STORAGE AND RETRIEVAL OF DISPERSED STORAGE NETWORK ACCESS INFORMATION
First Claim
1. A method comprises:
- receiving a certificate signing request (CSR) from a user device regarding a user, wherein the CSR includes user information regarding the user;
generating a set of hidden passwords based on the user information;
accessing a set of authenticating units to obtain a set of passkeys based on the set of hidden passwords and a set of random numbers;
retrieving a set of encrypted shares based on the user information;
decrypting the set of encrypted shares based on the set of passkeys and the set of random numbers to produce a set of encoded shares;
decoding, in accordance with a share encoding function, the set of encoded shares to recapture a private key associated with the user;
generating a user signed certificate based on the private key;
discarding the private key to substantially protect the private key from the user device; and
outputting the user signed certificate to the user device.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module receiving a certificate signing request (CSR) from a user device. The method continues with the DS processing module generating a set of hidden passwords based on the CSR and accessing a set of authenticating units to obtain a set of passkeys. The method continues with the DS processing module retrieving a set of encrypted shares and decrypting the set of encrypted shares to produce a set of encoded shares. The method continues with the DS processing module decoding the set of encoded shares to recapture a private key and generating a user signed certificate based on the private key. The method continues with the DS processing module discarding the private key to substantially protect the private key from the user device and outputting the user signed certificate to the user device.
32 Citations
22 Claims
-
1. A method comprises:
-
receiving a certificate signing request (CSR) from a user device regarding a user, wherein the CSR includes user information regarding the user; generating a set of hidden passwords based on the user information; accessing a set of authenticating units to obtain a set of passkeys based on the set of hidden passwords and a set of random numbers; retrieving a set of encrypted shares based on the user information; decrypting the set of encrypted shares based on the set of passkeys and the set of random numbers to produce a set of encoded shares; decoding, in accordance with a share encoding function, the set of encoded shares to recapture a private key associated with the user; generating a user signed certificate based on the private key; discarding the private key to substantially protect the private key from the user device; and outputting the user signed certificate to the user device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprises:
-
affiliating an authentication token with user information of a user; generating a private/public key pairing associated with the user information; applying a share encoding function on a private key of the private/public key pairing to produce a set of encoded shares; generating a set of random numbers; generating a set of hidden passwords based on the user information; generating a set of encryption keys based on the set of hidden passwords and the set of random numbers; encrypting the set of encoded shares utilizing the set of encryption keys to produce a set of encrypted shares; outputting the set of encrypted shares to the authentication token for storage therein; and outputting the set of random numbers to a set of authenticating units. - View Dependent Claims (8, 9, 10, 11)
-
-
12. An authentication token comprises:
-
memory; and a processing module, wherein the memory stores operational instructions that, when executed by the processing module, causes the processing module to; receive a certificate signing request (CSR) from a user device regarding a user, wherein the CSR includes user information regarding the user; generate a set of hidden passwords based on the user information; access a set of authenticating units to obtain a set of passkeys based on the set of hidden passwords and a set of random numbers; retrieve, from the memory, a set of encrypted shares based on the user information; decrypt the set of encrypted shares based on the set of passkeys and the set of random numbers to produce a set of encoded shares; decode, in accordance with a share encoding function, the set of encoded shares to recapture a private key associated with the user; generate a user signed certificate based on the private key; discard the private key to substantially protect the private key from the user device; and outputting the user signed certificate to the user device. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A managing unit comprises:
-
a first module, when operable within a computing device, causes the computing device to; affiliate an authentication token with user information of a user; generate a private/public key pairing associated with the user information; and apply a share encoding function on a private key of the private/public key pairing to produce a set of encoded shares; a second module, when operable within a computing device, causes the computing device to; generate a set of random numbers; a third module, when operable within a computing device, causes the computing device to; generate a set of hidden passwords based on the user information; a fourth module, when operable within a computing device, causes the computing device to; generate a set of encryption keys based on the set of hidden passwords and the set of random numbers; and encrypt the set of encoded shares utilizing the set of encryption keys to produce a set of encrypted shares; and a fifth module, when operable within a computing device, causes the computing device to; output the set of encrypted shares to the authentication token for storage therein; and output the set of random numbers to a set of authenticating units. - View Dependent Claims (19, 20, 21, 22)
-
Specification