Authenticating a data access request to a dispersed storage network

US 8,627,114 B2
Filed: 07/12/2011
Issued: 01/07/2014
Est. Priority Date: 08/02/2010
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprises:

sending, by a data accessing module of a dispersed storage network (DSN), a data access request to a data storage module of the DSN;

sending, by the data storage module, an authentication request to an authenticating module of the DSN, wherein the authentication request includes at least a portion of the data access request;

outputting, by the authenticating module, a verification request destined for the data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request;

outputting, by the data accessing module, a verification response destined for the authenticating module, wherein the verification response includes a modified verification code that is generated based on the verification code and a credential;

outputting, by the authenticating module, an authentication response to the data storage module, wherein the authentication response is generated based on the verification response; and

facilitating, by the data storage module, the data access request when the authentication response is favorable.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method to authenticate a data access request begins by a data accessing module sending the data access request to a data storage module and continues with the data storage module sending an authentication request to an authenticating module. The method continues with the authenticating module outputting a verification request destined for the data accessing module, where the verification request includes a verification code that is generated based on the authentication request. The method continues with the data accessing module outputting a verification response that includes a modified verification code that is generated based on the verification code and a credential. The method continues with the authenticating module outputting an authentication response to the data storage module, where the authentication response is generated based on the verification response, and continues with the data storage module facilitating the data access request when the authentication response is favorable.

326 Citations

22 Claims

1. A computer implemented method comprises:
- sending, by a data accessing module of a dispersed storage network (DSN), a data access request to a data storage module of the DSN;
  
  sending, by the data storage module, an authentication request to an authenticating module of the DSN, wherein the authentication request includes at least a portion of the data access request;
  
  outputting, by the authenticating module, a verification request destined for the data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request;
  
  outputting, by the data accessing module, a verification response destined for the authenticating module, wherein the verification response includes a modified verification code that is generated based on the verification code and a credential;
  
  outputting, by the authenticating module, an authentication response to the data storage module, wherein the authentication response is generated based on the verification response; and
  
  facilitating, by the data storage module, the data access request when the authentication response is favorable.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer implemented method of claim 1, wherein the sending the authentication request further comprises:
    - identifying, by the data storage module, the authenticating module for the data accessing module based on the data access request.
  - 3. The computer implemented method of claim 1, wherein the data access request comprises one or more of:
    - a read request;
      
      a write request;
      
      a list request;
      
      a delete request; and
      
      an edit request.
  - 4. The computer implemented method of claim 1, wherein the outputting of the verification request by the authentication module comprises:
    - sending the verification request to the data storage module; and
      
      forwarding, by the data storage module, the verification request to the data accessing module.
  - 5. The computer implemented method of claim 1, wherein the outputting of the verification response by the data accessing module comprises:
    - sending the verification response to the data storage module; and
      
      forwarding, by the data storage module, the verification response to the authenticating module.
  - 6. The computer implemented method of claim 1, wherein the generating the modified verification code comprises:
    - performing a verifying function on the verification code and the credential to produce the modified verification code.
  - 7. The computer implemented method of claim 1, wherein the generating the authentication response comprises:
    - performing a verifying function on the verification code and a reference credential to produce a reference verification code;
      
      comparing the modified verification code with the reference verification code; and
      
      when the comparison is favorable, generating the authentication response to indicate a favorable authentication.

8. A computer implemented method comprises:
- receiving a data access request from a data accessing module of a dispersed storage network (DSN);
  
  sending an authentication request to an authenticating module of the DSN, wherein the authentication request includes at least a portion of the data access request;
  
  receiving an authentication response from the authenticating module, wherein the authentication response is generated based on a verification response of the data accessing module; and
  
  facilitating the data access request when the authentication response is favorable.
- View Dependent Claims (9)
- - 9. The computer implemented method of claim 8, wherein the sending the authentication request further comprises:
    - identifying the authenticating module for the data accessing module based on the data access request.

10. A computer implemented method comprises:
- receiving an authentication request from a data storage module of a dispersed storage network (DSN), wherein the authentication request includes at least a portion of a data access request of a data accessing module of the DSN;
  
  outputting a verification request destined for the data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request;
  
  receiving a verification response, wherein the verification response includes a modified verification code that is generated by the data accessing module based on the verification code and a credential; and
  
  outputting an authentication response that is generated based on the verification response, wherein, the data access request is authenticated when the authentication response is favorable.
- View Dependent Claims (11)
- - 11. The computer implemented method of claim 10, wherein the generating the authentication response comprises:
    - performing a verifying function on the verification code and a reference credential to produce a reference verification code;
      
      comparing the modified verification code with the reference verification code; and
      
      when the comparison is favorable, generating the authentication response to indicate a favorable authentication.

