Controlling access in a dispersed storage network
First Claim
1. A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method comprises:
- receiving, by a set of storage units, a plurality of sets of access requests from a plurality of requesting devices, wherein a requesting device of the plurality of requesting device generates a set of access requests of the plurality of sets of access requests regarding a particular type of data access;
for a first storage unit of the set of storage units;
receiving a first access request from each set of access requests of the plurality of access requests to produce a group of first access requests;
extracting a unique identifier from each first access request of the group of first access requests to produce a first group of unique identifiers;
for a unique identifier of the first group of unique identifiers, performing a deterministic function on the unique identifier to produce a first obfuscated identifier;
seeking a first obfuscated access permissions list based on the first obfuscated identifier;
when the first obfuscated access permissions list is found based on the first obfuscated identifier, recovering first access permissions from the first obfuscated access permissions list based on the first obfuscated identifier for a first requesting device of the plurality of requesting devices associated with the unique identifier of the first group of unique identifiers; and
processing the first access request for the first requesting device based on the recovered first access permissions; and
receiving, by the plurality of requesting devices, a set of access responses from the set of storage units for each set of access requests of the plurality of access requests for which a corresponding requesting device had favorable access permissions with at least a threshold number of storage units of the set of storage units.
4 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a set of storage units of a dispersed storage network (DSN) receiving a set of access requests from a requesting device. The method continues with a first storage unit extracting a unique identifier from a first access request, performing a deterministic function on the unique identifier to produce a first obfuscated identifier, seeking a first obfuscated access permissions list, recovering first access permissions from the first obfuscated access permissions list, and processing the first access request based on the recovered first access permissions. The method continues with the requesting device receiving a set of access responses from the set of storage units for the set of access requests for which the requesting device had favorable access permissions with at least a threshold number of storage units.
-
Citations
18 Claims
-
1. A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method comprises:
-
receiving, by a set of storage units, a plurality of sets of access requests from a plurality of requesting devices, wherein a requesting device of the plurality of requesting device generates a set of access requests of the plurality of sets of access requests regarding a particular type of data access; for a first storage unit of the set of storage units; receiving a first access request from each set of access requests of the plurality of access requests to produce a group of first access requests; extracting a unique identifier from each first access request of the group of first access requests to produce a first group of unique identifiers; for a unique identifier of the first group of unique identifiers, performing a deterministic function on the unique identifier to produce a first obfuscated identifier; seeking a first obfuscated access permissions list based on the first obfuscated identifier; when the first obfuscated access permissions list is found based on the first obfuscated identifier, recovering first access permissions from the first obfuscated access permissions list based on the first obfuscated identifier for a first requesting device of the plurality of requesting devices associated with the unique identifier of the first group of unique identifiers; and processing the first access request for the first requesting device based on the recovered first access permissions; and receiving, by the plurality of requesting devices, a set of access responses from the set of storage units for each set of access requests of the plurality of access requests for which a corresponding requesting device had favorable access permissions with at least a threshold number of storage units of the set of storage units. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable storage medium comprises:
-
at least one memory section that stores operational instructions that, when executed by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), causes the one or more computing devices to; receive, by a set of storage units, a plurality of sets of access requests from a plurality of requesting devices, wherein a requesting device of the plurality of requesting device generates a set of access requests of the plurality of sets of access requests regarding a particular type of data access; for a first storage unit of the set of storage units; receive a first access request from each set of access requests of the plurality of access requests to produce a group of first access requests; extract a unique identifier from each first access request of the group of first access requests to produce a first group of unique identifiers; for a unique identifier of the first group of unique identifiers, perform a deterministic function on the unique identifier to produce a first obfuscated identifier; seek a first obfuscated access permissions list based on the first obfuscated identifier; when the first obfuscated access permissions list is found based on the first obfuscated identifier, recover first access permissions from the first obfuscated access permissions list based on the first obfuscated identifier for a first requesting device of the plurality of requesting devices associated with the unique identifier of the first group of unique identifiers; and process the first access request for the first requesting device based on the recovered first access permissions; and receive, by the plurality of requesting devices, a set of access responses from the set of storage units for each set of access requests of the plurality of access requests for which a corresponding requesting device had favorable access permissions with at least a threshold number of storage units of the set of storage units. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification