Authenticating a data access request to a dispersed storage network

US 9,143,499 B2
Filed: 01/06/2014
Issued: 09/22/2015
Est. Priority Date: 08/02/2010
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable storage medium comprises:

a first memory section storing operational instructions that, when executed by a data access module of a dispersed storage network (DSN), causes the data access module to;

send a data access request to a data storage module of the DSN;

a second memory section storing operational instructions that, when executed by the data storage module, causes the data storage module to;

send an authentication request to an authenticating module of the DSN, wherein the authentication request includes at least a portion of the data access request;

a third memory section storing operational instructions that, when executed by the authenticating module, causes the authenticating module to;

output a verification request destined for a data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request;

the first memory section further storing operational instructions that, when executed by the data access module, causes the data access module to;

output a verification response destined for the authenticating module, wherein the verification response includes a modified verification code that is generated based on the verification code and a credential;

the third memory section further storing operational instructions that, when executed by the authenticating module, causes the authenticating module to;

output an authentication response to the data storage module, wherein the authentication response is generated based on the verification response; and

the second memory section further storing operational instructions that, when executed by the data storage module, causes the data storage module to;

facilitate the data access request when the authentication response is favorable.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a data accessing module of a dispersed storage network (DSN) sending a data access request to a data storage module. The method continues with the data storage module sending an authentication request to an authenticating module. The method continues with the authenticating module outputting a verification request destined for the data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request. The method continues with the data accessing module outputting a verification response that includes a modified verification code that is generated based on the verification code and a credential. The method continues with the authenticating module outputting an authentication response to the data storage module, wherein the authentication response is generated based on the verification response. The method continues with the data storage module facilitating the data access request when the authentication response is favorable.

Citations

15 Claims

1. A non-transitory computer readable storage medium comprises:
- a first memory section storing operational instructions that, when executed by a data access module of a dispersed storage network (DSN), causes the data access module to;
  
  send a data access request to a data storage module of the DSN;
  
  a second memory section storing operational instructions that, when executed by the data storage module, causes the data storage module to;
  
  send an authentication request to an authenticating module of the DSN, wherein the authentication request includes at least a portion of the data access request;
  
  a third memory section storing operational instructions that, when executed by the authenticating module, causes the authenticating module to;
  
  output a verification request destined for a data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request;
  
  the first memory section further storing operational instructions that, when executed by the data access module, causes the data access module to;
  
  output a verification response destined for the authenticating module, wherein the verification response includes a modified verification code that is generated based on the verification code and a credential;
  
  the third memory section further storing operational instructions that, when executed by the authenticating module, causes the authenticating module to;
  
  output an authentication response to the data storage module, wherein the authentication response is generated based on the verification response; and
  
  the second memory section further storing operational instructions that, when executed by the data storage module, causes the data storage module to;
  
  facilitate the data access request when the authentication response is favorable.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer readable storage medium of claim 1, wherein the second memory section further stores operational instructions that, when executed by the data storage module, causes the data storage module to send the authentication request further by:
    - identifying the authenticating module for the data accessing module based on the data access request.
  - 3. The non-transitory computer readable storage medium of claim 1, wherein the data access request comprises one or more of:
    - a read request;
      
      a write request;
      
      a list request;
      
      a delete request; and
      
      an edit request.
  - 4. The non-transitory computer readable storage medium of claim 1 further comprises:
    - the third memory section further storing operational instructions that, when executed by the authenticating module, causes the authenticating module to output the verification request by;
      
      sending the verification request to the data storage module; and
      
      the second memory section further storing operational instructions that, when executed by the data storage module, causes the data storage module to;
      
      forward the verification request to the data accessing module.
  - 5. The non-transitory computer readable storage medium of claim 1 further comprises:
    - the first memory section further storing operational instructions that, when executed by the data access module, causes the data access module to output the verification response by;
      
      sending the verification response to the data storage module; and
      
      the second memory section further storing operational instructions that, when executed by the data storage module, causes the data storage module to;
      
      forward the verification response to the authenticating module.
  - 6. The non-transitory computer readable storage medium of claim 1, wherein the first memory section further storing operational instructions that, when executed by the data access module, causes the data access module to generate the modified verification code by:
    - performing a verifying function on the verification code and the credential to produce the modified verification code.
  - 7. The non-transitory computer readable storage medium of claim 1, wherein the third memory section further storing operational instructions that, when executed by the authenticating module, causes the authenticating module to generate the authentication response by:
    - performing a verifying function on the verification code and a reference credential to produce a reference verification code;
      
      comparing the modified verification code with the reference verification code; and
      
      when the comparison is favorable, generating the authentication response to indicate a favorable authentication.

8. A computer implemented method comprises:
- receiving, from a storage unit, an authentication request regarding a data access request by a device of a dispersed storage network (DSN);
  
  verifying that the device is authorized to access the storage unit per the data access request; and
  
  sending an authorization response to the storage unit regarding the device'"'"'s authorization to access the storage unit per the data access request.
- View Dependent Claims (9, 10, 11)
- - 9. The computer implemented method of claim 8, wherein the verifying that the device is authorized comprises:
    - sending, to the device, a verification request destined for a data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request;
      
      receiving, from the device, a verification response destined for an authenticating module, wherein the verification response includes a modified verification code that is generated based on the verification code and a credential;
      
      performing a verifying function on the verification code and a reference credential to produce a reference verification code;
      
      comparing the modified verification code with the reference verification code; and
      
      when the comparison is favorable, generating the authentication response to indicate a favorable authentication.
  - 10. The computer implemented method of claim 9, wherein the sending the verification request comprises:
    - sending the verification request to the storage unit; and
      
      requesting forwarding of the verification request by the storage unit to the device.
  - 11. The computer implemented method of claim 9, wherein the receiving the verification receiving comprises:
    - receiving the verification response from the storage unit, which is forwarding the verification response from the device.

12. A non-transitory computer readable storage medium comprises:
- a first memory section storing operational instructions that, when executed by a processing module of a dispersed storage network (DSN), causes the processing module to;
  
  receive, from a storage unit, an authentication request regarding a data access request by a device of a dispersed storage network (DSN);
  
  a second memory section storing operational instructions that, when executed by the processing module, causes the processing module to;
  
  verify that the device is authorized to access the storage unit per the data access request; and
  
  a third memory section storing operational instructions that, when executed by the processing module, causes the processing module to;
  
  send an authorization response to the storage unit regarding the device'"'"'s authorization to access the storage unit per the data access request.
- View Dependent Claims (13, 14, 15)
- - 13. The non-transitory computer readable storage medium of claim 12, wherein the second memory section storing operational instructions that, when executed by the processing module, causes the processing module to verify that the device is authorized by:
    - sending, to the device, a verification request destined for a data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request;
      
      receiving, from the device, a verification response destined for an authenticating module, wherein the verification response includes a modified verification code that is generated based on the verification code and a credential;
      
      performing a verifying function on the verification code and a reference credential to produce a reference verification code;
      
      comparing the modified verification code with the reference verification code; and
      
      when the comparison is favorable, generating the authentication response to indicate a favorable authentication.
  - 14. The non-transitory computer readable storage medium of claim 13, wherein the second memory section storing operational instructions that, when executed by the processing module, causes the processing module to send the verification request by:
    - sending the verification request to the storage unit; and
      
      requesting forwarding of the verification request by the storage unit to the device.
  - 15. The non-transitory computer readable storage medium of claim 13, wherein the second memory section storing operational instructions that, when executed by the processing module, causes the processing module to receive the verification receiving by:
    - receiving the verification response from the storage unit, which is forwarding the verification response from the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Resch, Jason K., Leggette, Wesley
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US14/148,198
Publication Number

US 20140123244A1
Time in Patent Office

624 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 21/6218   to a system of files or obj...

G06F 3/0619   in relation to data integri...

G06F 3/064   Management of blocks

G06F 3/0689   Disk arrays, e.g. RAID, JBOD

H04L 1/0045   Arrangements at the receive...

H04L 1/208   involving signal re-encoding

H04L 63/08   for authentication of entit...

H04L 67/1097   for distributed storage of ...

H04W 28/04   Error control

Authenticating a data access request to a dispersed storage network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating a data access request to a dispersed storage network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links