12. A dispersed storage network (DSN) comprises:
- a data accessing unit that includes;
  
  an data access unit interface; and
  
  a data access processing module;
  
  a data storage unit that includes;
  
  a data storage interface; and
  
  a data storage processing module; and
  
  an authenticating unit that includes;
  
  an authenticating interface; and
  
  an authenticating processing module, wherein;
  
  the data accessing unit sends, via the data accessing interface, a data access request to the data storage unit;
  
  the data storage unit sends, via the data storage interface, an authentication request to the authenticating unit, wherein the authentication request includes at least a portion of the data access request;
  
  the authenticating unit outputs, via the authenticating interface, a verification request destined for the data accessing unit, wherein the verification request includes a verification code that is generated based on the authentication request;
  
  the data accessing unit outputs, via the data accessing interface, a verification response destined for the authenticating unit, wherein the verification response includes a modified verification code that is generated based on the verification code and a credential;
  
  the authenticating unit outputs, via the authenticating interface, an authentication response to the data storage unit, wherein the authentication response is generated based on the verification response; and
  
  the data storage unit facilitates the data access request when the authentication response is favorable.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The DSN of claim 12, wherein the data storage unit further functions to send the authentication request by:
    - identifying, by the data storage processing module, the authenticating unit for the data accessing module based on the data access request.
  - 14. The DSN of claim 12, wherein the data access request comprises one or more of:
    - a read request;
      
      a write request;
      
      a list request;
      
      a delete request; and
      
      an edit request.
  - 15. The DSN of claim 12, wherein the authenticating unit functions to output the verification request by:
    - sending, via the authenticating interface, the verification request to the data storage unit; and
      
      forwarding, by the data storage interface, the verification request to the data accessing unit.
  - 16. The DSN of claim 12, wherein the data accessing unit functions to output the verification response by:
    - sending, via the data accessing interface, the verification response to the data storage module; and
      
      forwarding, by the data storage interface, the verification response to the authenticating unit.
  - 17. The DSN of claim 12, wherein the authenticating unit functions to generate the modified verification code by:
    - performing, by the authenticating processing module, a verifying function on the verification code and the credential to produce the modified verification code.
  - 18. The DSN of claim 12, wherein the authenticating unit functions to generate the authentication response by:
    - performing, by the authenticating processing module, a verifying function on the verification code and a reference credential to produce a reference verification code;
      
      comparing, by the authenticating processing module, the modified verification code with the reference verification code; and
      
      when the comparison is favorable, generating, by the authenticating processing module, the authentication response to indicate a favorable authentication.

19. A computer comprises:
- an interface;
  
  a memory; and
  
  a processing module operable to;
  
  receive, via the interface, a data access request from a data accessing module of a dispersed storage network (DSN);
  
  send, via the interface, an authentication request to an authenticating module of the DSN, wherein the authentication request includes at least a portion of the data access request;
  
  receive, via the interface, an authentication response from the authenticating module, wherein the authentication response is generated based on a verification response of the data accessing module; and
  
  facilitate the data access request when the authentication response is favorable.
- View Dependent Claims (20)
- - 20. The computer of claim 19, wherein the processing module further functions to send the authentication request by:
    - identifying the authenticating module for the data accessing module based on the data access request.

21. A computer comprises:
- an interface;
  
  a memory; and
  
  a processing module operable to;
  
  receive, via the interface, an authentication request from a data storage module of a dispersed storage network (DSN), wherein the authentication request includes at least a portion of a data access request of a data accessing module of the DSN;
  
  output, via the interface, a verification request destined for the data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request;
  
  receive, via the interface, a verification response, wherein the verification response includes a modified verification code that is generated by the data accessing module based on the verification code and a credential; and
  
  output, via the interface, an authentication response that is generated based on the verification response, wherein, the data access request is authenticated when the authentication response is favorable.
- View Dependent Claims (22)
- - 22. The computer of claim 21, wherein the processing module functions to generate the authentication response by:
    - performing a verifying function on the verification code and a reference credential to produce a reference verification code;
      
      comparing the modified verification code with the reference verification code; and
      
      when the comparison is favorable, generating the authentication response to indicate a favorable authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Resch, Jason K., Leggette, Wesley
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US13/180,675
Publication Number

US 20120030736A1
Time in Patent Office

910 Days
Field of Search

None
US Class Current

713/193
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 21/6218   to a system of files or obj...

G06F 3/0619   in relation to data integri...

G06F 3/064   Management of blocks

G06F 3/0689   Disk arrays, e.g. RAID, JBOD

H04L 1/0045   Arrangements at the receive...

H04L 1/208   involving signal re-encoding

H04L 63/08   for authentication of entit...

H04L 67/1097   for distributed storage of ...

H04W 28/04   Error control

Authenticating a data access request to a dispersed storage network

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

326 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating a data access request to a dispersed storage network

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

326 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links