Authenticating a data access request to a dispersed storage network

US 9,602,496 B2
Filed: 09/02/2015
Issued: 03/21/2017
Est. Priority Date: 08/02/2010
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprises:

sending, by a user device, a plurality of data access requests to storage units, wherein the plurality of data access requests is regarding a set of encoded data slices that are distributedly stored among the storage units, wherein a data segment of data is dispersed error encoded in accordance with dispersed storage error encoding parameters to produce the set of encoded data slices, wherein a write threshold number of encoded data slices of the set of encoded data slices provides successful storage of the data segment within the storage units, and wherein a decode threshold number of encoded data slices of the set of encoded data slices are required to recover the data segment;

sending, by one the storage units, an authentication request to an authenticating module;

forwarding, by the one of the storage units, a verification request to the user device;

forwarding, by the one of the storage units, a verification response to the authenticating module; and

executing, by at least some of the storage units, corresponding ones of the plurality of data access requests when an authentication response of the authenticating module is favorable, wherein the plurality of data access requests corresponds to at least one of the decode threshold number of encoded data slices or the write threshold number of encoded data slices.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes sending, by a user device, a plurality of data access requests to storage units. The method further includes sending, by one the storage units, an authentication request to an authenticating module. The method further includes forwarding, by the one of the storage units, a verification request to the user device. The method further includes forwarding, by the one of the storage units, a verification response to the authenticating module. The method further includes executing, by at least some of the storage units, corresponding ones of the plurality of data access requests when an authentication response of the authenticating module is favorable.

Citations

12 Claims

1. A computer implemented method comprises:
- sending, by a user device, a plurality of data access requests to storage units, wherein the plurality of data access requests is regarding a set of encoded data slices that are distributedly stored among the storage units, wherein a data segment of data is dispersed error encoded in accordance with dispersed storage error encoding parameters to produce the set of encoded data slices, wherein a write threshold number of encoded data slices of the set of encoded data slices provides successful storage of the data segment within the storage units, and wherein a decode threshold number of encoded data slices of the set of encoded data slices are required to recover the data segment;
  
  sending, by one the storage units, an authentication request to an authenticating module;
  
  forwarding, by the one of the storage units, a verification request to the user device;
  
  forwarding, by the one of the storage units, a verification response to the authenticating module; and
  
  executing, by at least some of the storage units, corresponding ones of the plurality of data access requests when an authentication response of the authenticating module is favorable, wherein the plurality of data access requests corresponds to at least one of the decode threshold number of encoded data slices or the write threshold number of encoded data slices.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprises:
    - sending, by the at least some of the storage units, authentication requests to the authenticating module;
      
      forwarding, by the at least some of the storage units, verification requests to the user device;
      
      forwarding, by the at least some of the storage units, verification responses to the authenticating module; and
      
      executing, by the at least some of the storage units, corresponding ones of the plurality of data access requests when authentication responses of the authenticating module are favorable.
  - 3. The method of claim 1 further comprises:
    - when the plurality of data access requests corresponds to writing one or more sets of encoded data slices;
      
      determining a storage priority to be one of cost optimization, reliability optimization, or security optimization;
      
      determining the dispersed storage error encoding parameters based on the storage priority;
      
      encoding the data segment in accordance with the dispersed storage error encoding parameters to produce the set of encoded data slices; and
      
      sending a set of write requests to a set of the storage units to store the set of encoded data slices.
  - 4. The method of claim 1 further comprises:
    - when the plurality of data access requests corresponds to information regarding storage performance;
      
      determining storage performance based on responses from the storage units;
      
      determining that storage expansion is required based on the storage performance;
      
      allocating additional storage;
      
      generating additional encoded data slices for the data segment to produce an expanded set of encoded data slices; and
      
      storing the additional encoded data slices in the additional storage, wherein an updated set of encoded data slices includes the set of encoded data slices and the additional encoded data slices.
  - 5. The method of claim 4, wherein the allocating additional storage comprises one or more of:
    - adding one or more new storage units;
      
      activating one or more dormant storage units; and
      
      allocating memory of another storage unit to a vault, wherein the storage units support the vault.
  - 6. The method of claim 4 further comprises:
    - determining to contract one or more of the storage units; and
      
      when the one or more of the storage units are to be contracted, removing one or more encoded data slices stored in the one or more of the storage units from the updated set of encoded data slices.

