Method and apparatus for obfuscating slice names in a dispersed storage system

US 9,076,138 B2
Filed: 06/16/2010
Issued: 07/07/2015
Est. Priority Date: 09/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method for execution by a dispersed storage (DS) processing module of a computing device to secure a slice name, the method comprises:

receiving, by an interface of the computing device, a data segment for dispersed storage;

encoding, by the DS processing module of the computing device, the data segment in accordance with an error coding dispersed storage function to produce a plurality of error coded data slices;

generating, by the DS processing module of the computing device, a slice name for an error coded data slice of the plurality of error coded data slices, wherein the slice name includes a dispersed storage routing information section and a data identification section;

performing, by the DS processing module of the computing device, a securing function on at least the data identification section to produce a secure data identification section; and

replacing, by the DS processing module of the computing device, within the slice name, the data identification section with the secure data identification section to produce a secure slice name.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a processing module receiving a data segment for dispersed storage. The method continues with the processing module encoding the data segment in accordance with an error coding dispersed storage function to produce a plurality of error coded data slices. The method continues with the processing module generating a slice name for an error coded data slice of the plurality of error coded data slices, wherein the slice name includes a dispersed storage routing information section and a data identification section. The method continues with the processing module performing a securing function on at least the data identification section to produce a secure data identification section. The method continues with the processing module replacing, within the slice name, the data identification section with the secure data identification section to produce a secure slice name.

93 Citations

View as Search Results

20 Claims

1. A method for execution by a dispersed storage (DS) processing module of a computing device to secure a slice name, the method comprises:
- receiving, by an interface of the computing device, a data segment for dispersed storage;
  
  encoding, by the DS processing module of the computing device, the data segment in accordance with an error coding dispersed storage function to produce a plurality of error coded data slices;
  
  generating, by the DS processing module of the computing device, a slice name for an error coded data slice of the plurality of error coded data slices, wherein the slice name includes a dispersed storage routing information section and a data identification section;
  
  performing, by the DS processing module of the computing device, a securing function on at least the data identification section to produce a secure data identification section; and
  
  replacing, by the DS processing module of the computing device, within the slice name, the data identification section with the secure data identification section to produce a secure slice name.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the performing the securing function comprises calculating a hash of the slice name.
  - 3. The method of claim 1, wherein the performing the securing function comprises performing a deterministic mathematical function on the slice name.
  - 4. The method of claim 1, wherein the data identification section comprises identification of the data segment and a data object, wherein the data segment is one of a plurality of data segments of the data object.
  - 5. The method of claim 1 further comprises:
    - generating, by the DS processing module, slice names for remaining ones of the plurality of error coded data slices to produce a plurality of slice names;
      
      for each of at least a pillar width minus a decode threshold number of the plurality of slice names, securing the slices names by;
      
      performing, by the DS processing module, a securing function on at least the data identification section to produce a secure data identification section; and
      
      replacing, by the DS processing module, the data identification section with the secure data identification section.

6. A method for execution by a dispersed storage (DS) processing module of a computing device, the method comprises:
- receiving, by an interface of the computing device, an access request to a data segment, wherein the data segment is encoded in accordance with an error coding dispersed storage function to produce a plurality of error coded data slices that are stored in a plurality of DS storage units;
  
  generating, by the DS processing module of the computing device, a slice name for an error coded data slice of the plurality of error coded data slices, wherein the slice name includes a dispersed storage routing information section and a data identification section;
  
  performing, by the DS processing module of the computing device, a securing function on at least the data identification section to produce a secure data identification section;
  
  replacing, by the DS processing module of the computing device, within the slice name, the data identification section with the secure data identification section to produce a secure slice name; and
  
  accessing, by the DS processing module of the computing device, the error coded slice based on the secure slice name.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the performing the securing function comprises calculating a hash of the slice name.
  - 8. The method of claim 6, wherein the performing the securing function comprises performing a deterministic mathematical function on the slice name.
  - 9. The method of claim 6, wherein the data identification section comprises identification of the data segment and a data object, wherein the data segment is one of a plurality of data segments of the data object.
  - 10. The method of claim 6 further comprises:
    - generating, by the DS processing module, slice names for remaining ones of the plurality of error coded data slices to produce a plurality of slice names;
      
      for each of at least a decode threshold minus one number of the plurality of slice names, securing the slices names to produce secure slices names by;
      
      performing, by the DS processing module, a securing function on at least the data identification section to produce a secure data identification section; and
      
      replacing, by the DS processing module, the data identification section with the secure data identification section; and
      
      accessing, by the DS processing module, the remaining ones of the plurality of error coded data slices based on the secure slice names.

11. A computing device comprises:
- an interface;
  
  memory; and
  
  a processor operably coupled to the memory, wherein the processor is operable to;
  
  receive, via the interface, a data segment for dispersed storage;
  
  encode the data segment in accordance with an error coding dispersed storage function to produce a plurality of error coded data slices;
  
  generate a slice name for an error coded data slice of the plurality of error coded data slices, wherein the slice name includes a dispersed storage routing information section and a data identification section;
  
  perform a securing function on at least the data identification section to produce a secure data identification section; and
  
  replace, within the slice name, the data identification section with the secure data identification section to produce a secure slice name.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computing device of claim 11, wherein the processor further functions to perform the securing function by calculating a hash of the slice name.
  - 13. The computing device of claim 11, wherein the processor further functions to perform the securing function by performing a deterministic mathematical function on the slice name.
  - 14. The computing device of claim 11, wherein the data identification section includes identification of the data segment and a data object, wherein the data segment is one of a plurality of data segments of the data object.
  - 15. The computing device of claim 11, wherein the processor further functions to:
    - generate slice names for remaining ones of the plurality of error coded data slices to produce a plurality of slice names;
      
      for each of at least a pillar width minus a decode threshold number of the plurality of slice names, secure the slices names by;
      
      performing a securing function on at least the data identification section to produce a secure data identification section; and
      
      replacing the data identification section with the secure data identification section.

16. A computing device comprises:
- an interface;
  
  memory; and
  
  a processor coupled to the memory and the interface, wherein the processor is operable to;
  
  receive, via the interface, an access request to a data segment, wherein the data segment is encoded in accordance with an error coding dispersed storage function to produce a plurality of error coded data slices that are stored in a plurality of DS storage units;
  
  generate a slice name for an error coded data slice of the plurality of error coded data slices, wherein the slice name includes a dispersed storage routing information section and a data identification section;
  
  perform a securing function on at least the data identification section to produce a secure data identification section;
  
  replace, within the slice name, the data identification section with the secure data identification section to produce a secure slice name; and
  
  access, via the interface, the error coded slice based on the secure slice name.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computing device of claim 16, wherein the processor further functions to perform the securing function by calculating a hash of the slice name.
  - 18. The computing device of claim 16, wherein the processor further functions to perform the securing function by performing a deterministic mathematical function on the slice name.
  - 19. The computing device of claim 16, wherein the data identification section includes identification of the data segment and a data object, wherein the data segment is one of a plurality of data segments of the data object.
  - 20. The computing device of claim 16, wherein the processor further functions to:
    - generate slice names for remaining ones of the plurality of error coded data slices to produce a plurality of slice names;
      
      for each of at least a decode threshold minus one number of the plurality of slice names, secure the slices names to produce secure slices names by;
      
      performing a securing function on at least the data identification section to produce a secure data identification section; and
      
      replacing the data identification section with the secure data identification section; and
      
      accessing, via the interface, the remaining ones of the plurality of error coded data slices based on the secure slice names.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Resch, Jason K.
Primary Examiner(s)
Poinvil, Frantzy

Application Number

US12/817,165
Publication Number

US 20110078534A1
Time in Patent Office

1,847 Days
Field of Search

705 3- 44
US Class Current

1/1
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 2211/1028   Distributed, i.e. distribut...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/202   Interconnection or interact...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

Method and apparatus for obfuscating slice names in a dispersed storage system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for obfuscating slice names in a dispersed storage system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links