Abstract: A method begins by a dispersed storage (DS) processing module generating a temporary public-private key pair, a restricted use certificate, and a temporary password for a device. The method continues with the DS processing encoding a temporary private key to produce a set of encoded private key shares and encoding the restricted use certificate to produce a set of encoded certificate shares. The method continues with the DS processing module outputting the set of encoded private key shares and the set of encoded certificate shares to a set of authentication units. The method continues with the DS processing module outputting the temporary password to the device such that, when the device retrieves the set of encoded private key shares and the set of encoded certificate shares, the device is able to recapture the temporary private key and the restricted use certificate for accessing a dispersed storage network (DSN).

Abstract: A method begins with a slice server receiving a request to access a virtual digital data storage vault. The method continues by determining whether the virtual digital data storage vault is a first virtual digital data storage vault or a second virtual digital data storage vault. The slice server supports a portion of each of the first and the second virtual digital data storage vaults. When the virtual digital data storage vault is the first or the second virtual digital data storage vault, the method continues by determining whether the request is valid. When the request is valid, the method continues by executing the request to generate a response.

Abstract: A method begins by a processing module obtaining a set of recovered random numbers, decoding encrypted share slices to produce a set of encrypted shares, and obtaining a set of personalized authenticating values regarding user access to data. The method continues with the processing module generating a set of hidden passwords based on the set of personalized authenticating values, generating a set of blinded passwords based on the set of hidden passwords and a set of blinded random numbers, and generating a set of passkeys based on the set of blinded passwords and the set of recovered random numbers. The method continues with the processing module generating a set of decryption keys based on the set of blinded random numbers and the set of passkeys, decrypting the set of encrypted shares to produce a set of shares, and decoding the set of shares to reproduce the data.

Abstract: A method begins by a processing sending access requests to a threshold number of storage units of a dispersed storage network (DSN) and receiving, from each of at least some of the threshold number of storage units, an access response or an error response. When one error response is received from a storage unit of the at least some of the threshold number of storage units in response to one of the access requests, the method continues with the processing module ascertaining a likely cause for an error corresponding to the error response. The method continues with the processing module determining, based on the likely cause for the error, whether to resend the one of the access requests to the storage unit, issue a modified access request to the storage unit, or send the one of the access requests to another storage unit.

Abstract: A method begins dispersed storage error encoding data in accordance with dispersed storage error encoding parameters to produce a plurality of set of encoded data slices. The method continues by determining access control information for the plurality of sets of encoded data slices. The method continues by determining whether one or more encoded data slices of the plurality of sets of encoded data slices has individual access control information. The method continues when the one or more encoded data slices has individual access control information by creating a plurality of sets of appended slices, which is done by appending corresponding individual access control information to each of the one or more encoded data slices and appending a representation of the access control information to remaining encoded data slices of the plurality of sets of encoded data slices. The method continues by outputting the appended slices.

Abstract: A method begins by receiving a first sub-set of encoded data slices of a set of encoded data slices. The first sub-set of encoded data slices includes less than a decode threshold number of encoded data slices. The method continues by sending accessing information regarding access to the multi-media content subsequent to receiving the first sub-set of encoded data slices. The method continues by receiving, as a favorable response to the accessing information, at least one of the encoded data slices of the second sub-set of encoded data slices such that at least the decode threshold number of encoded data slices have been received from the set of encoded data slices. The method continues by decoding the at least the decode threshold number of encoded data slices to recover the data segment.

Abstract: A method begins by a distributed storage (DS) managing unit receiving an encryption key to store. The method continues by determining an encryption method and encrypting the encryption key with the determined encryption method to produce an encrypted key. The method continues by encoding and slicing the encrypted key to produce a set of data slices; and storing the set of data slices in DSN memory. A method to retrieve the stored encryption key begins with receiving a retrieve encryption key request from a requester and continues with retrieving an encrypted key and then determining a decryption method. The method continues by decrypting the encrypted key with the determined decryption method to produce the encryption key and sending the encryption key to the requestor to decrypt one or more portions of the encrypted data.

Abstract: A method for securely publishing an access control list begins with a DS managing unit generating an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN. The method continues with the DS managing unit sending the authentic and time-stamped access control list to a publisher unit. The method continues with the publishing unit sending the authentic and time-stamped access control list to a plurality of DS units.

Abstract: A method for updating content data for user devices begins where a processing module encodes updated content to produce sets of encoded updated content data slices. The method continues with the processing module storing the sets of encoded updated content data slices in storage units and updating an entry in a directory. The method continues with the processing module receiving, from a user device, a read request for the content data and accessing the updated entry. The method continues with the user device receiving a decode threshold number of encoded data slices for each set of encoded updated content data slices and encoded unaltered content data slices. The method continues with the user device decoding each decode threshold number of encoded data slices and the encoded unaltered content data slices to recover the updated content data.

Abstract: A method begins by a dispersed storage (DS) processing module of a DS unit selecting a data slice for corruption analysis and requesting integrity information for the data slice from one or more other DS units of a dispersed storage network. When the one or more requested integrity information is received, the method continues with the DS processing module analyzing the one or more received integrity information and local integrity information of the data slice stored in the DS unit. When the analysis of the one or more received integrity information and the local integrity information of the data slice is unfavorable, the method continues with the DS processing module identifying the data slice as being corrupted.

