Acquiring a trusted set of encoded data slices

US 8,839,368 B2
Filed: 10/09/2012
Issued: 09/16/2014
Est. Priority Date: 11/01/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprises:

receiving, in response to a data segment access request, a decode threshold number of encoded data slices, wherein a data segment of data is encoded using a dispersed storage error coding function to produce a set of encoded data slices and wherein the decode threshold number of encoded data slices is a subset of the set of encoded data slices;

determining whether to evoke a trust verification function after receiving the decode threshold number of encoded data slices;

when the trust verification function is to be evoked, selecting one or more encoded data slices of the set of encoded data slices for trust verification to produce one or more selected encoded data slices;

sending, to a trusted source, a request to receive the one or more selected encoded data slices; and

when the one or more selected encoded data slices are received from the trusted source, determining that a trusted set of encoded data slices is available based on the decode threshold number of encoded data slices and the received one or more selected encoded data slices.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a dispersed storage (DS) processing module receiving a decode threshold number of encoded data slices of a set of encoded data slices. The method continues with the DS processing module determining whether to evoke a trust verification function and when the trust verification function is to be evoked, selecting one or more encoded data slices of the set of encoded data slices for trust verification to produce one or more selected encoded data slices. The method continues with the DS processing module sending, to a trusted source, a request to receive the one or more selected encoded data slices and when the one or more selected encoded data slices are received from the trusted source, determining that a trusted set of encoded data slices is available based on the decode threshold number of encoded data slices and the received one or more selected encoded data slices.

Citations

16 Claims

1. A method comprises:
- receiving, in response to a data segment access request, a decode threshold number of encoded data slices, wherein a data segment of data is encoded using a dispersed storage error coding function to produce a set of encoded data slices and wherein the decode threshold number of encoded data slices is a subset of the set of encoded data slices;
  
  determining whether to evoke a trust verification function after receiving the decode threshold number of encoded data slices;
  
  when the trust verification function is to be evoked, selecting one or more encoded data slices of the set of encoded data slices for trust verification to produce one or more selected encoded data slices;
  
  sending, to a trusted source, a request to receive the one or more selected encoded data slices; and
  
  when the one or more selected encoded data slices are received from the trusted source, determining that a trusted set of encoded data slices is available based on the decode threshold number of encoded data slices and the received one or more selected encoded data slices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprises:
    - receiving the decode threshold number of encoded data slices via a private wireless communication network;
      
      sending the request to the trusted source via a public wireless communication network or the private wireless communication network; and
      
      receiving the one or more selected encoded data slices via the public wireless communication network.
  - 3. The method of claim 1, wherein the determining whether to evoke the trust verification function comprises at least one of:
    - an automated process that is triggered upon receiving the decode threshold number of encoded data slices; and
      
      determining that at least one of the decode threshold number of encoded data slices is of questionable trustworthiness.
  - 4. The method of claim 3, wherein the determining that at least one of the decode threshold number of encoded data slices is of questionable trustworthiness comprises at least one of:
    - detecting an integrity verification failure of the at least one of the decode threshold number of encoded data slices;
      
      detecting a time delay in receiving the at least one of the decode threshold number of encoded data slices;
      
      decoding the decode threshold number of encoded data slices yields an error in reproducing the data segment;
      
      detecting a communication path variance of the at least one of the decode threshold number of encoded data slices; and
      
      detecting a time stamp variance of the at least one of the decode threshold number of encoded data slices.
  - 5. The method of claim 1, wherein the selecting one or more encoded data slices comprises at least one of:
    - an automated process that selects the one or more encoded data slices after evoking the trust verification function; and
      
      selecting the one or more encoded data slices based on questionable trustworthiness of at least one of the decode threshold number of encoded data slices.
  - 6. The method of claim 1 further comprises:
    - receiving, in response to the request, a message from the trusted source indicating that the decode threshold number of encoded data slices is not to be trusted.
  - 7. The method of claim 1, wherein the determining that the trusted set of encoded data slices is available comprises at least one of:
    - decoding different combinations of the decode threshold number of encoded data slices and the received one or more selected encoded data slices, wherein each different decoding combination reproduces the data segment; and
      
      comparing a trusted data segment integrity value with a calculated data segment integrity value that is derived from decoding the decode threshold number of encoded data slices and the received one or more selected encoded data slices.
  - 8. The method of claim 1 further comprises:
    - when the trusted set of encoded data slices is available, decoding the trusted set of encoded data slices to reproduce a trusted data segment.

9. A dispersed storage (DS) module comprises:
- a first module, when operable within a computing device, causes the computing device to;
  
  receive, in response to a data segment access request, a decode threshold number of encoded data slices, wherein a data segment of data is encoded using a dispersed storage error coding function to produce a set of encoded data slices and wherein the decode threshold number of encoded data slices is a subset of the set of encoded data slices;
  
  a second module, when operable within the computing device, causes the computing device to;
  
  determine whether to evoke a trust verification function after receiving the decode threshold number of encoded data slices; and
  
  when the trust verification function is to be evoked, select one or more encoded data slices of the set of encoded data slices for trust verification to produce one or more selected encoded data slices; and
  
  a third module, when operable within the computing device, causes the computing device to;
  
  send, to a trusted source, a request to receive the one or more selected encoded data slices; and
  
  when the one or more selected encoded data slices are received from the trusted source, determine that a trusted set of encoded data slices is available based on the decode threshold number of encoded data slices and the received one or more selected encoded data slices.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The DS module of claim 9 further comprises:
    - the first module further functions to receive the decode threshold number of encoded data slices via a private wireless communication network;
      
      the third module further functions to;
      
      send the request to the trusted source via a public wireless communication network or the private wireless communication network; and
      
      receive the one or more selected encoded data slices via the public wireless communication network.
  - 11. The DS module of claim 9, wherein the second module functions to determine whether to evoke the trust verification function by at least one of:
    - an automated process that is triggered upon receiving the decode threshold number of encoded data slices; and
      
      determining that at least one of the decode threshold number of encoded data slices is of questionable trustworthiness.
  - 12. The DS module of claim 11, wherein the second module functions to determine that at least one of the decode threshold number of encoded data slices is of questionable trustworthiness by at least one of:
    - detecting an integrity verification failure of the at least one of the decode threshold number of encoded data slices;
      
      detecting a time delay in receiving the at least one of the decode threshold number of encoded data slices;
      
      decoding the decode threshold number of encoded data slices yields an error in reproducing the data segment;
      
      detecting a communication path variance of the at least one of the decode threshold number of encoded data slices; and
      
      detecting a time stamp variance of the at least one of the decode threshold number of encoded data slices.
  - 13. The DS module of claim 9, wherein the second module functions to select one or more encoded data slices by at least one of:
    - an automated process that selects the one or more encoded data slices after evoking the trust verification function; and
      
      selecting the one or more encoded data slices based on questionable trustworthiness of at least one of the decode threshold number of encoded data slices.
  - 14. The DS module of claim 9 further comprises:
    - the third module further functions to receive, in response to the request, a message from the trusted source indicating that the decode threshold number of encoded data slices is not to be trusted.
  - 15. The DS module of claim 9, wherein the third module functions to determine that the trusted set of encoded data slices is available by at least one of:
    - decoding different combinations of the decode threshold number of encoded data slices and the received one or more selected encoded data slices, wherein each different decoding combination reproduces the data segment; and
      
      comparing a trusted data segment integrity value with a calculated data segment integrity value that is derived from decoding the decode threshold number of encoded data slices and the received one or more selected encoded data slices.
  - 16. The DS module of claim 9 further comprises:
    - when the trusted set of encoded data slices is available, the third module further functions to decode the trusted set of encoded data slices to reproduce a trusted data segment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Grube, Gary W., Markison, Timothy W.
Primary Examiner(s)
Smithers, Matthew

Application Number

US13/647,533
Publication Number

US 20130111552A1
Time in Patent Office

707 Days
Field of Search

726/3
US Class Current

726/3
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 11/10   Adding special bits or symb...

G06F 11/1012   using codes or arrangements...

G06F 11/1076   Parity data used in redunda...

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 2211/1028   Distributed, i.e. distribut...

G06F 3/0619   in relation to data integri...

G06F 3/064   Management of blocks

G06F 3/067   Distributed or networked st...

H04L 1/0057   Block codes H04L1/0061, H04...

H04L 2001/0092   Error control systems chara...

H04L 63/08   for authentication of entit...

H04L 67/1097   for distributed storage of ...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

Acquiring a trusted set of encoded data slices

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Acquiring a trusted set of encoded data slices

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links