Using dispersal techniques to securely store cryptographic resources and respond to attacks

US 10,581,807 B2
Filed: 08/29/2016
Issued: 03/03/2020
Est. Priority Date: 08/29/2016
Status: Active Grant

First Claim

Patent Images

1. A method for use in a dispersed storage network (DSN) including a DSN memory employing a plurality of distributed storage (DS) units, the method comprising:

at the DS unit;

storing encrypted secret material at a DS unit, wherein the encrypted secret material can be decrypted only using an unlock key, and wherein the DS unit is authorized to receive the unlock key only after the DS unit has been authenticated using authentication credentials stored in the DS unit;

transmitting the authentication credentials stored in the DS unit from the DS unit to at least one other device included in the DSN, external to the DS unit;

at the at least one other device;

authenticating the DS unit based on the authentication credentials;

instructing the other DS units to transmit encoded data slices of the unlock key to the DS unit;

at the DS unit;

receiving, from the other DS units, encoded data slices of the unlock key;

reconstructing the unlock key from the encoded data slices of the unlock key received from the other DS units;

in response to a security event, transitioning the DS unit into a secure mode,wherein transitioning the DS unit into the secure mode includes;

erasing from the DS unit the encrypted secret material that has been decrypted using the unlock key;

erasing from the DS unit the unlock key; and

erasing from the DS unit the authentication credentials.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A dispersed storage network (DSN) includes a DSN memory, which in turn employs multiple distributed storage (DS) units to store encrypted secret material that can be decrypted using an unlock key. The unlock key is stored external to the DS unit, in some cases using multiple data slices dispersed throughout the DSN. To obtain the unlock key, the DS unit transmits authentication credentials to another device included in the DSN, but external to the DS unit. The other device authenticates the DS unit using the authentication credentials, and sends the unlock key to the DS unit. The DS unit uses the unlock key in normal decryption operations. In response to a security event, the DS unit transitions to a secure mode by erasing any material decrypted using the unlock key, the unlock key, and the DS unit'"'"'s authentication credentials.

Citations

15 Claims

1. A method for use in a dispersed storage network (DSN) including a DSN memory employing a plurality of distributed storage (DS) units, the method comprising:
- at the DS unit;
  
  storing encrypted secret material at a DS unit, wherein the encrypted secret material can be decrypted only using an unlock key, and wherein the DS unit is authorized to receive the unlock key only after the DS unit has been authenticated using authentication credentials stored in the DS unit;
  
  transmitting the authentication credentials stored in the DS unit from the DS unit to at least one other device included in the DSN, external to the DS unit;
  
  at the at least one other device;
  
  authenticating the DS unit based on the authentication credentials;
  
  instructing the other DS units to transmit encoded data slices of the unlock key to the DS unit;
  
  at the DS unit;
  
  receiving, from the other DS units, encoded data slices of the unlock key;
  
  reconstructing the unlock key from the encoded data slices of the unlock key received from the other DS units;
  
  in response to a security event, transitioning the DS unit into a secure mode,wherein transitioning the DS unit into the secure mode includes;
  
  erasing from the DS unit the encrypted secret material that has been decrypted using the unlock key;
  
  erasing from the DS unit the unlock key; and
  
  erasing from the DS unit the authentication credentials.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein:
    - fewer than a read threshold number of encoded data slices of the unlock key are stored at the DS unit.
  - 3. The method of claim 1, wherein the security event includes:
    - receiving, at the DS unit, a security notification from a DS managing unit.
  - 4. The method of claim 1, wherein the security event includes:
    - determining that the DS unit is vulnerable to at least one exploit for which a fix is unavailable.
  - 5. The method of claim 1, wherein the security event includes:
    - detection of physical tampering.
  - 6. The method of claim 1, further comprising:
    - recovering the DS unit to a functional state after the DS unit has transitioned to the secure mode, wherein recovering the DS unit to the functional state includes receiving reissued authentication credentials from a DS managing unit.

7. A processing system configured to implement a distributed storage (DS) unit, the DS unit comprising:
- a computing core;
  
  a memory coupled to the computing core;
  
  a network interface configured to couple the DS unit to a dispersed storage network (DSN) including one or more DSN memory devices employing a plurality of DS units;
  
  the computing core configured to;
  
  store, in the memory, encrypted secret material wherein the encrypted secret material can be decrypted using an unlock key, and wherein the DS unit is authorized to receive the unlock key only after the DS unit has been authenticated using authentication credentials stored in the DS unit;
  
  store, in the memory, authentication credentials used to obtain the unlock key;
  
  authenticate with an external device included in the DSN, the external device configured to instruct one or more other external devices included in the DSN to transmit an encrypted version of the unlock key to the DS unit;
  
  decrypt and store in the memory, at least temporarily, the unlock key; and
  
  transition the DS unit into a secure mode in response to a security event, by erasing the unlock key and the authentication credentials from the memory, while leaving the encrypted secret material stored in the DS unit.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The processing system of claim 7, wherein:
    - the unlock key is stored using a plurality of data slices dispersed throughout the DSN using a dispersed encoding technique; and
      
      whereinthe computing core is further configured to obtain at least one of the plurality of data slices from a plurality of external devices, until at least a threshold number of data slices needed to reconstruct the unlock key have been obtained.
  - 9. The processing system of claim 7, wherein the computing core is further configured to transition the DS unit into the secure mode by:
    - erasing from the memory the encrypted secret material that has been decrypted using the unlock key.
  - 10. The processing system of claim 7, wherein the security event includes at least one of:
    - receiving, via the network interface, a security notification indicating that the DS unit should transition to the secure mode;
      
      ordetection of physical tampering.
  - 11. The processing system of claim 7, wherein the computing core is further configured to:
    - recover the DS unit to a functional state after the DS unit has transitioned to the secure mode, wherein recovering the DS unit to the functional state includes receiving reissued authentication credentials from a DS managing unit.

12. A dispersed storage network (DSN) comprising:
- a DSN memory including distributed storage (DS) units;
  
  at least one processing core implementing a managing unit configured to manage authentication of DS units within the DSN, wherein the at least one processing core is included in a device that is physically separate from the DS units;
  
  at least one DS unit-including;
  
  a computing core;
  
  a memory coupled to the computing core;
  
  a network interface configured to couple the at least one DS unit to the DSN;
  
  the computing core configured to;
  
  store, in the memory, authentication credentials used to obtain an unlock key needed to decrypt secret material stored in the at least one DS unit;
  
  transmit the authentication credentials to the managing unit;
  
  the at least one processing core implementing the managing unit configured to;
  
  authenticate the at least one DS unit based on the authentication credentials;
  
  instruct other DS units included in the DSN memory to transmit encoded data slices of the unlock key to the DS unit;
  
  the computing core included in the at least one DS unit further configured to;
  
  receive, from the other DS units, encoded data slices of the unlock key;
  
  reconstruct the unlock key from the encoded data slices of the unlock key received from the other DS units; and
  
  erase the authentication credentials from the memory in response to a security event.
- View Dependent Claims (13, 14, 15)
- - 13. The dispersed storage network of claim 12, wherein the computing core is further configured to:
    - store the unlock key in the memory, at least temporarily; and
      
      erase the unlock key and the authentication credentials in response to the security event.
  - 14. The dispersed storage network of claim 12, wherein the security event includes at least one of:
    - receiving, via the network interface, a security notification indicating that the DS unit should transition to a secure mode;
      
      ordetection of physical tampering.
  - 15. The dispersed storage network of claim 12, wherein the computing core is further configured to:
    - recover the DS unit to a functional state in response to receiving reissued authentication credentials from the managing unit, wherein recovering the DS unit to the functional state includes;
      
      receiving, from the other DS units, additional encoded data slices of the unlock key; and
      
      reconstructing the unlock key from the additional encoded data slices of the unlock key received from the other DS units.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Resch, Jason K., Seaborn, Mark D.
Primary Examiner(s)
Lemma, Samson B
Assistant Examiner(s)
Cruz-Franqui, Richard W

Application Number

US15/249,726
Publication Number

US 20180063090A1
Time in Patent Office

1,282 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 67/1097   for distributed storage of ...

Using dispersal techniques to securely store cryptographic resources and respond to attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Using dispersal techniques to securely store cryptographic resources and respond to attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links