AUTHENTICATING USE OF A DISPERSED STORAGE NETWORK
First Claim
1. A method for authenticating, through use of a dispersed storage managing unit, a user transaction initiated within a dispersed storage network, the method comprising:
- receiving a first authentication request from external to the dispersed storage managing unit, the first authentication request containing information pertaining to a user that is requesting the user transaction;
accessing a realm authentication list among a plurality of realm authentication lists stored in association with the dispersed storage managing unit;
using realm information from the realm authentication list within the dispersed storage managing unit to validate the user as a valid user of the dispersed storage network;
receiving a second authentication request from external to the dispersed storage managing unit, the second authentication request seeking authentication to process user data in a certain manner to further the user transaction;
accessing access control list store information and user permission information to validate if the valid user can properly engage in the user transaction; and
authorizing the continuation of the user transaction if the user is a valid user and the user transaction is a valid transaction for the valid user.
5 Assignments
0 Petitions
Accused Products
Abstract
At least one dispersed storage (DS) processing unit (14), at least one dispersed storage managing unit (18), and at least one dispersed storage unit (44) communicate with each other over a network (20) to authenticate and process a user data transaction within dispersed memory in a dispersed storage network. In a data operation, the DS processing unit (14) first received the request. The unit (14) uses stored security information (80 and 84) to validate that the user requesting the user transaction is a valid user. The unit (18) processes the user transaction to further authenticate that the user is valid and the user transaction requested by the user is proper. Finally, the unit (44) again received user transaction information and performs another authentication to ensure that the distributed network data slices can be properly processed by this user and this user transaction.
-
Citations
26 Claims
-
1. A method for authenticating, through use of a dispersed storage managing unit, a user transaction initiated within a dispersed storage network, the method comprising:
-
receiving a first authentication request from external to the dispersed storage managing unit, the first authentication request containing information pertaining to a user that is requesting the user transaction; accessing a realm authentication list among a plurality of realm authentication lists stored in association with the dispersed storage managing unit; using realm information from the realm authentication list within the dispersed storage managing unit to validate the user as a valid user of the dispersed storage network; receiving a second authentication request from external to the dispersed storage managing unit, the second authentication request seeking authentication to process user data in a certain manner to further the user transaction; accessing access control list store information and user permission information to validate if the valid user can properly engage in the user transaction; and authorizing the continuation of the user transaction if the user is a valid user and the user transaction is a valid transaction for the valid user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A dispersed storage managing unit adapted to be coupled to a network, the dispersed storage managing unit comprising:
-
input/output interface circuitry adapted to be coupled to the network; at least one realm authentication list stored in memory within the dispersed storage managing unit, wherein the at least one realm authentication list stores user information for at least one user that has registered for dispersed storage (DS) services, the user information being processed in response to user authentication requests that are received from the input/output interface circuitry to validate the at least one user as a valid dispersed storage user when the at least one user initiates dispersed data transactions; a certificate authority unit programmed to authenticate at least one dispersed storage unit on the network in response to a signal received via the input/output interface circuitry; and at least one permissions list coupled for communicating with the certificate authority unit and the input/output interface circuitry, the at least one permissions list containing permission information for the at least one user to allow the dispersed storage managing unit to authorize the continuation of dispersed data transactions requested by a valid dispersed storage user when the dispersed data transactions are deemed valid operations for the valid dispersed storage user. - View Dependent Claims (8, 9, 10)
-
-
11. A method for authenticating, through use of a dispersed storage processing unit, a user transaction initiated within a dispersed storage network, the method comprising:
-
receiving a transaction request from external to the dispersed storage processing unit, the transaction request containing user information pertaining to a user that is requesting the user transaction; using the user information to reference locally stored permissions to determine if the user is a valid user; outputting, from the dispersed storage processing unit, an authentication request to further validate the user and the user transaction; receiving either favorable or unfavorable validation from external to the dispersed storage processing unit; determining, when validation is favorable, one or more distributed storage network addresses that allow for further processing of the user transaction and outputting a user transaction continuation request to enable continued processing of the user transaction using the one or more distributed storage network addresses; and generating, when validation is unfavorable, and error message and outputting the error message external to the dispersed storage processing unit and engaging security check measures in response to the validation that was unfavorable. - View Dependent Claims (12, 13, 14)
-
-
15. A dispersed storage processing unit adapted to be coupled to a network, the dispersed storage processing unit comprising:
-
at least one interface circuitry adapted to be coupled to the network; a computing core and program memory for receiving incoming user transactions, enabling security checks within the dispersed storage processing unit associated with the incoming user transactions, creating and outputting authentication requests to the at least one interface circuitry for the incoming user transactions, receiving and processing authentication request responses from external to the incoming user transactions, and collecting dispersed storage network authentication and addressing information for output via the at least one interface circuitry for use by external dispersed storage network resources; and local memory for storing a local permissions list received from external to the dispersed storage processing unit, where the local permissions list allows the dispersed storage processing unit to validate incoming user transactions and output valid addressing information to the at least one interface circuitry to enable continuation of incoming user transactions. - View Dependent Claims (16, 17, 18)
-
-
19. A method for authenticating, through use of a dispersed storage unit, a user transaction initiated within a dispersed storage network, the method comprising:
-
receiving a transaction request from external to the dispersed storage unit, the transaction request containing user information pertaining to the user transaction that was previously subject to authentication processing by another unit within the dispersed storage network; using the user information to reference a locally stored permissions to determine at least one of;
(i) if the user is a valid user; and
(ii) the user transaction is a valid transaction for the user;outputting from the dispersed storage unit an authentication request to further validate the user and the user transaction; receiving either favorable or unfavorable validation from external to the dispersed storage unit; processing, when validation is favorable, a plurality of data slices in a hierarchical memory structure accessible by the dispersed storage unit to enable one of either;
(i) a read of user data where the data slices are authorized to be extracted from the dispersed storage network and reassembled from multiple memory locations in the dispersed storage network into unified and useable user data for the user;
or (ii) a write of user data into the dispersed storage network where the data slices are authorized to be written into the dispersed storage network across multiple different memory devices; andgenerating, when validation is unfavorable, and error message and outputting the error message external to the dispersed storage unit and engaging security check measures in response to the validation that was unfavorable. - View Dependent Claims (20, 21, 22)
-
-
23. A dispersed storage unit adapted to be coupled to a network, the dispersed storage unit comprising:
-
at least one interface circuitry adapted to be coupled to a network; a computing core and program memory for receiving incoming user transaction information, enabling security checks within the dispersed storage unit associated with incoming user transactions, creating and outputting authentication requests to the at least one interface circuitry for the incoming user transactions, receiving and processing authentication request responses from external to the incoming user transactions, and collecting dispersed storage network authentication and addressing information that enables processing of user data slices read from or written to storage within the dispersed storage network; and local memory for storing a local permissions list received from external to the dispersed storage unit, where the local permissions list allows the dispersed storage unit to validate incoming user transactions and output valid addressing information to the at least one interface circuitry to enable secure reading and writing of user data to the dispersed storage network. - View Dependent Claims (24, 25, 26)
-
Specification