公开(公告)号：US20140331086A1

公开(公告)日：2014-11-06

申请号：US14215335

申请日：2014-03-17

Applicant: CLEVERSAFE, INC.

Inventor： Jason K. Resch

IPC: G06F11/14

CPC classification number: G06F11/1458 ,  G06F11/1092 ,  G06F2211/1028

Abstract: A method begins by a dispersed storage (DS) processing module of a dispersed storage network (DSN), when in a rebuilding mode, determining a level of rebuilding urgency, where the level of rebuilding urgency is based on an inversely proportional function of a level of error encoded redundancy for error encoded data giving rise to the rebuilding mode. When the level of rebuilding urgency is at or above a critical level, the method continues with the DS processing module placing a set of storage units of the DSN in a critical rebuilding mode, where, when in the critical rebuilding mode, the set of storage units prioritize rebuilding of the error encoded data giving rise to the rebuilding mode over other error encoded data operations.

Abstract translation: 一种分散存储网络（DSN）的分散存储（DS）处理模块开始的方法，当处于重建模式时，确定重建紧急程度的水平，其中重建紧急程度是基于一个等级的反比例函数 的错误编码数据的错误编码冗余导致重建模式。 当重建紧急程度处于或高于关键水平时，该方法将继续DS处理模块将DSN的一组存储单元放置在关键重建模式中，其中当处于关键重建模式时，该存储集 单元优先重建错误编码数据，导致重建模式超过其他错误编码数据操作。

公开(公告)号：US20140331085A1

公开(公告)日：2014-11-06

申请号：US14331997

申请日：2014-07-15

Applicant: CLEVERSAFE, INC.

Inventor： Greg Dhuse ,  Andrew Baptist ,  Zachary J. Mark ,  Jason K. Resch ,  Ilya Volvovski

IPC: G06F11/10

CPC classification number: G06F11/1092 ,  G06F11/1076 ,  G06F11/2056 ,  G06F2211/1028 ,  G06F2211/104 ,  H04L67/1097 ,  H04L69/40

Abstract: A distributed storage integrity system in a dispersed storage network includes a scanning agent and a control unit. The scanning agent identifies an encoded data slice that requires rebuilding, wherein the encoded data slice is one of a plurality of encoded data slices generated from a data segment using an error encoding dispersal function. The control unit retrieves at least a number T of encoded data slices needed to reconstruct the data segment based on the error encoding dispersal function. The control unit is operable to reconstruct the data segment from at least the number T of the encoded data slices and generate a rebuilt encoded data slice from the reconstructed data segment. The scanning agent is located in a storage unit and the control unit is located in the storage unit or in a storage integrity processing unit, a dispersed storage processing unit or a dispersed storage managing unit.

公开(公告)号：US20140331065A1

公开(公告)日：2014-11-06

申请号：US14331676

申请日：2014-07-15

Applicant: CLEVERSAFE, INC.

Inventor： Jason K. Resch

IPC: G06F12/14 ,  G06F11/20

CPC classification number: G06F21/6227 ,  G06F3/0604 ,  G06F3/0644 ,  G06F3/067 ,  G06F11/10 ,  G06F11/1076 ,  G06F11/2089 ,  G06F12/1408 ,  G06F15/17331 ,  G06F17/30283 ,  G06F21/602 ,  G06F21/6218 ,  G06F21/64 ,  G06F2212/263 ,  G06F2221/2107 ,  H04L9/085 ,  H04L9/0861 ,  H04L2209/24 ,  H04L2209/34

Abstract: A method begins by a dispersed storage (DS) processing module encrypting a data segment utilizing an encryption key to produce an encrypted data segment and performing a deterministic function on the encrypted data to produce a transformed representation of the encrypted data. The method continues with the DS processing module masking the encryption key utilizing the transformed representation of the encrypted data to produce a masked key, partitioning the masked key into a plurality masked key partitions, partitioning the encrypted data segment into a plurality of encrypted data segment partitions, and combining the plurality of masked key partitions with the plurality of encrypted data segment partitions to produce a plurality of combined partitions. For a combined partition of the plurality of combined partitions, the method continues with the DS processing module encoding the combined partition using a dispersed storage error coding function to produce a set of encoded data slices.

