Authorizing distributed task processing in a distributed storage network

US 9,740,730 B2
Filed: 08/29/2016
Issued: 08/22/2017
Est. Priority Date: 12/12/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprises:

receiving an encoded data slice integrity status request, wherein the encoded data slice integrity status request includes an identifier (ID) of a requesting entity and a requested dispersed storage network (DSN) address range;

determining whether the requesting entity is authorized to send the encoded data slice integrity status request in accordance with a current authorized data integrity verification allocation period;

when the requesting entity is authorized to send the encoded data slice integrity status request, determining whether the requested DSN address range is in accordance with the current authorized data integrity verification allocation period;

when the requested DSN address range is in accordance with the current authorized data integrity verification allocation period;

performing an encoded data slice integrity status evaluation operation in accordance with the encoded data slice integrity status request to produce an encoded data slice integrity status response; and

outputting the encoded data slice integrity status response to the requesting entity; and

when either the requesting entity is not authorized or the requested DSN address range is not in accordance with the current authorized data integrity verification allocation period, indicating that the requesting entity may be compromised.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a distributed storage (DS) processing module transmitting a set of requests to a set of DS units regarding a set of data elements and receiving a set of respective requests from the set of DS units. When the set of respective requests is in accordance with a current distributed task/data responsibility allocation period, the method continues with the DS processing module issuing a set of responses to the set of DS units. The method continues with the DS processing module receiving a set of respective responses from the set of DS units. When the set of received respective responses is in accordance with the current distributed task/data responsibility allocation period, the method continues with the DS processing module processing the set of received respective responses in accordance with the current distributed task/data responsibility allocation period to produce one of a set of results.

112 Citations

8 Claims

1. A method comprises:
- receiving an encoded data slice integrity status request, wherein the encoded data slice integrity status request includes an identifier (ID) of a requesting entity and a requested dispersed storage network (DSN) address range;
  
  determining whether the requesting entity is authorized to send the encoded data slice integrity status request in accordance with a current authorized data integrity verification allocation period;
  
  when the requesting entity is authorized to send the encoded data slice integrity status request, determining whether the requested DSN address range is in accordance with the current authorized data integrity verification allocation period;
  
  when the requested DSN address range is in accordance with the current authorized data integrity verification allocation period;
  
  performing an encoded data slice integrity status evaluation operation in accordance with the encoded data slice integrity status request to produce an encoded data slice integrity status response; and
  
  outputting the encoded data slice integrity status response to the requesting entity; and
  
  when either the requesting entity is not authorized or the requested DSN address range is not in accordance with the current authorized data integrity verification allocation period, indicating that the requesting entity may be compromised.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprises:
    - after performing the encoded data slice integrity status evaluation operation, indicating that the encoded data slice integrity status evaluation operation was performed on the requested DSN address range in accordance with the current authorized data integrity verification allocation period such that a second request from the requesting entity while the current authorized data integrity verification allocation period is active would be determined to be unauthorized.
  - 3. The method of claim 1, wherein the performing the encoded data slice integrity status evaluation operation in accordance with the encoded data slice integrity status request comprises at least one of:
    - when the encoded data slice integrity status request includes a slice list request, generating a list of slice names associated with the requested DSN address range to produce the encoded data slice integrity status response;
      
      when the encoded data slice integrity status request includes a slice list digest request, generating the list of slice names associated with the requested DSN address range and generating a digest of the list of slice names to produce the encoded data slice integrity status response; and
      
      when the encoded data slice integrity status request includes a slice integrity request;
      
      generating at least one slice digest for at least one slice associated with the requested DSN address range;
      
      for each slice digest of the at least one slice digest, comparing a retrieved slice digest to the slice digest to produce comparing results; and
      
      generating the encoded data slice integrity status response to include the comparing results.
  - 4. The method of claim 1 further comprises:
    - obtaining the current authorized data integrity verification allocation period from a trusted source, wherein the current authorized data integrity verification allocation period is a currently active version of one of a plurality of authorized data integrity verification allocation scenarios.

5. A dispersed storage (DS) module comprises:
- a first module, when operable within a computing device, causes the computing device to;
  
  receive an encoded data slice integrity status request, wherein the encoded data slice integrity status request includes an identifier (ID) of a requesting entity and a requested dispersed storage network (DSN) address range;
  
  determine whether the requesting entity is authorized to send the encoded data slice integrity status request in accordance with a current authorized data integrity verification allocation period; and
  
  when the requesting entity is authorized to send the encoded data slice integrity status request, determine whether the requested DSN address range is in accordance with the current authorized data integrity verification allocation period;
  
  a second module, when operable within the computing device, causes the computing device to;
  
  when the requested DSN address range is in accordance with the current authorized data integrity verification allocation period;
  
  perform an encoded data slice integrity status evaluation operation in accordance with the encoded data slice integrity status request to produce an encoded data slice integrity status response; and
  
  output the encoded data slice integrity status response to the requesting entity; and
  
  a third module, when operable within the computing device, causes the computing device to;
  
  when either the requesting entity is not authorized or the requested DSN address range is not in accordance with the current authorized data integrity verification allocation period, indicate that the requesting entity may be compromised.
- View Dependent Claims (6, 7, 8)
- - 6. The DS module of claim 5 further comprises:
    - after performing the encoded data slice integrity status evaluation operation, the second module further functions to indicate that the encoded data slice integrity status evaluation operation was performed on the requested DSN address range in accordance with the current authorized data integrity verification allocation period such that a second request from the requesting entity while the current authorized data integrity verification allocation period is active would be determined to be unauthorized.
  - 7. The DS module of claim 5, wherein the second module functions to perform the encoded data slice integrity status evaluation operation in accordance with the encoded data slice integrity status request by at least one of:
    - when the encoded data slice integrity status request includes a slice list request, generating a list of slice names associated with the requested DSN address range to produce the encoded data slice integrity status response;
      
      when the encoded data slice integrity status request includes a slice list digest request, generating the list of slice names associated with the requested DSN address range and generating a digest of the list of slice names to produce the encoded data slice integrity status response; and
      
      when the encoded data slice integrity status request includes a slice integrity request;
      
      generating at least one slice digest for at least one slice associated with the requested DSN address range;
      
      for each slice digest of the at least one slice digest, comparing a retrieved slice digest to the slice digest to produce comparing results; and
      
      generating the encoded data slice integrity status response to include the comparing results.
  - 8. The DS module of claim 5 further comprises:
    - the first module further functions to obtain the current authorized data integrity verification allocation period from a trusted source, wherein the current authorized data integrity verification allocation period is a currently active version of one of a plurality of authorized data integrity verification allocation scenarios.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Volvovski, Ilya, Resch, Jason K.
Primary Examiner(s)
Jacobs, Lashonda

Application Number

US15/249,800
Publication Number

US 20160364438A1
Time in Patent Office

358 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1044   with specific ECC/EDC distr...

G06F 11/1076   Parity data used in redunda...

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 16/2365   Ensuring data consistency a...

G06F 21/6218   to a system of files or obj...

G06F 2211/1028   Distributed, i.e. distribut...

G06F 9/50   Allocation of resources, e....

G06F 9/5083   Techniques for rebalancing ...

H03M 13/09   Error detection only, e.g. ...

H03M 13/13   Linear codes

H03M 13/1515   Reed-Solomon codes

H04L 67/1097   for distributed storage of ...

Authorizing distributed task processing in a distributed storage network

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Authorizing distributed task processing in a distributed storage network

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links