Responding to a maintenance free storage container security threat

US 9,244,770 B2
Filed: 06/20/2012
Issued: 01/26/2016
Est. Priority Date: 07/06/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method for responding to a security threat for a maintenance free storage container, the method comprises:

identifying a security threat for the maintenance free storage container, wherein the maintenance free storage container allows for multiple storage servers of a plurality of storage servers to be in a failure mode without replacement, wherein a set of the storage servers of the plurality of storage servers stores a set of encoded data slices, wherein a data segment of a data object is dispersed storage error encoded to produce the set of encoded data slices, wherein the data segment is recoverable from a decode threshold number of encoded data slices of the set of encoded data slices, and wherein the security threat is regarding integrity of data stored within the maintenance free storage container;

determining a failure mode level that is indicative of whether one or more of the multiple storage servers are in the failure mode;

selecting a security threat countermeasure based on the security threat and the failure mode level; and

implementing the security threat countermeasure.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for responding to a security threat for a maintenance free storage container begins by a dispersed storage (DS) processing module identifying a security threat for the maintenance free storage container, wherein the maintenance free storage container allows for multiple storage servers of a plurality of storage servers to be in a failure mode without replacement. The method continues with the DS processing module determining a failure mode level that is indicative of whether one or more of the multiple storage servers are in the failure mode. The method continues with the DS processing module selecting a security threat countermeasure based on the security threat and the failure mode level. The method continues with the DS processing module implementing the security threat countermeasure.

82 Citations

14 Claims

1. A method for responding to a security threat for a maintenance free storage container, the method comprises:
- identifying a security threat for the maintenance free storage container, wherein the maintenance free storage container allows for multiple storage servers of a plurality of storage servers to be in a failure mode without replacement, wherein a set of the storage servers of the plurality of storage servers stores a set of encoded data slices, wherein a data segment of a data object is dispersed storage error encoded to produce the set of encoded data slices, wherein the data segment is recoverable from a decode threshold number of encoded data slices of the set of encoded data slices, and wherein the security threat is regarding integrity of data stored within the maintenance free storage container;
  
  determining a failure mode level that is indicative of whether one or more of the multiple storage servers are in the failure mode;
  
  selecting a security threat countermeasure based on the security threat and the failure mode level; and
  
  implementing the security threat countermeasure.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the determining the failure mode level of the maintenance free storage container comprises at least one of:
    - determining that one or more storage locations within a first storage server of the plurality of storage servers has failed;
      
      determining that a second storage server of the plurality of storage servers has failed;
      
      determining that a third storage server of the plurality of storage servers is operating at less than a desired storage level but greater than a storage failure level; and
      
      identifying one or more failure impacted storage vaults associated with at least one of the first storage server, the second storage server, and the third storage server.
  - 3. The method of claim 2, wherein the selecting the security threat countermeasure further comprises:
    - deleting a selected number of encoded data slices for one or more sets of encoded data slices of a plurality of sets of encoded data slices corresponding to a storage vault in accordance with the failure mode level of the maintenance free storage container and the one or more failure impacted storage vaults.
  - 4. The method of claim 1 further comprises:
    - indicating a physical security threat type when detecting a physical anomaly condition of the maintenance free storage container; and
      
      selecting a physical security threat type countermeasure.
  - 5. The method of claim 4, wherein the physical security threat type countermeasure comprises one of:
    - migrating at least some data stored in the plurality of storage servers to another maintenance free storage container;
      
      deleting one or more encryption keys utilized to access the data;
      
      deleting at least some of the data stored in the plurality of storage servers; and
      
      deactivating one or more storage servers of the plurality of storage servers.
  - 6. The method of claim 1 further comprises:
    - indicating a data access security threat type when detecting unauthorized access of data from one or more storage servers of the plurality of storage servers; and
      
      selecting a data access security threat type countermeasure.
  - 7. The method of claim 6, wherein the data access security threat type countermeasure comprises one or more of:
    - randomly accessing the data to produce a pseudorandom electromagnetic pattern;
      
      outputting random data in response to a data request from a requesting entity associated with a threat pattern;
      
      migrating at least some data stored in the plurality of storage servers to another maintenance free storage container;
      
      deleting one or more encryption keys utilized to access the data;
      
      deleting at least some of the data stored in the plurality of storage servers; and
      
      deactivating one or more storage servers of the plurality of storage servers.

8. A dispersed storage (DS) module comprises:
- a first module, when operable within a computing device, causes the computing device to;
  
  identify a security threat for a maintenance free storage container, wherein the maintenance free storage container allows for multiple storage servers of a plurality of storage servers to be in a failure mode without replacement, wherein a set of the storage servers of the plurality of storage servers stores a set of encoded data slices, wherein a data segment of a data object is dispersed storage error encoded to produce the set of encoded data slices, wherein the data segment is recoverable from a decode threshold number of encoded data slices of the set of encoded data slices, and wherein the security threat is regarding integrity of data stored within the maintenance free storage container;
  
  a second module, when operable within the computing device, causes the computing device to;
  
  determine a failure mode level that is indicative of whether one or more of the multiple storage servers are in the failure mode; and
  
  a third module, when operable within the computing device, causes the computing device to;
  
  select a security threat countermeasure based on the security threat and the failure mode level; and
  
  implement the security threat countermeasure.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The DS module of claim 8, wherein the second module functions to determine the failure mode level of the maintenance free storage container by least one of:
    - determining that one or more storage locations within a first storage server of the plurality of storage servers has failed;
      
      determining that a second storage server of the plurality of storage servers has failed;
      
      determining that a third storage server of the plurality of storage servers is operating at less than a desired storage level but greater than a storage failure level; and
      
      identifying one or more failure impacted storage vaults associated with at least one of the first storage server, the second storage server, and the third storage server.
  - 10. The DS module of claim 9, wherein the third module further functions to select the security threat countermeasure by:
    - deleting a selected number of encoded data slices for one or more sets of encoded data slices of a plurality of sets of encoded data slices corresponding to a storage vault in accordance with the failure mode level of the maintenance free storage container and the one or more failure impacted storage vaults.
  - 11. The DS module of claim 8 further comprises:
    - the first module further functions to indicate a physical security threat type when detecting a physical anomaly condition of the maintenance free storage container; and
      
      the third module further functions to select a physical security threat type countermeasure.
  - 12. The DS module of claim 11, wherein the physical security threat type countermeasure comprises one of:
    - migrating at least some data stored in the plurality of storage servers to another maintenance free storage container;
      
      deleting one or more encryption keys utilized to access the data;
      
      deleting at least some of the data stored in the plurality of storage servers; and
      
      deactivating one or more storage servers of the plurality of storage servers.
  - 13. The DS module of claim 8 further comprises:
    - the first module further functions to indicate a data access security threat type when detecting unauthorized access of data from one or more storage servers of the plurality of storage servers; and
      
      the third module further functions to select a data access security threat type countermeasure.
  - 14. The DS module of claim 13, wherein the data access security threat type countermeasure comprises one or more of:
    - randomly accessing the data to produce a pseudorandom electromagnetic pattern;
      
      outputting random data in response to a data request from a requesting entity associated with a threat pattern;
      
      migrating at least some data stored in the plurality of storage servers to another maintenance free storage container;
      
      deleting one or more encryption keys utilized to access the data;
      
      deleting at least some of the data stored in the plurality of storage servers; and
      
      deactivating one or more storage servers of the plurality of storage servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Gladwin, S. Christopher, Resch, Jason K., Grube, Gary W., Markison, Timothy W.
Primary Examiner(s)
Hailu, Teshome
Assistant Examiner(s)
Le, Thanh

Application Number

US13/527,881
Publication Number

US 20130014254A1
Time in Patent Office

1,315 Days
Field of Search

726/22
US Class Current

1/1
CPC Class Codes

G06F 11/1084   Degraded mode, e.g. caused ...

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 11/1096   Parity calculation or recal...

G06F 2211/1028   Distributed, i.e. distribut...

G06F 3/0619   in relation to data integri...

G06F 3/064   Management of blocks

G06F 3/067   Distributed or networked st...

Responding to a maintenance free storage container security threat

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Responding to a maintenance free storage container security threat

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links