Method and apparatus for accessing secure data in a dispersed storage system

US 8,689,354 B2
Filed: 06/09/2010
Issued: 04/01/2014
Est. Priority Date: 09/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method for a computing device to securely access dispersedly stored data, the method comprises:

generating, by a processor of the computing device, a request to access secure data, wherein the request includes a user identification code (ID) and at least one object name for the secure data and wherein the secure data includes one or more of;

financial account information, user password information, security credential information, and personal data;

transmitting the request to a first dispersed storage network (DSN) access portal;

receiving, from the first DSN access portal, a first response that includes, for a data segment of the secure data, a first set of encoded data slices, wherein the first set of encoded data slices includes less than a reconstruction threshold number of encoded data slices, wherein the first response is based on security level associated with the user ID and security parameters of the secure data, and wherein the security parameters includes at least one of a secrecy level of data, an amount of data, encryption information regarding the data, codec information regarding the data, and error coding dispersal storage function parameters;

generating a second request to access the secure data in response to receiving the first response, wherein the second request includes the user ID and the at least one object name for the secure data;

transmitting the second request to a second DSN access portal;

receiving, from the second DSN access portal, a second response that includes, for the data segment of the secure data, a second set of encoded data slices, wherein the second set of encoded data slices includes less than the reconstruction threshold number of encoded data slices, wherein the second response is based on the security level associated with the user ID, the first response, and the security parameters of the secure data; and

when the first and second sets of encoded data slices include at least the reconstruction threshold number of encoded data slices, decoding the first and second sets of encoded data slices to reconstruct the data segment.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a processing module receiving, from a user device, a request to access secure data, wherein the request includes a user identification code and at least one object name for the secure data. The method continues with the processing module processing the request to determine a security level associated with the user device and to determine security parameters associated with the secure data. The method continues with the processing module determining a level of access to the secure data based on the security level associated with the user device and the security parameters. The method continues with the processing module retrieving a set of encoded data slices from dispersed storage units, wherein the set of encoded data slices includes less than a reconstruction threshold number of encoded data slices and generating a response that includes the set of encoded data slices when the level of access is a partial access level.

101 Citations

View as Search Results

6 Claims

1. A method for a computing device to securely access dispersedly stored data, the method comprises:
- generating, by a processor of the computing device, a request to access secure data, wherein the request includes a user identification code (ID) and at least one object name for the secure data and wherein the secure data includes one or more of;
  
  financial account information, user password information, security credential information, and personal data;
  
  transmitting the request to a first dispersed storage network (DSN) access portal;
  
  receiving, from the first DSN access portal, a first response that includes, for a data segment of the secure data, a first set of encoded data slices, wherein the first set of encoded data slices includes less than a reconstruction threshold number of encoded data slices, wherein the first response is based on security level associated with the user ID and security parameters of the secure data, and wherein the security parameters includes at least one of a secrecy level of data, an amount of data, encryption information regarding the data, codec information regarding the data, and error coding dispersal storage function parameters;
  
  generating a second request to access the secure data in response to receiving the first response, wherein the second request includes the user ID and the at least one object name for the secure data;
  
  transmitting the second request to a second DSN access portal;
  
  receiving, from the second DSN access portal, a second response that includes, for the data segment of the secure data, a second set of encoded data slices, wherein the second set of encoded data slices includes less than the reconstruction threshold number of encoded data slices, wherein the second response is based on the security level associated with the user ID, the first response, and the security parameters of the secure data; and
  
  when the first and second sets of encoded data slices include at least the reconstruction threshold number of encoded data slices, decoding the first and second sets of encoded data slices to reconstruct the data segment.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the second request further comprises a representation of the first response.
  - 3. The method of claim 1 further comprises:
    - when the first and second sets of encoded data slices do not include at least the reconstruction threshold number of encoded data slices;
      
      generating a third request to access the secure data in response to receiving the first response and the second response, wherein the third request includes the user ID and the at least one object name for the secure data;
      
      transmitting the third request to a third DSN access portal;
      
      receiving, from the third DSN access portal, a third response that includes, for the data segment of the secure data, a third set of encoded data slices, wherein the third set of encoded data slices includes less than the reconstruction threshold number of encoded data slices, wherein the third response is based on the security level associated with the user ID, the first response, the second response, and the security parameters of the secure data; and
      
      when the first, second, and third sets of encoded data slices include at least the reconstruction threshold number of encoded data slices, decoding the first, second, and third sets of encoded data slices to reconstruct the data segment.

4. A computing device comprises:
- an interface; and
  
  a hardware processing module operable to;
  
  generate a request to access secure data, wherein the request includes a user identification code (ID) and at least one object name for the secure data and wherein the secure data includes one or more of;
  
  financial account information, user password information, security credential information, and personal data;
  
  transmit, via the interface, the request to a first dispersed storage network (DSN) access portal;
  
  receive, from the first DSN access portal via the interface, a first response that includes, for a data segment of the secure data, a first set of encoded data slices, wherein the first set of encoded data slices includes less than a reconstruction threshold number of encoded data slices, and wherein the first response is based on security level associated with the user ID and security parameters of the secure data, and wherein the security parameters includes at least one of a secrecy level of data, an amount of data, encryption information regarding the data, codec information regarding the data, and error coding dispersal storage function parameters;
  
  generate a second request to access the secure data in response to receiving the first response, wherein the second request includes the user ID and the at least one object name for the secure data;
  
  transmit, via the interface, the second request to a second DSN access portal;
  
  receive, from the second DSN access portal via the interface, a second response that includes, for the data segment of the secure data, a second set of encoded data slices, wherein the second set of encoded data slices includes less than the reconstruction threshold number of encoded data slices, wherein the second response is based on the security level associated with the user ID, the first response, and the security parameters of the secure data; and
  
  when the first and second sets of encoded data slices include at least the reconstruction threshold number of encoded data slices, decode the first and second sets of encoded data slices to reconstruct the data segment.
- View Dependent Claims (5, 6)
- - 5. The computing device of claim 4, wherein the second request further comprises a representation of the first response.
  - 6. The computing device of claim 4, wherein the hardware processing module further functions to:
    - when the first and second sets of encoded data slices do not include at least the reconstruction threshold number of encoded data slices;
      
      generate a third request to access the secure data in response to receiving the first response and the second response, wherein the third request includes the user ID and the at least one object name for the secure data;
      
      transmit, via the interface, the third request to a third DSN access portal;
      
      receive, from the third DSN access portal via the interface, a third response that includes, for the data segment of the secure data, a third set of encoded data slices, wherein the third set of encoded data slices includes less than the reconstruction threshold number of encoded data slices, wherein the third response is based on the security level associated with the user ID, the first response, the second response, and the security parameters of the secure data; and
      
      when the first, second, and third sets of encoded data slices include at least the reconstruction threshold number of encoded data slices, decode the first, second, and third sets of encoded data slices to reconstruct the data segment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Grube, Gary W., Markison, Timothy W.
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US12/797,165
Publication Number

US 20110078774A1
Time in Patent Office

1,392 Days
Field of Search

726/29, 726/26, 726/27, 726/28, 726/30
US Class Current

726/29
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 2211/1028   Distributed, i.e. distribut...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/202   Interconnection or interact...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

Method and apparatus for accessing secure data in a dispersed storage system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for accessing secure data in a dispersed storage system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links