7. A non-transitory computer readable storage device comprises:
- a first memory section storing operational instructions that, when executed by a user computing device, causes the user computing device to;
  
  send a plurality of data access requests to storage units, wherein the plurality of data access requests is regarding a set of encoded data slices that are distributedly stored among the storage units, wherein a data segment of data is dispersed error encoded in accordance with dispersed storage error encoding parameters to produce the set of encoded data slices, wherein a write threshold number of encoded data slices of the set of encoded data slices provides successful storage of the data segment within the storage units, and wherein a decode threshold number of encoded data slices of the set of encoded data slices are required to recover the data segment;
  
  a second memory section storing operational instructions that, when executed by one of the storage units, causes the one of the storage units to;
  
  send an authentication request to an authenticating device;
  
  forward a verification request to the user computing device;
  
  forward a verification response to the authenticating device; and
  
  a third memory section storing operational instructions that, when executed by one of the storage units, causes the one of the storage units to;
  
  execute, along with at least some of the storage units, a corresponding one of the plurality of data access requests when an authentication response of the authenticating device is favorable, wherein the plurality of data access requests corresponds to at least one of the decode threshold number of encoded data slices or the write threshold number of encoded data slices.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer readable storage device of claim 7, wherein the second memory section further stores operational instructions that, when executed by the one of the storage units, causes the one of the storage units to:
    - send an authentication request to the authenticating device on behalf of the at least some of the storage units.
  - 9. The non-transitory computer readable storage device of claim 7 further comprises:
    - when the plurality of data access requests corresponds to writing one or more sets of encoded data slices;
      
      a fourth memory section storing operational instructions that, when executed by the authenticating device, causes the authenticating device to;
      
      determine a storage priority to be one of cost optimization, reliability optimization, or security optimization;
      
      determine the dispersed storage error encoding parameters based on the storage priority;
      
      a fifth memory section storing operational instructions that, when executed by the user computing device or another computing device, causes the user computing or the another computing device to;
      
      encoding the data segment in accordance with the dispersed storage error encoding parameters to produce the set of encoded data slices; and
      
      the first memory section further stores operational instructions that, when executed by the user computing device, causes the user computing device to;
      
      send a set of write requests to a set of the storage units to store the set of encoded data slices.
  - 10. The non-transitory computer readable storage device of claim 7 further comprises:
    - when the plurality of data access requests corresponds to information regarding storage performance;
      
      a fourth memory section storing operational instructions that, when executed by the authenticating device, causes the authenticating device to;
      
      determine storage performance based on responses from the storage units;
      
      determine that storage expansion is required based on the storage performance;
      
      allocate additional storage;
      
      a fifth memory section storing operational instructions that, when executed by the user computing device or another computing device, causes the user computing or the another computing device to;
      
      generate additional encoded data slices for the data segment to produce an expanded set of encoded data slices; and
      
      send the additional encoded data slices to the additional storage for storage therein, wherein an updated set of encoded data slices includes the set of encoded data slices and the additional encoded data slices.
  - 11. The non-transitory computer readable storage device of claim 10, wherein the allocate additional storage comprises one or more of:
    - adding one or more new storage units;
      
      activating one or more dormant storage units; and
      
      allocating memory of another storage unit to a vault, wherein the storage units support the vault.
  - 12. The non-transitory computer readable storage device of claim 10 further comprises:
    - a sixth memory section storing operational instructions that, when executed by the authenticating device, causes the authenticating device to;
      
      determine to contract one or more of the storage units; and
      
      when the one or more of the storage units are to be contracted, remove one or more encoded data slices stored in the one or more of the storage units from the updated set of encoded data slices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Resch, Jason K., Leggette, Wesley
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US14/843,022
Publication Number

US 20150381600A1
Time in Patent Office

566 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 21/6218   to a system of files or obj...

G06F 3/0619   in relation to data integri...

G06F 3/064   Management of blocks

G06F 3/0689   Disk arrays, e.g. RAID, JBOD

H04L 1/0045   Arrangements at the receive...

H04L 1/208   involving signal re-encoding

H04L 63/08   for authentication of entit...

H04L 67/1097   for distributed storage of ...

H04W 28/04   Error control

Authenticating a data access request to a dispersed storage network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating a data access request to a dispersed storage network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links