Dispersed storage network with slice refresh and methods for use therewith

US 9,276,912 B2
Filed: 05/30/2014
Issued: 03/01/2016
Est. Priority Date: 04/20/2009
Status: Active Grant

First Claim

Patent Images

1. A method for use in a pre-data manipulator of a computing device, the method comprising:

determining when a data slice of a dispersed storage network (DSN) is to be refreshed;

when the data slice of a dispersed storage network is to be refreshed, generating a data segment corresponding to the data slice based on a plurality of related slices of the dispersed storage network;

combining the data segment with a sentinel value to generate a combined data segment;

encrypting the combined data segment;

calculating a digest of the encrypted combined data segment;

encrypting an encryption key using the digest to produce a masked key;

appending the masked key to the encrypted combined data segment to generate an encrypted package; and

transmitting at least a portion of the encrypted package to a storage unit of the DSN.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An integrity record is appended to data slices prior to being sent to multiple slice storage units. Each of the data slices includes a different encoded version of the same data segment. An integrity indicator of each data slice is computed, and the integrity record is generated based on each of the individual integrity indicators, and may be, for example, list or a hash of the combined integrity indicators. When retrieving data slices from storage, the integrity record can be stripped off, a new integrity indicator of the data slice calculated, and a new integrity record created. The new integrity record can be compared to the original integrity record, and used to verify the integrity of the data slices.

78 Citations

20 Claims

1. A method for use in a pre-data manipulator of a computing device, the method comprising:
- determining when a data slice of a dispersed storage network (DSN) is to be refreshed;
  
  when the data slice of a dispersed storage network is to be refreshed, generating a data segment corresponding to the data slice based on a plurality of related slices of the dispersed storage network;
  
  combining the data segment with a sentinel value to generate a combined data segment;
  
  encrypting the combined data segment;
  
  calculating a digest of the encrypted combined data segment;
  
  encrypting an encryption key using the digest to produce a masked key;
  
  appending the masked key to the encrypted combined data segment to generate an encrypted package; and
  
  transmitting at least a portion of the encrypted package to a storage unit of the DSN.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein determining when the data slice of the dispersed storage network is to be refreshed is based on a timing parameter.
  - 3. The method of claim 1, wherein determining when the data slice of the dispersed storage network is to be refreshed is based on results of a tampering test.
  - 4. The method of claim 1, wherein generating the data segment corresponding to the data slice includes checking an integrity of the plurality of related slices.
  - 5. The method of claim 1, further comprising:
    - selecting the encryption key based on one or more of;
      
      a security parameter associated with a user vault and a DSN-wide security parameter.
  - 6. The method of claim 1, further comprising:
    - pre-encrypting the data segment using a private key associated with the pre-data manipulator prior to combining the data segment with the sentinel value.
  - 7. The method of claim 1, wherein the sentinel value is based on one or more of:
    - a security parameter associated with a user vault, a dispersed storage network (DSN)-wide security parameter, a unique number associated with the data segment, and an encrypted number;
      
      encrypting the combined data segment using an encryption key to generate an encrypted combined data segment.

8. A processing unit adapted to be coupled to a dispersed storage network (DSN), the processing unit comprising:
- input/output interface circuitry adapted to be coupled to the DSN;
  
  memory; and
  
  a processing module operably coupled to the memory and to the input/output interface circuitry, wherein the processing module is operable to;
  
  determine when a data slice of a dispersed storage network (DSN) is to be refreshed;
  
  when the data slice of the dispersed storage network is to be refreshed, generate a data segment corresponding to the data slice based on a plurality of related slices of the dispersed storage network;
  
  combine the data segment with a sentinel value to generate a combined data segment;
  
  encrypt the combined data segment;
  
  calculate a digest of the encrypted combined data segment;
  
  encrypt an encryption key using the digest to produce a masked key;
  
  append the masked key to the encrypted combined data segment to generate an encrypted package; and
  