Abstract translation: 一种分散存储（DS）处理模块开始的方法是使用加密密钥对数据段进行加密以产生加密的数据段，并对加密数据执行确定性函数，以产生加密数据的变换表示。 该方法继续，DS处理模块利用加密数据的变换表示来掩蔽加密密钥以产生掩蔽密钥，将掩蔽的密钥分割成多个被掩蔽的密钥分区，将加密的数据段划分成多个加密数据段分区 并且将多个被掩蔽的密钥分区与多个加密数据段分区组合以产生多个组合分区。 对于多个组合分区的组合分区，该方法继续使用分散的存储错误编码功能来编码组合分区的DS处理模块以产生一组编码数据分片。

公开(公告)号：US20140330921A1

公开(公告)日：2014-11-06

申请号：US14215542

申请日：2014-03-17

Applicant: CLEVERSAFE, INC.

Inventor： Michael Colin Storm ,  Wesley Leggette ,  Manish Motwani ,  Greg Dhuse ,  Jason K. Resch ,  Andrew Baptist

IPC: H04L29/08

CPC classification number: G06F11/1469 ,  G06F11/1092 ,  G06F11/1448 ,  G06F17/30194 ,  G06F17/30227 ,  G06F2211/1028 ,  H04L67/1097

Abstract: A method begins by each of a group of write requesting modules of a dispersed storage network (DSN) generating one or more sets of write requests regarding one of a group of portions of related data, sending a group of the one or more sets of write requests to DSN memory, and sending binding information to a binding module. The method continues with the binding module processing remaining phases of the group of the one or more sets of write requests for writing the related data into the DSN memory as a single set of write requests and notifying the write requesting modules of status of the writing the related data into the DSN memory at completion of the processing of the remaining phases such that the related data is made accessible as a single piece of data when the processing of the remaining phases is successful.

Abstract translation: 一种分散存储网络（DSN）的一组写请求模块中的每一个从相关数据的一组部分中产生一组或多组写入请求的方法开始，发送一组或多组写入 请求DSN内存，并发送绑定信息到绑定模块。 所述方法继续执行所述绑定模块处理所述一组或多组写入请求组的剩余阶段，以将相关数据作为单个写入请求集合写入所述DSN存储器，并且通知写入请求模块的写入状态 在完成剩余阶段的处理时，相关数据进入DSN存储器，使得相关数据在剩余阶段的处理成功时可作为单个数据可访问。

公开(公告)号：US20140325307A1

公开(公告)日：2014-10-30

申请号：US14327585

申请日：2014-07-10

Applicant: CLEVERSAFE, INC.

Inventor： Jason K. Resch ,  Bart Cilfone ,  Wesley Leggette ,  S. Christopher Gladwin

IPC: G06F11/10 ,  H04L29/08

CPC classification number: G06F11/1076 ,  G06F11/1092 ,  G06F11/2094 ,  G06F2211/1028 ,  G11B5/09 ,  H04L67/1097

Abstract: A method begins by a processing module of a dispersed storage network (DSN) obtaining utilization information regarding a plurality of storage units of the DSN, where first and second sets of storage units support a first logical storage vault. The method continues with the processing module detecting a utilization imbalance between a first storage unit of the first set of storage units and a second storage unit of the second set of storage units based on the utilization information, where the first and second storage units are not a common storage unit. The method continues with the processing module executing a data storage function regarding the first logical storage vault based on the utilization imbalance.

Abstract translation: 一种方法由分散存储网络（DSN）的处理模块开始，获得关于DSN的多个存储单元的使用信息，其中第一和第二组存储单元支持第一逻辑存储库。 该方法继续，处理模块基于利用信息检测第一组存储单元的第一存储单元和第二组存储单元的第二存储单元之间的利用不平衡，其中第一和第二存储单元不是 一个共同的存储单元。 该方法继续处理模块基于利用不平衡执行关于第一逻辑存储库的数据存储功能。

公开(公告)号：US20140325208A1

公开(公告)日：2014-10-30

申请号：US14325604

申请日：2014-07-08

Applicant: CLEVERSAFE, INC.

