Hardware authentication in a dispersed storage network
First Claim
1. A method to authenticate a node in a dispersed storage network (DSN) having a dispersed storage (DS) management unit, the method comprises:
- receiving by the DS management unit, a device list and a hardware certificate authority (HCA) public key originating from a separate element of the DSN;
validating the device list by calculating a hash of the device list and comparing the hash to a decrypted signature;
receiving a hardware certificate from the node in the dispersed storage network (DSN);
based on a comparison of the hardware certificate to the device list,determining whether the hardware certificate is valid;
when the hardware certificate is determined to be valid, encrypting a challenge message using a public key associated with the node;
sending the challenge message to the node;
receiving a challenge response message from the node;
determining if the challenge response message is valid; and
receiving, from the node, a certificate signing request relating to the hardware certificate; and
if the challenge response message is valid, providing a signed certificate for use in authenticating the node to perform dispersed storage operations within the DSN.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating a node of a dispersed storage network (DSN). In various embodiments, a dispersed storage (DS) management unit receives a device list originating from a hardware certificate authority (HCA). The HCA also provides a hardware certificate to the node. Upon receiving the hardware certificate from the node, the DS management unit determines if the certificate is valid by comparing it to information contained in the device list (such as a device ID or a serial number associated with the node). If the certificate is valid, the DS management unit sends a challenge message to the node and analyzes the resulting challenge message response to determine if it is valid. If the response is valid, the DS management unit provides a signed certificate to the node for use in authenticating the node to perform dispersed storage operations within the DSN.
86 Citations
20 Claims
-
1. A method to authenticate a node in a dispersed storage network (DSN) having a dispersed storage (DS) management unit, the method comprises:
-
receiving by the DS management unit, a device list and a hardware certificate authority (HCA) public key originating from a separate element of the DSN; validating the device list by calculating a hash of the device list and comparing the hash to a decrypted signature; receiving a hardware certificate from the node in the dispersed storage network (DSN); based on a comparison of the hardware certificate to the device list, determining whether the hardware certificate is valid; when the hardware certificate is determined to be valid, encrypting a challenge message using a public key associated with the node; sending the challenge message to the node; receiving a challenge response message from the node; determining if the challenge response message is valid; and receiving, from the node, a certificate signing request relating to the hardware certificate; and if the challenge response message is valid, providing a signed certificate for use in authenticating the node to perform dispersed storage operations within the DSN. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 19, 20)
-
-
9. A dispersed storage (DS) managing unit comprises:
-
at least one communication interface to communicate with nodes of a dispersed storage network (DSN); a memory; and a processing module coupled to the at least one communication interface and the memory, the processing module when operable in a device, causes the device to; receive, via the at least one communication interface, a device list and a hardware certificate authority (HCA) public key originating from a separate element of the DSN validate the device list by calculating a hash of the device list and comparing the hash to a decrypted signature; store the device list in the memory; receive, via the at least one communication interface, a hardware certificate from a node of the DSN; compare the hardware certificate to the device list to determine if the hardware certificate is valid; determine whether the hardware certificate is valid; when the hardware certificate is determined to be valid, encrypt a challenge message using a public key associated with the node; and send the challenge message to the node of the DSN. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method to authenticate a node in a dispersed storage network (DSN) having a dispersed storage (DS) management unit, the method comprises:
-
receiving, by the node, a hardware certificate from a separate element of the DSN; validating the hardware certificate and encrypting at least a portion of the hardware certificate utilizing a private key associated with the node; providing the hardware certificate to the DS management unit; receiving a challenge message from the DS management unit; decrypting at least a portion of the challenge message; generating a challenge response message based on the challenge message; providing the challenge response message to the DS management unit; and requesting a signed certificate from the DS management unit.
-
Specification