Secure recovery in a serverless distributed file system

US 20040111608A1
Filed: 12/05/2002
Published: 06/10/2004
Est. Priority Date: 12/05/2002
Status: Active Grant

First Claim

Patent Images

1. A method for secure file write processes in a serverless distributed file system, the method comprising:

in the serverless distributed file system, requiring a certificate for file creation;

requiring the certificate for file uploads to the serverless distributed file system; and

accepting changes to any created files with the certificate according to predetermined criteria indicated by the certificate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for secure file writes after a catastrophic event are allowed over an unauthenticated channel in a serverless distributed file system if an authenticator accompanies the secure file writes. The authenticator can be a power-of-attorney certificate with time limitations, a vector of message authenticated code, or a single message authenticator with secured with a secret shared among members of the serverless distributed file system. The serverless distributed file system includes at least 3f +1 participating computer members, with f representing a number of faults tolerable by the system. The group requires at least one authenticator for file creation and file uploads. Any changes to files stored among the members can be made over an unauthenticated channel if the file changes are secured by the authenticator and the group is able to verify the authenticator.

Citations

36 Claims

1. A method for secure file write processes in a serverless distributed file system, the method comprising:
- in the serverless distributed file system, requiring a certificate for file creation;
  
  requiring the certificate for file uploads to the serverless distributed file system; and
  
  accepting changes to any created files with the certificate according to predetermined criteria indicated by the certificate.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the certificate is one of a plurality of certificates shared by the distributed file system, each certificate of the plurality of certificates having a serial number, the distributed file system denying authorization for out-of-sequence certificates thereby preventing selective choice of certificates.
  - 3. The method of claim 1 wherein the certificate is a power-of-attorney certificate.
  - 4. The method of claim 1 wherein the predetermined criteria include one or more of:
    - an expiration indicator that identifies a time period during which the certificate is valid; and
      
      a version indicia for the created file.
  - 5. The method of claim 1 wherein the certificate is associated with one or more files, the certificate signed by a user authorizing a machine to send files and changes to preexisting files.

6. A method for securely updating files in a distributed directory group with a plurality of members therein, the method comprising:
- receiving by each member of the plurality of members one of n authenticators;
  
  receiving over an insecure channel a transmit containing one or more file updates secured with a hash of file content and a vector of message authentication codes created using the n authenticators; and
  
  authenticating the file updates by requiring a predetermined number of members in the distributed directory group to verify a predetermined number of the message authentication codes in the vector of message authentication codes.

7. The method of 6 wherein the n authenticators are UMAC message authentication codes.

8. The method of 6 wherein a user establishes a symmetric key relationship with each member of the distributed directory group.

9. The method of 6 wherein the number of members required to verify the predetermined number of message authentication codes is f+1 and the predetermined number of message authentication codes is 2f+1, wherein f is the number of faults tolerable by the distributed directory group.

10. A method for transmitting file writes to a fault tolerant directory group outside of an authenticated channel, the method comprising:
- transmitting one or more file writes to the directory group; and
  
  identifying the one or more file writes with at least one authenticator, the at least one authenticator requiring the directory group to reconstruct at least one secret key to authorize the one or more file writes.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10 wherein the at least one authenticator is a message authentication code secured with a secret key, the secret key having N shares wherein a predetermined number of members of the directory group have at least one of the N shares, the members reconstructing the secret key before authorizing the one or more file writes.
  - 12. The method of claim 10 wherein the at least one authenticator is a vector of message authentication codes secured with a plurality of secret keys and members of the fault tolerant directory group each hold one of the plurality of secret keys, the fault tolerant directory group allowing the one or more file writes if a predetermined number of members of the directory group verify a predetermined number of the plurality of secret keys.

13. A method for allowing file writes to a fault tolerant directory group outside of an authenticated channel, the method comprising:
- receiving a log from a client machine, the log including the file writes and the log authenticated by a message authentication code; and
  
  reconstructing a secret key associated with the message authentication code, the reconstructing requiring a number of members of the fault tolerant directory group to provide a share of the secret key, the number being at least one plus a number of tolerable faults of the fault tolerant directory group.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13 wherein the fault tolerant directory group receives the log outside of the authenticated channel due to a catastrophic event causing the client machine to be disabled.
  - 15. The method of claim 13 wherein the number of members in the fault tolerant directory group is at least three times the number of faults tolerable by the fault tolerant directory group plus one.

16. A method for file writes to a fault tolerant directory group outside of an authenticated channel, the method comprising:
- creating a log in a client machine, the log including the file writes and the log authenticated by a message authentication code secured with a secret key associated with the message authentication code, wherein reconstruction of the secret key requires a number of members of the fault tolerant directory group to provide a share of the secret key, the number being at least one plus a number of tolerable faults of the fault tolerant directory group; and
  
  transmitting the log outside the authenticated channel.
- View Dependent Claims (17)
- - 17. The method of claim 16 wherein the number of members in the fault tolerant directory group is at least three times the number of faults tolerable by the fault tolerant directory group plus one.

18. A serverless distributed file system comprising:
- at least 3f+1 participating computer members forming a group, wherein f represents a number of faults tolerable by the group; and
  
  and a plurality of files distributed among the members of the group, wherein the group requires at least one authenticator for file creation and the group requires the authenticator for file uploads to the serverless distributed file system and changes to any one of the plurality of files is according to predetermined criteria indicated by the authenticator associated with the file.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The serverless distributed file system of claim 18 wherein the authenticator is a power-of-attorney certificate, the power-of-attorney certificate having the predetermined criteria including a time component that allows the file uploads for a predetermined amount of time.
  - 20. The serverless distributed file system of claim 18 wherein the authenticator is a message authentication code secured by a secret key, the group configured to receive at least one log from a client machine, the log including file writes and the log authenticated by the message authentication code.
  - 21. The serverless distributed file system of claim 20 wherein the group is configured to reconstruct the secret key associated with the message authentication code, the reconstruction requiring a number of members of the group to provide a share of the secret key, the number being at least f+1.
  - 22. The serverless distributed file system of claim 18 wherein the authenticator is a vector of message authentication codes secured by a plurality of secrets, each member of the group having one of the plurality of secrets, the group configured to require at least f+1 members to provide one of the plurality of secrets to allow the file uploads outside an authenticated channel.

23. A computer-readable medium having computer-executable instructions for enabling file writes to a fault tolerant directory group outside of an authenticated channel, the computer-executable instructions performing acts comprising:
- creating a log, the log including the file writes and the log authenticated by a message authentication code secured with a secret key associated with the message authentication code, wherein reconstruction of the secret key requires a number of members of the fault tolerant directory group to provide a share of the secret key, the number being at least one plus a number of tolerable faults of the fault tolerant directory group; and
  
  enabling a client machine to transmit the log outside the authenticated channel.

24. A computer-readable medium having computer-executable instructions for performing acts comprising:
- in a serverless distributed file system, requiring a certificate for file creation;
  
  requiring the certificate for file uploads to the serverless distributed file system; and
  
  accepting changes to any created files with the certificate according to predetermined criteria indicated by the certificate.
- View Dependent Claims (25, 26, 27)
- - 25. The computer-readable medium according to claim 24, wherein the certificate is one of a plurality of certificates shared by the distributed file system, each certificate of the plurality of certificates having a serial number, the distributed file system denying authorization for out-of-sequence certificates thereby preventing selective choice of certificates.
  - 26. The computer-readable medium according to claim 24, wherein the predetermined criteria include one or more of:
    - an expiration indicator that identifies a time period during which the certificate is valid; and
      
      a version indicia for the created file.
  - 27. The computer-readable medium according to claim 24, wherein the certificate is associated with one or more files, the certificate signed by a user authorizing a machine to send files and changes to preexisting files.

28. A computer-readable medium having computer-executable instructions for performing acts comprising:
- receiving by each member of a distributed directory group with a plurality of members one of n authenticators;
  
  receiving over an insecure channel a transmit containing one or more file updates secured with a hash of file content and a vector of message authentication codes created using the n authenticators; and
  
  authenticating the file updates by requiring a predetermined number of members in the distributed directory group to verify a predetermined number of the message authentication codes in the vector of message authentication codes.
- View Dependent Claims (29, 30, 31)
- - 29. The computer-readable medium according to claim 28, wherein the n authenticators are UMAC message authentication codes.
  - 30. The computer-readable medium according to claim 28, wherein a user establishes a symmetric key relationship with each member of the distributed directory group.
  - 31. The computer-readable medium according to claim 28, wherein the number of members required to verify the predetermined number of message authentication codes is f+1 and the predetermined number of message authentication codes is 2f+1, wherein f is the number of faults tolerable by the distributed directory group.

32. A computer-readable medium having computer-executable instruction for performing acts for transmitting file writes to a fault tolerant directory group outside of an authenticated channel, the acts comprising:
- transmitting one or more file writes to the directory group; and
  
  identifying the one or more file writes with at least one authenticator, the at least one authenticator requiring the directory group to reconstruct at least one secret key to authorize the one or more file writes.
- View Dependent Claims (33, 34)
- - 33. The computer-readable medium according to claim 32 wherein the at least one authenticator is a message authentication code secured with a secret key, the secret key having N shares wherein a predetermined number of members of the directory group have at least one of the N shares, the members reconstructing the secret key before authorizing the one or more file writes.
  - 34. The computer-readable medium according to claim 32 wherein the at least one authenticator is a vector of message authentication codes secured with a plurality of secret keys and members of the fault tolerant directory group each hold one of the plurality of secret keys, the fault tolerant directory group allowing the one or more file writes if a predetermined number of members of the directory group verify a predetermined number of the plurality of secret keys.

35. A computer-readable medium having computer-executable instructions for performing acts for allowing file writes to a fault tolerant directory group outside of an authenticated channel, the acts comprising:
- receiving a log from a client machine, the log including the file writes and the log authenticated by a message authentication code; and
  
  reconstructing a secret key associated with the message authentication code by a predetermined number of members of the fault tolerant directory group disclosing a correct share of the secret key, the reconstructing of the secret key verifying the authenticity of the file writes when an authenticated channel is unavailable.
- View Dependent Claims (36)
- - 36. The computer-readable medium according to claim 35 wherein the predetermined number is a function of a number of faults tolerable by the fault tolerant directory group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bolosky, William J., Douceur, John R., Adya, Atul, Oom Temudo de Castro, Miguel

Granted Patent

US 7,428,751 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 16/182   Distributed file systems

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/62   Protecting access to data v...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04L 9/3255   using group based signature...

Secure recovery in a serverless distributed file system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Secure recovery in a serverless distributed file system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links