Inventor： Jason K. Resch ,  Wesley Leggette ,  Andrew Baptist

IPC: H04L29/06

CPC classification number: G06F11/00 ,  G06F3/06 ,  G06F3/0604 ,  G06F3/067 ,  G06F11/1076 ,  G06F11/1446 ,  G06F15/17331 ,  G06F21/33 ,  G06F2211/1028 ,  H04L9/085 ,  H04L9/0863 ,  H04L9/0869 ,  H04L9/321 ,  H04L9/3263 ,  H04L63/0823 ,  H04L2209/04 ,  H04L2209/34

Abstract: A method begins by a dispersed storage (DS) processing module generating a certificate signing request (CSR) that includes a certificate and a certificate extension, wherein the certificate includes information regarding a requesting device and wherein the certificate extension includes information regarding an accessible dispersed storage network (DSN) address range for the requesting device. The method continues with the DS processing module outputting the CSR to a certificate authority of a DSN and receiving a signed certificate from the certificate authority, wherein the signed certificate includes a certification signature of the certificate authority authenticating the certificate and the certificate extension. The method continues with the DS processing module storing the signed certificate for use when generating a DSN access request, wherein the DSN access request is requesting access to dispersed storage error encoded data in the DSN at an address within the accessible DSN address range.

Abstract translation: 一种分散存储（DS）处理模块开始的方法，所述分散存储（DS）处理模块生成包括证书和证书扩展的证书签名请求（CSR），其中证书包括关于请求设备的信息，并且其中证书扩展包括关于可访问的分散存储 网络（DSN）地址范围。 该方法继续，DS处理模块将CSR输出到DSN的证书机构并从认证机构接收签名的证书，其中签名的证书包括认证机构的认证签名以证明证书和证书扩展。 该方法继续存储在生成DSN访问请求时使用的签名证书的DS处理模块，其中DSN访问请求正在以可访问的DSN地址范围内的地址请求访问DSN中的分散的存储错误编码数据。

公开(公告)号：US20140317403A1

公开(公告)日：2014-10-23

申请号：US14292344

申请日：2014-05-30

Applicant: CLEVERSAFE, INC.

Inventor： Jason K. Resch

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0428 ,  G06F11/1044 ,  G06F17/30156 ,  G06F17/30371 ,  G06F21/64 ,  G06F2211/1028 ,  G06F2211/1059 ,  H04L9/085 ,  H04L9/3236 ,  H04L63/12 ,  H04L67/1097 ,  H04L2209/043 ,  H04L2209/12 ,  H04L2209/603 ,  H04L2209/608 ,  H04L2209/80

Abstract: An integrity record is appended to data slices prior to being sent to multiple slice storage units. Each of the data slices includes a different encoded version of the same data segment. An integrity indicator of each data slice is computed, and the integrity record is generated based on each of the individual integrity indicators, and may be, for example, list or a hash of the combined integrity indicators. When retrieving data slices from storage, the integrity record can be stripped off, a new integrity indicator of the data slice calculated, and a new integrity record created. The new integrity record can be compared to the original integrity record, and used to verify the integrity of the data slices.

Abstract translation: 在将数据片段发送到多个片段存储单元之前，将完整性记录附加到数据片段。 每个数据切片都包含相同数据段的不同编码版本。 计算每个数据切片的完整性指示符，并且基于每个单独完整性指示符生成完整性记录，并且可以是例如组合的完整性指示符的列表或散列。 从存储中检索数据片段时，完整性记录可以被剥离，计算出数据片段的新的完整性指标，并创建新的完整性记录。 新的完整性记录可以与原始完整性记录进行比较，并用于验证数据切片的完整性。

公开(公告)号：US20140317226A1

公开(公告)日：2014-10-23

申请号：US14319282

申请日：2014-06-30

Applicant: CLEVERSAFE, INC.