Abstract: A method begins where a processing module segments data into data segments. On a data segment by data segment basis, the method continues with the processing module performing a decode threshold level of dispersed storage error encoding on a data segment to produce a set of decode threshold level encoded data slices and caching the set of decode threshold level encoded data slices. On a set by set basis, the method continues with the processing module performing a redundancy level of dispersed storage error encoding on the set of decode threshold level encoded data slices to produce a set of redundancy error coded data slices. The method continues with the processing module outputting at least one of at least some of a plurality of sets of decode threshold level encoded data slices and at least a corresponding some of a plurality of sets of redundancy error coded data slices.

Abstract: A method for storing data begins with determining, by a computing device, where to store the data and continues with managing, by a dispersed storage network (DSN) access token module, a pairing between the DSN access token module and the computing device. The method continues with sending, by the computing device, at least a portion of the data to the DSN access token module and encoding, by the DSN access token module, the at least a portion of the data using a dispersed storage error encoding function to produce one or more sets of encoded data slices. The method continues with sending, by the DSN access token module, the one or more sets of encoded data slices and storage information to the computing device and sending, by the computing device, the one or more sets of encoded data slices to the DSN memory for storage therein.

Abstract: A method begins by a computing device determining that data is stored in dispersed storage network (DSN) memory and sending a data retrieval request to a DSN access token module regarding the data. The method continues with the DSN access token module generating a plurality of sets of data slice read requests and sending the plurality of sets of data slices read requests to the computing device. The method continues with, for a set of data slices read requests, the computing device sending the set of data slices read requests to the DSN memory, receiving data slices from the DSN memory, and sending the data slices to the DSN access token module. The method continues with the DSN access token module decoding the data slices to produce a decoded data segment and sending the decoded data segment to the computing device.

Abstract: A method begins by a processing module of a dispersed storage network (DSN) ascertaining a decode threshold value for dispersed storage error encoding data for storage in storage units of the DSN. The method continues with the processing module determining a total width value for the dispersed storage error encoding based on the decode threshold value, a number of selected sites within the DSN, and a number of selected storage units of the selected sites. The method continues with the processing module determining logical storage slots within the selected storage units based on the total width value, the number of selected, and the number of selected storage units. The method continues with the processing module writing a set of encoded data slices to a total width value of the logical storage slots within at least some of the selected storage units of the selected sites based on a slice-to-slot mapping.

Abstract: A method begins by a processing module receiving a data segment for dispersed storage. The method continues with the processing module encoding the data segment in accordance with an error coding dispersed storage function to produce a plurality of error coded data slices. The method continues with the processing module generating a slice name for an error coded data slice of the plurality of error coded data slices, wherein the slice name includes a dispersed storage routing information section and a data identification section. The method continues with the processing module performing a securing function on at least the data identification section to produce a secure data identification section. The method continues with the processing module replacing, within the slice name, the data identification section with the secure data identification section to produce a secure slice name.

Abstract: A method begins by a first processing module generating a dispersed storage network (DSN) authentication request frame that includes authenticating data and an authenticating code, wherein the authenticating code references a valid authenticating process. The method continues with the first processing module transmitting the DSN authentication request frame to a second processing module. The method continues with the second processing module determining whether the second processing module includes the valid authentication process referenced by the authentication code. When the second processing module includes the valid authentication process, processing, by the second processing module, the authenticating data in accordance with the valid authentication process to produce processed authenticating data.

Abstract: A maintenance free storage container includes a container housing, storage servers, and a container controller. The container controller includes a processing module that is operable to maintain virtual storage server to physical storage server mapping information and to maintain storage server failure information. The processing module is further operable to dispersed storage error encode the virtual storage server to physical storage server mapping information to produce encoded mapping slices. The processing module is further operable to send the encoded mapping slices for dispersed storage outside of the maintenance free storage container. The processing module is further operable to dispersed storage error encode the storage server failure information to produce encoded failure data slices. The processing module is further operable to send the encoded failure data slices for dispersed storage outside of the maintenance free storage container.

Abstract: A method begins with a computing device dividing data into data partitions. For a data partition of the data partitions, the method continues with the computing device associating indexing information with the data partition. The method continues with the computing device segmenting the data partition into a plurality of data segments. The method continues with the computing device dispersed storage error encoding the plurality of data segments to produce a plurality of sets of encoded data slices. The method continues with the computing device grouping encoded data slices of the plurality of sets of encoded data slices to produce a set of groupings of encoded data slices.

Abstract: In a dispersed storage network, data objects are dispersed storage error encoded into pluralities of sets of encoded data slices that are stored in a set of storage units. To recover a data object, a read threshold number of encoded data slices from each set of encoded data slices of a corresponding set of the plurality of sets of encoded data slices are required. Upon determining that an update is available for the set of storage units, a dispersed storage managing unit takes a first subset of storage units off line to perform the update. During the update, a remaining number of storage units of the set of storage units remain on line such that at least the read threshold number of encoded data slices are available for each set of the pluralities of sets of encoded data slices.

Abstract: A method begins by processing module in response to a read command, issuing at least a read threshold number of read requests regarding a set of encoded data slices and receiving at least the read threshold number of encoded data slices. The method continues where the processing module selects a unique combination of encoded data slices and decodes the unique combination to produce a recovered data segment. The method continues where the processing module verifies an integrity value for the recovered data segment and indicates whether the unique combination is valid. The method continues where the processing module selects other combinations producing more recovered data segments for further validity verification. The method continues where the processing module utilizes a verified recovered data segment as a response to the read command and identifies a compromised encoded data slice.