Temporary enrollment in anonymously obtained credentials

US 10,241,697 B2
Filed: 03/24/2017
Issued: 03/26/2019
Est. Priority Date: 03/29/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprises:

receiving, by an authenticated device of a dispersed storage network (DSN), an access request from a requesting device;

determining, by the authenticated device, whether the requesting device is affiliated with an anonymous user or an authenticated user;

when the requesting device is affiliated with the anonymous user, determining, by the authenticated device, status of the anonymous user;

when the status of the anonymous user is of minimal threat to the DSN, granting, by the authenticated device, temporary credentials and temporary access privileges to the anonymous user for use by the requesting device; and

processing, by the authenticated device, the access request in accordance with the temporary credentials and the temporary access privileges.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by receiving, by an authenticated device of a dispersed storage network (DSN), an access request from a requesting device. The method continues by determining, by the authenticated device, whether the requesting device is affiliated with an anonymous user or an authenticated user. When the requesting device is affiliated with the anonymous user, the method continues by determining, by the authenticated device, status of the anonymous user. When the status of the anonymous user is of minimal threat to the DSN, the method continues by granting, by the authenticated device, temporary credentials and temporary access privileges to the anonymous user for use by the requesting device. The method continues by processing, by the authenticated device, the access request in accordance with the temporary credentials and the temporary access privileges.

83 Citations

View as Search Results

16 Claims

1. A method comprises:
- receiving, by an authenticated device of a dispersed storage network (DSN), an access request from a requesting device;
  
  determining, by the authenticated device, whether the requesting device is affiliated with an anonymous user or an authenticated user;
  
  when the requesting device is affiliated with the anonymous user, determining, by the authenticated device, status of the anonymous user;
  
  when the status of the anonymous user is of minimal threat to the DSN, granting, by the authenticated device, temporary credentials and temporary access privileges to the anonymous user for use by the requesting device; and
  
  processing, by the authenticated device, the access request in accordance with the temporary credentials and the temporary access privileges.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprises:
    - when the requesting device is affiliated with the authenticated user, utilizing, by the authenticated device, trusted credentials of the authenticated user to process the access request.
  - 3. The method of claim 1 further comprises:
    - when the status of the anonymous user is of non-minimal threat to the DSN, deny the temporary credentials and the temporary access privileges of the anonymous user.
  - 4. The method of claim 1 further comprises:
    - when the status is of a significant threat to the DSN, suspending non-authenticated users access to the DSN.
  - 5. The method of claim 1, wherein the determining the status comprises:
    - verifying possession of an Internet Protocol (IP) address;
      
      verifying favorable execution of a computationally intensive challenge or memory intensive challenge; and
      
      verifying anonymous user is human.
  - 6. The method of claim 5, wherein the verifying the possession of the Internet Protocol (IP) address comprises:
    - establishing a transmission control protocol (TCP) connection.
  - 7. The method of claim 5, wherein the verifying the anonymous user is human comprises:
    - successful execution of a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) test.
  - 8. The method of claim 1 further comprises:
    - when the authenticated device is a dispersed storage (DS) processing unit, processing the access request by;
      
      converting the access request into a set of storage unit requests;
      
      signing each storage unit request of the set of storage unit requests using trusted credentials of the authenticated device to produce a set of signed requests; and
      
      sending the set of signed requests to a set of storage units, wherein the set of storage units process the set of signed requests in accordance with trusted credential procedures.

9. An authenticated device of a dispersed storage network (DSN) comprises:
- memory;
  
  an interface; and
  
  a processing module operably coupled to the memory and the interface, wherein the processing module is operable to;
  
  receive, via the interface, an access request from a requesting device;
  
  determine whether the requesting device is affiliated with an anonymous user or an authenticated user;
  
  when the requesting device is affiliated with the anonymous user, determine status of the anonymous user;
  
  when the status of the anonymous user is of minimal threat to the DSN, grant temporary credentials and temporary access privileges to the anonymous user for use by the requesting device; and
  
  process the access request in accordance with the temporary credentials and the temporary access privileges.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The authenticated device of claim 9 further comprises:
    - when the requesting device is affiliated with the authenticated user, utilizing trusted credentials of the authenticated user to process the access request.
  - 11. The authenticated device of claim 9 further comprises:
    - when the status of the anonymous user is of non-minimal threat to the DSN, deny temporary credentials and the temporary access privileges of the anonymous user.
  - 12. The authenticated device of claim 9 further comprises:
    - when the status is of a significant threat to the DSN, suspending non-authenticated users access to the DSN.
  - 13. The authenticated device of claim 9, wherein the processing module is operable to determine the status by:
    - verifying possession of an internet protocol (IP) address;
      
      verifying favorable execution of a computationally intensive challenge or memory intensive challenge; and
      
      verifying anonymous user is human.
  - 14. The authenticated device of claim 13, wherein the processing module is operable to verify possession of an internet protocol (IP) address by:
    - establishing a transmission control protocol (TCP) connection.
  - 15. The authenticated device of claim 13, wherein the processing module is operable to verify anonymous user is human by:
    - successful execution of a completely automated public Turing test to tell computers and humans apart (CAPTCHA) test.
  - 16. The authenticated device of claim 9 further comprises:
    - when the authenticated device is a dispersed storage (DS) processing unit, the processing module is operable to process the access request by;
      
      converting the access request into a set of storage unit requests;
      
      signing each storage unit request of the set of storage unit requests using trusted credentials of the authenticated device to produce a set of signed requests; and
      
      sending, via the interface, the set of signed requests to a set of storage units, wherein the set of storage units process the set of signed requests in accordance with trusted credential procedures.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Green Market Square Limited
Original Assignee
International Business Machines Corporation
Inventors
Resch, Jason K., Seaborn, Mark D., Volvovski, Ilya
Primary Examiner(s)
Paliwal, Yogesh

Application Number

US15/469,169
Publication Number

US 20170289173A1
Time in Patent Office

732 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 21/31   User authentication

G06F 2221/2133   Verifying human interaction...

G06F 3/0604   Improving or facilitating a...

G06F 3/061   Improving I/O performance

G06F 3/0611   in relation to response time

G06F 3/0619   in relation to data integri...

G06F 3/0631   by allocating resources to ...

G06F 3/0635   by changing the path, e.g. ...

G06F 3/064   Management of blocks

G06F 3/0644   Management of space entitie...

G06F 3/0647   Migration mechanisms

G06F 3/0659   Command handling arrangemen...

G06F 3/067   Distributed or networked st...

G06F 8/65   Updates security arrangemen...

G06F 9/485   Task life-cycle, e.g. stopp...

G06F 9/4881   Scheduling strategies for d...

H03M 13/05   using block codes, i.e. a p...

H03M 13/1515   Reed-Solomon codes

H03M 13/373 : with erasure correction and...

H03M 13/616 : Matrix operations, especial...

H04L 61/10 : of different types

H04L 61/50 : Address allocation

H04L 63/08 : for authentication of entit...

H04L 63/104 : Grouping of entities

H04L 63/108 : when the policy decisions a...

H04L 67/1097 : for distributed storage of ...

H04L 67/56 : Provisioning of proxy servi...

View All

Temporary enrollment in anonymously obtained credentials

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Temporary enrollment in anonymously obtained credentials

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others