公开(公告)号：US12010229B2

公开(公告)日：2024-06-11

申请号：US17329604

申请日：2021-05-25

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Vaijayanthimala K. Anand ,  Wesley Leggette ,  Akila Srinivasan ,  Bruno Henriques ,  Cameron Paul Kurotori

IPC分类号： H04L9/14 ,  G06F9/54 ,  H04L9/08

CPC分类号： H04L9/0894 ,  G06F9/546 ,  H04L9/14

摘要： Systems and methods for enforcing durability of second level encryption keys by a key management system (KMS) are provided. In embodiment, a method includes: receiving a first request to encrypt a first level key, the request including the first level key and a second level key identification associated with a stored encrypted second level key; determining that a durability check of the encrypted second level key is required based on the request; determining a durability status of the encrypted second level key by comparing actual storage of the encrypted second level key in one or more storage locations with predetermined storage rules for a durability level of the encrypted second level key, wherein the durability status indicates that the storage of the encrypted second level key complies with the durability level; and sending a notification regarding the durability status to the data storage service.

公开(公告)号：US10705923B2

公开(公告)日：2020-07-07

申请号：US16185573

申请日：2018-11-09

申请人： International Business Machines Corporation

发明人： Jason K. Resch ,  Wesley Leggette

IPC分类号： H04L29/06 ,  G06F11/14 ,  G06F16/9535 ,  G06F3/06 ,  H04L29/08 ,  G06F16/172 ,  G06F11/07 ,  G06F11/20 ,  G06F11/10

摘要： A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules.

公开(公告)号：US10387213B2

公开(公告)日：2019-08-20

申请号：US16113437

申请日：2018-08-27

申请人： International Business Machines Corporation

发明人： Wesley Leggette ,  Jason K. Resch

IPC分类号： G07B15/02 ,  G06F9/50 ,  G06F21/60 ,  H04L29/08 ,  G06F11/10 ,  H04L29/06 ,  G06F21/62 ,  G06F11/14 ,  G06F11/20 ,  H03M13/09 ,  H03M13/15 ,  G06F3/06

摘要： A method includes creating a file directory entry in a directory file of a secure hierarchical file directory system for a file. The file directory entry includes a path name, an encryption access control list, and a source name. The file is encrypted with a key and the key is encrypted with each public key of user devices authorized to access the file. The encryption access control list includes identities of the set of user devices and the set of object content keys. The method further includes encrypting the directory file using a second key. The method further includes generating second object content keys based on the second key and public keys of second user devices authorized to access the directory file. The method further includes creating a next level directory file entry in a next higher directory file of the secure hierarchical file directory system for the directory file.

公开(公告)号：US10353620B2

公开(公告)日：2019-07-16

申请号：US15827155

申请日：2017-11-30

申请人： International Business Machines Corporation

发明人： Wesley Leggette ,  Manish Motwani ,  Brian F. Ober ,  Jason Resch ,  Patrick A. Tamborski

IPC分类号： G06F3/06

摘要： Aspects of the present invention disclose a method, computer program product, and system for determining drive health. The method includes one or more processors aggregating health data information associated with one or more memory devices in a dispersed storage network, where aggregating the health data information includes determining trends of the health data information on the dispersed storage network. The method further includes one or more processors determining health status of the dispersed storage network, where the health status is a function of the aggregated health data information associated with memory devices of the dispersed storage network. The method further includes one or more processors determining an action to execute on the dispersed storage network based on the determined health status of the dispersed storage network, wherein the action includes altering activity of the one or more memory devices on the dispersed storage network.

公开(公告)号：US20190034274A1

公开(公告)日：2019-01-31

申请号：US16138753

申请日：2018-09-21

申请人： International Business Machines Corporation

发明人： Andrew D. Baptist ,  Wesley Leggette ,  Jason K. Resch

IPC分类号： G06F11/10 ,  G06F3/06 ,  H04L29/06 ,  H04L29/08

摘要： A method includes sending, by a computing device of a dispersed storage network (DSN), a set of write request messages to a set of storage units of the DSN regarding a plurality of sets of encoded data slices. The method continues by receiving, from a first storage unit, a first write response message including a group of status messages, which indicate whether a corresponding revision level of each of the first encoded data slices is a next revision level in accordance with a current revision level. The method continues by interpreting the group of status messages to determine whether an encoded data slice of first encoded data slices has a revision level error. When the error, the method continues by flagging the encoded data slices for a rollback message and when no error, the method continues by flagging each encoded data slice for a write commit message.

公开(公告)号：US10108493B2

公开(公告)日：2018-10-23

申请号：US15242858

申请日：2016-08-22

申请人： International Business Machines Corporation

发明人： Ilya Volvovski ,  S. Christopher Gladwin ,  Gary W. Grube ,  Timothy W. Markison ,  Jason K. Resch ,  Thomas Franklin Shirley, Jr. ,  Greg Dhuse ,  Manish Motwani ,  Andrew Baptist ,  Wesley Leggette

IPC分类号： G06F11/00 ,  G06F11/10 ,  G06F11/30 ,  G06F11/20 ,  G06F11/07 ,  G06F3/06 ,  G06F11/34 ,  H04L29/08 ,  G06F11/14

摘要： A method includes identifying an encoded data slice for rebuilding. The method further includes determining whether a rebuilding threshold for the set of encoded data slices has been reached. When the rebuilding threshold has been reached, the method further includes determining, based on a condition of the DSN, whether to execute a rebuilding function, to delay execution of the rebuilding function, to adjust a rebuilding network protocol, or to modifying rebuilding criteria. When the determination is to execute the rebuilding function, the method further includes rebuilding the encoded data slice.