  transmit at least a portion of the encrypted package to a storage unit of the DSN.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The processing unit of claim 8, wherein determining when the data slice of the dispersed storage network is to be refreshed is based on a timing parameter.
  - 10. The processing unit of claim 8, wherein determining when the data slice of the dispersed storage network is to be refreshed is based on results of a tampering test.
  - 11. The processing unit of claim 8, wherein generating the data segment corresponding to the data slice includes checking an integrity of the plurality of related slices.
  - 12. The processing unit of claim 8, wherein the processing module is further operable to:
    - select the encryption key based on one or more of;
      
      a security parameter associated with a user vault and a DSN-wide security parameter.
  - 13. The processing unit of claim 8, wherein the processing module is further operable to:
    - pre-encrypt the data segment using a private key associated with the processing unit prior to combining the data segment with the sentinel value.
  - 14. The processing unit of claim 8, wherein the sentinel value is based on one or more of:
    - a security parameter associated with a user vault, a dispersed storage network (DSN)-wide security parameter, a unique number associated with the data segment, and an encrypted number;
      
      encrypting the combined data segment using an encryption key to generate an encrypted combined data segment.

15. A computer readable storage medium comprises:
- at least one memory section that stores operational instructions that, when executed by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), causes the one or more computing devices to;
  
  determine when a data slice of a dispersed storage network (DSN) is to be refreshed;
  
  when the data slice of a dispersed storage network is to be refreshed, generate a data segment corresponding to the data slice based on a plurality of related slices of the dispersed storage network;
  
  combine the data segment with a sentinel value to generate a combined data segment;
  
  encrypt the combined data segment;
  
  calculate a digest of the encrypted combined data segment;
  
  encrypt an encryption key using the digest to produce a masked key;
  
  append the masked key to the encrypted combined data segment to generate an encrypted package; and
  
  transmit at least a portion of the encrypted package to a storage unit of the DSN.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer readable storage medium of claim 15, wherein determining when the data slice of the dispersed storage network is to be refreshed is based on a timing parameter.
  - 17. The computer readable storage medium of claim 15, wherein determining when the data slice of the dispersed storage network is to be refreshed is based on results of a tampering test.
  - 18. The computer readable storage medium of claim 15, wherein generating the data segment corresponding to the data slice includes checking an integrity of the plurality of related slices.
  - 19. The computer readable storage medium of claim 15, wherein the at least one memory section stores further operational instructions that, when executed by the one or more processing modules of the one or more computing devices of the DSN, causes the one or more computing devices to:
    - select the encryption key based on one or more of;
      
      a security parameter associated with a user vault and a DSN-wide security parameter.
  - 20. The computer readable storage medium of claim 15, wherein the at least one memory section stores further operational instructions that, when executed by the one or more processing modules of the one or more computing devices of the DSN, causes the one or more computing devices to:
    - pre-encrypt the data segment using a private key associated with the one or more processing modules prior to combining the data segment with the sentinel value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Resch, Jason K.
Primary Examiner(s)
Jacob, Ajith

Application Number

US14/292,344
Publication Number

US 20140317403A1
Time in Patent Office

641 Days
Field of Search

707/687
US Class Current

1/1
CPC Class Codes

G06F 11/1044   with specific ECC/EDC distr...

G06F 16/1748   De-duplication implemented ...

G06F 16/2365   Ensuring data consistency a...

G06F 21/64   Protecting data integrity, ...

G06F 2211/1028   Distributed, i.e. distribut...

G06F 2211/1059   Parity-single bit-RAID5, i....

H04L 2209/043   of tables, e.g. lookup, sub...

H04L 2209/12   Details relating to cryptog...

H04L 2209/603   Digital right managament [DRM]

H04L 2209/608   Watermarking

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/12   Applying verification of th...

H04L 67/1097   for distributed storage of ...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3236   using cryptographic hash fu...

Dispersed storage network with slice refresh and methods for use therewith

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dispersed storage network with slice refresh and methods for use therewith

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links