Self-validating request message structure and operation
First Claim
1. A storage unit (SU) comprising:
- an interface configured to interface and communicate with a dispersed or distributed storage network (DSN);
memory that stores operational instructions; and
a processing module operably coupled to the interface and to the memory, wherein the processing module, when operable within the SU based on the operational instructions, is configured to;
receive, via the DSN and from a computing device, a self-validating request message, wherein the self-validating request message is generated by the computing device to include a first message authentication code of the computing device, and the self-validating request message is generated by the computing device based on the computing device creating a master key of the computing device, creating a message encryption key based on the master key of the computing device and a secret function, encrypting a message using the message encryption key to generate an encrypted message, encrypting the master key of the computing device using a public key of the SU to generate an encrypted master key;
process the self-validating request message to verify the first message authentication code of the computing device that is included within the self-validating request message, and when the first message authentication code of the computing device is verified;
decrypt the encrypted master key that is included within the self-validating request message using a private key of the SU to recover the master key of the computing device;
generate the message encryption key based on the master key of the computing device and the secret function; and
decrypt the encrypted message that is included within the self-validating request message to recover the message; and
generate, in response to the self-validating request message, a self-validating response message that includes a second message authentication code and an encrypted response including to;
generate a responder encryption key based on the master key and another secret function; and
encrypt a response to the message based on the responder encryption key to generate the encrypted response; and
transmit, via the DSN and to the computing device, the self-validating response message.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a first device generating a self-validating message by creating a master key, using the master key to create a message encryption key, encrypting a message using the message encryption key to produce an encrypted message, encrypting the master key using a public key of a second device to produce an encrypted master key, and including a message authentication code of the first device in the self-validating message. The method continues by the second device receiving and decoding the self-validating message by verifying the message authentication code of the first device, and when the message authentication code of the first device is verified, decrypting the encrypted master key using a private key of the second device to recover the master key, using the master key to create the message encryption key, and decrypting the encrypted message using the message encryption key to recover the message.
157 Citations
20 Claims
-
1. A storage unit (SU) comprising:
-
an interface configured to interface and communicate with a dispersed or distributed storage network (DSN); memory that stores operational instructions; and a processing module operably coupled to the interface and to the memory, wherein the processing module, when operable within the SU based on the operational instructions, is configured to; receive, via the DSN and from a computing device, a self-validating request message, wherein the self-validating request message is generated by the computing device to include a first message authentication code of the computing device, and the self-validating request message is generated by the computing device based on the computing device creating a master key of the computing device, creating a message encryption key based on the master key of the computing device and a secret function, encrypting a message using the message encryption key to generate an encrypted message, encrypting the master key of the computing device using a public key of the SU to generate an encrypted master key; process the self-validating request message to verify the first message authentication code of the computing device that is included within the self-validating request message, and when the first message authentication code of the computing device is verified; decrypt the encrypted master key that is included within the self-validating request message using a private key of the SU to recover the master key of the computing device; generate the message encryption key based on the master key of the computing device and the secret function; and decrypt the encrypted message that is included within the self-validating request message to recover the message; and generate, in response to the self-validating request message, a self-validating response message that includes a second message authentication code and an encrypted response including to; generate a responder encryption key based on the master key and another secret function; and encrypt a response to the message based on the responder encryption key to generate the encrypted response; and transmit, via the DSN and to the computing device, the self-validating response message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A storage unit (SU) comprising:
-
an interface configured to interface and communicate with a dispersed or distributed storage network (DSN); memory that stores operational instructions; and a processing module operably coupled to the interface and to the memory, wherein the processing module, when operable within the SU based on the operational instructions, is configured to; receive, via the DSN and from a computing device, a self-validating request message that is generated by the computing device and that includes a self-validating request header and a first message authentication code of the computing device, wherein the self-validating request header includes a timestamp, a universally unique identifier (UUID) associated with the self-validating request message, an encrypted master key, a certificate chain of the computing device, and a header signature, and wherein the self-validating request message is generated by the computing device based on the computing device creating a master key of the computing device, creating a message encryption key based on the master key of the computing device and a secret function, encrypting a message using the message encryption key to generate an encrypted message, encrypting the master key of the computing device using a public key of the SU to generate the encrypted master key; process the self-validating request message to verify the first message authentication code of the computing device that is included within the self-validating request message, and when the first message authentication code of the computing device is verified; decrypt the encrypted master key that is included within the self-validating request message using a private key of the SU to recover the master key of the computing device; generate the message encryption key based on the master key of the computing device and the secret function; and decrypt the encrypted message that is included within the self-validating request message to recover the message; and generate, in response to the self-validating request message, a self-validating response message that includes a second message authentication code and an encrypted response including to; generate a responder encryption key based on the master key and another secret function; and encrypt a response to the message based on the responder encryption key to generate the encrypted response; and transmit, via the DSN and to the computing device, the self-validating response message. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method for execution by a storage unit (SU), the method comprising:
-
receiving, via an interface of the SU configured to interface and communicate with a dispersed or distributed storage network (DSN) and from a computing device, a self-validating request message, wherein the self-validating request message is generated by the computing device to include a first message authentication code of the computing device, and the self-validating request message is generated by the computing device based on the computing device creating a master key of the computing device, creating a message encryption key based on the master key of the computing device and a secret function, encrypting a message using the message encryption key to generate an encrypted message, encrypting the master key of the computing device using a public key of the SU to generate an encrypted master key; processing the self-validating request message to verify the first message authentication code of the computing device that is included within the self-validating request message, and when the first message authentication code of the computing device is verified; decrypting the encrypted master key that is included within the self-validating request message using a private key of the SU to recover the master key of the computing device; generating the message encryption key based on the master key of the computing device and the secret function; and decrypting the encrypted message that is included within the self-validating request message to recover the message; and generating, in response to the self-validating request message, a self-validating response message that includes a second message authentication code and an encrypted response including to; generating a responder encryption key based on the master key and another secret function; and encrypting a response to the message based on the responder encryption key to generate the encrypted response; and transmitting, via the interface of the SU and to the computing device, the self-validating response message. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification