generate a first set of slice names for the first audit object, wherein;
      
      the device identifier section contains an identifier of the first storage unit;
      
      the timestamp section contains a timestamp that corresponds to initial of the write transaction;
      
      the target identifier section contains the identifier of the first storage unit;
      
      the source identifier section contains an identifier of a source of the write transaction;
      
      the sequence number section contains the write sequence number; and
      
      the transaction type identifier section contains a write transaction.
  - 16. The computer readable memory of claim 10, wherein the first memory section stores further operational instructions that, when executed by the computing device causes the computing device to generate the audit object by:
    - generating a first audit object of a set of audit objects of a read transaction, wherein the first audit object is regarding transactions between a user device and a first storage unit of the set of storage units, wherein the first audit object includes;
      
      a first record regarding a first read request of a set of read requests sent to the first storage unit; and
      
      a second record regarding a first read response of a set of read responses received from the first storage unit; and
      
      generating a second audit object of the set of audit objects, wherein the second audit object is regarding transactions between the user device and a second storage unit of the set of storage units, wherein the second audit object includes;
      
      a first record regarding a second read request of the set of read requests sent to the second storage unit; and
      
      a second record regarding a second read response of the set of read responses received from the second storage unit.
  - 17. The computer readable memory of claim 16, wherein the third memory section stores further operational instructions that, when executed by the computing device causes the computing device to:
    - generate a first set of slice names for the first audit object, wherein;
      
      the device identifier section contains a user device identifier of the user device;
      
      the timestamp section contains a timestamp that corresponds to initial of the read transaction;
      
      the target identifier section contains an identifier of the first storage unit;
      
      the source identifier section contains an identifier of a source of the read transaction;
      
      the sequence number section contains a read sequence number; and
      
      the transaction type identifier section contains a read transaction.
  - 18. The computer readable memory of claim 10, wherein the first memory section stores further operational instructions that, when executed by the computing device causes the computing device to:
    - generate the audit object to include one or more of a certificate chain and a digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Resch, Jason K., Grube, Gary W., Markison, Timothy W.

Application Number

US15/466,566
Publication Number

US 20170192705A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 11/3006   where the computing system ...

G06F 11/3034   where the computing system ...

G06F 11/3476   Data logging G06F11/14, G06...

G06F 16/2365   Ensuring data consistency a...

G06F 21/445   by mutual authentication, e...

G06F 21/50   Monitoring users, programs ...

G06F 21/51   at application loading time...

G06F 21/60   Protecting data

G06F 21/604   Tools and structures for ma...

G06F 21/805   using a security table for ...

G06F 21/82   Protecting input, output or...

G06F 2201/87   Monitoring of transactions

G06F 2211/1028   Distributed, i.e. distribut...

H03M 13/1515   Reed-Solomon codes

H03M 13/616   Matrix operations, especial...

H04L 67/1097   for distributed storage of ...

DATA FORMATS OF SELF-CONTAINED AUDIT OBJECTS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

DATA FORMATS OF SELF-CONTAINED AUDIT OBJECTS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links