Inventor： Jason K. Resch ,  Gary W. Grube ,  Timothy W. Markison

IPC: H04L29/08

CPC classification number: H04L67/1097 ,  G06F11/00 ,  G06F11/08 ,  G06F11/1076 ,  G06F17/30194 ,  G06F21/60 ,  G06F21/62 ,  G06F2211/1028 ,  G06F2221/2137 ,  G06F2221/2141 ,  H04L29/08549 ,  H04L63/10 ,  H04L63/108 ,  H04L2012/6467

Abstract: A method begins with a processing module receiving a data retrieval request and obtaining a real-time indicator corresponding to when the data retrieval request was received. The method continues with the processing module determining a time-based data access policy based on the data retrieval request and the real-time indicator and accessing a plurality of dispersed storage (DS) units in accordance with the time-based data access policy to retrieve encoded data slices. The method continues with the processing module decoding the threshold number of encoded data slices in accordance with an error coding dispersal storage function when a threshold number of the encoded data slices have been retrieved.

Abstract translation: 方法开始于处理模块接收数据检索请求并获得对应于何时接收到数据检索请求的实时指示符。 该方法继续处理模块基于数据检索请求和实时指示符确定基于时间的数据访问策略，并且根据基于时间的数据访问策略访问多个分散存储（DS）单元以检索 编码数据切片。 当已经检索到阈值数量的编码数据片时，该方法继续处理模块根据错误编码分散存储功能来解码编码数据片的阈值数。

公开(公告)号：US20140310492A1

公开(公告)日：2014-10-16

申请号：US14315842

申请日：2014-06-26

Applicant: CLEVERSAFE, INC.

Inventor： Manish Motwani ,  Jason K. Resch

IPC: G06F3/06

CPC classification number: G06F11/1464 ,  G06F3/0617 ,  G06F3/0619 ,  G06F3/0635 ,  G06F3/065 ,  G06F3/067 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/1076 ,  G06F11/2038 ,  G06F11/2048 ,  G06F11/2094 ,  G06F17/30867 ,  G06F2201/80 ,  G06F2211/1028 ,  H04L63/10 ,  H04L67/1097

Abstract: A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules.

Abstract translation: 一种方法开始于处理模块选择多个分散存储（DS）处理模块之一，以便于访问分散的存储网络（DSN）存储器。 该方法继续处理模块向多个DS处理模块之一发送DSN存储器访问请求。 当在给定时间帧内没有接收到响应或当对该访问请求的响应不包括访问指示时，该方法继续处理模块选择多个DS处理模块中的另一个。 该方法继续处理模块将DSN存储器访问请求发送到多个DS处理模块中的另一个。

公开(公告)号：US20140304527A1

公开(公告)日：2014-10-09

申请号：US14312550

申请日：2014-06-23

Applicant: CLEVERSAFE, INC.

Inventor： Gary W. Grube ,  Timothy W. Markison ,  S. Christopher Gladwin ,  Jason K. Resch ,  Wesley Leggette ,  Andrew Baptist

IPC: G06F21/62

CPC classification number: G06F21/6218 ,  G06F11/1076 ,  G06F11/1453 ,  G06F11/1464 ,  G06F21/64 ,  G06F2211/1028 ,  H04L9/3236 ,  H04L2209/34 ,  H04L2209/603

Abstract: A method for improving memory utilization in a dispersed storage network (DSN). After a data object is received for storage in the DSN, it is determined whether a substantially identical data portion of the data object has previously been encrypted and stored. The determination may be made, for example, by comparing a portion reference value relating to the data object to portion reference information stored in DSN memory. If not detected, the data object is encrypted using an encryption pattern sequence and encryption key, at least one of which substantially identical to at least a portion of the data portion. The encrypted data object is then compressed using a pattern based data compression function, and the compressed data object is stored. The portion reference value is also stored in DSN memory.

Abstract translation: 一种提高分散存储网络（DSN）内存利用率的方法。 在接收到用于存储在DSN中的数据对象之后，确定数据对象的基本上相同的数据部分是否先前已被加密和存储。 可以例如通过将与数据对象相关的部分参考值与存储在DSN存储器中的部分参考信息进行比较来进行确定。 如果未检测到，则使用加密模式序列和加密密钥对数据对象进行加密，其中至少一个基本上与数据部分的至少一部分相同。 然后使用基于模式的数据压缩功能来压缩加密的数据对象，并存储压缩的数据对象。 部分参考值也存储在DSN存储器中。