公开(公告)号：US10013203B2

公开(公告)日：2018-07-03

申请号：US15095558

申请日：2016-04-11

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Jason K. Resch ,  Wesley Leggette

IPC分类号： G06F3/06 ,  G06F11/10

CPC分类号： G06F3/0644 ,  G06F3/0604 ,  G06F3/0619 ,  G06F3/064 ,  G06F3/067 ,  G06F11/1008 ,  G06F11/1044 ,  G06F11/1068 ,  G06F11/1076 ,  G06F11/1092 ,  G06F11/2094 ,  G06F2211/1028

摘要： A method begins by a dispersed storage (DS) processing module receiving a request to store data in a dispersed storage network and determining dispersed storage error encoding parameters for encoding the data into sets of encoded data slices. The method continues with the DS processing module determining whether the request includes a desired write reliability indication. When the request includes the desired write reliability indication, the method continues with the DS processing module determining whether storage of the sets of encoded data slices is meeting the desired write reliability indication. When storage of a set of encoded data slices is not meeting the desired write reliability indication, the method continues with the DS processing module determining a storage compliance process for the set of encoded data slices to meet the desired write reliability indication and executing the storage compliance process for the set of encoded data slices.

公开(公告)号：US09927976B2

公开(公告)日：2018-03-27

申请号：US15345172

申请日：2016-11-07

申请人： International Business Machines Corporation

发明人： Manish Motwani ,  Michael Colin Storm ,  Ilya Volvovski ,  Greg Dhuse ,  Andrew Baptist ,  Wesley Leggette

IPC分类号： G06F11/10 ,  G06F3/06 ,  H03M13/15 ,  H04L29/08

CPC分类号： G06F3/0604 ,  G06F3/0619 ,  G06F3/0638 ,  G06F3/064 ,  G06F3/0644 ,  G06F3/067 ,  G06F11/1076 ,  G06F11/1092 ,  G06F2211/1028 ,  H03M13/1515 ,  H04L67/1097 ,  H04L67/306

摘要： A method begins by a dispersed storage (DS) processing module of a dispersed storage network (DSN) sending a plurality of sets of encoded data slices to DSN memory for storage in accordance with a plurality of sets of DSN data addresses. The method continues with the DS processing module generating retrieval data that is based on a data object number and data storage information. The method continues with the DS processing module dispersed storage error encoding the retrieval data to produce a set of encoded retrieval data slices and generating a set of DSN retrieval data addresses based on the data name and on retrieval data storage information. The method continues with the DS processing module sending the set of encoded retrieval data slices to the DSN memory for storage in accordance with the set of DSN retrieval data addresses.

公开(公告)号：US20180077238A1

公开(公告)日：2018-03-15

申请号：US15812706

申请日：2017-11-14

申请人： International Business Machines Corporation

发明人： Jason K. Resch ,  Wesley Leggette ,  Greg Dhuse

IPC分类号： H04L29/08 ,  H03M13/37 ,  H03M13/09 ,  H03M13/15

CPC分类号： H04L67/1097 ,  H03M13/09 ,  H03M13/1515 ,  H03M13/3761

摘要： A method includes receiving, by a storage unit of a set of storage units of a dispersed storage network (DSN) from a computing device of the DSN, a write request of a set of write requests regarding an encoded data slice of a set of encoded data slices. The write request includes a write set information table that includes a listing of which storage unit of the set of storage units is being sent which encoded data slice of the set of encoded data slices for storage therein. The method further includes interpreting the write set information table to determine that a particular encoded data slice assigned to a particular storage unit should be stored by a different storage unit. The method further includes facilitating storing of the particular encoded data slice in the different storage unit.

公开(公告)号：US20180024887A1

公开(公告)日：2018-01-25

申请号：US15705782

申请日：2017-09-15

申请人： International Business Machines Corporation

发明人： Thomas Franklin Shirley, Jr. ,  Gary W. Grube ,  Bart Cilfone ,  Ravi Khadiwala ,  Greg Dhuse ,  Thomas Darrel Cocagne ,  Michael Colin Storm ,  Yogesh Ramesh Vedpathak ,  Wesley Leggette ,  Jason K. Resch ,  Andrew Baptist ,  Ilya Volvovski

IPC分类号： G06F11/10 ,  G06F3/06 ,  G06F21/62 ,  H04L29/08 ,  H04L29/06

CPC分类号： G06F11/1092 ,  G06F3/06 ,  G06F3/061 ,  G06F3/0619 ,  G06F3/0635 ,  G06F3/064 ,  G06F3/0659 ,  G06F3/067 ,  G06F21/6218 ,  G06F2211/1028 ,  H04L63/20 ,  H04L67/1097

摘要： A computing device of a dispersed storage network (DSN) includes a memory, interface and a processing module operable to identify an encoded data slice of the set of encoded data slices to produce an identified encoded data slice. The processing module generates a set of first write requests regarding the set of encoded data slices less the identified encoded data slice, and generates a set of second write requests regarding the identified encoded data slice. The set of second write requests include the identified encoded data slice and replications of the identified encoded data slice. The processing module sends the set of first write requests to storage units of the DSN, and sends the set of second write requests to a set of storage units of the DSN, where each storage unit of the set of storage units is sent a corresponding one of the set of second write requests.