| 发明名称 | Controlling access in a dispersed storage network | ||
| 摘要 | A method begins by a set of storage units of a dispersed storage network (DSN) receiving a set of access requests from a requesting device. The method continues with a first storage unit extracting a unique identifier from a first access request, performing a deterministic function on the unique identifier to produce a first obfuscated identifier, seeking a first obfuscated access permissions list, recovering first access permissions from the first obfuscated access permissions list, and processing the first access request based on the recovered first access permissions. The method continues with the requesting device receiving a set of access responses from the set of storage units for the set of access requests for which the requesting device had favorable access permissions with at least a threshold number of storage units. | ||
| 申请公布号 | US9390283(B2) | 申请公布日期 | 2016.07.12 |
| 申请号 | US201514610331 | 申请日期 | 2015.01.30 |
| 申请人 | INTERNATIONAL BUSINESS MACHINES CORPORATION | 发明人 | Resch Jason K.;Leggette Wesley |
| 分类号 | H04L29/06;G06F21/62;H04L29/08 | 主分类号 | H04L29/06 |
| 代理机构 | Garlick & Markison | 代理人 | Garlick & Markison ;Markison Timothy W. |
| 主权项 | 1. A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method comprises: receiving, by a set of storage units, a plurality of sets of access requests from a plurality of requesting devices, wherein a requesting device of the plurality of requesting device generates a set of access requests of the plurality of sets of access requests regarding a particular type of data access; for a first storage unit of the set of storage units: receiving a first access request from each set of access requests of the plurality of access requests to produce a group of first access requests;extracting a unique identifier from each first access request of the group of first access requests to produce a first group of unique identifiers;for a unique identifier of the first group of unique identifiers, performing a deterministic function on the unique identifier to produce a first obfuscated identifier;seeking a first obfuscated access permissions list based on the first obfuscated identifier;when the first obfuscated access permissions list is found based on the first obfuscated identifier, recovering first access permissions from the first obfuscated access permissions list based on the first obfuscated identifier for a first requesting device of the plurality of requesting devices associated with the unique identifier of the first group of unique identifiers; andprocessing the first access request for the first requesting device based on the recovered first access permissions; and receiving, by the plurality of requesting devices, a set of access responses from the set of storage units for each set of access requests of the plurality of access requests for which a corresponding requesting device had favorable access permissions with at least a threshold number of storage units of the set of storage units. | ||
| 地址 | Armonk NY US | ||