Secure recovery in a serverless distributed file system
First Claim
1. A method for secure file write processes in a serverless distributed file system, the method comprising:
- in the serverless distributed file system, requiring a certificate for file creation;
requiring the certificate for file uploads to the serverless distributed file system;
receiving a request to change a file created using the certificate;
in response to receiving the request to change the file created using the certificate, determining if predetermined criteria indicated by the certificate are satisfied, wherein the determining comprises;
determining an expiration indicator that identifies a time period during which the certificate is valid;
determining a version indicia for the created file; and
determining whether the certificate is out of sequence based on a serial number of the certificate, wherein the distributed file system denies authorization for out-of-sequence certificates thereby preventing selective choice of certificates; and
accepting changes to the file created using the certificate if the predetermined criteria indicated by the certificate are satisfied.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for secure file writes after a catastrophic event are allowed over an unauthenticated channel in a serverless distributed file system if an authenticator accompanies the secure file writes. The authenticator can be a power-of-attorney certificate with time limitations, a vector of message authenticated code, or a single message authenticator with secured with a secret shared among members of the serverless distributed file system. The serverless distributed file system includes at least 3f+1 participating computer members, with f representing a number of faults tolerable by the system. The group requires at least one authenticator for file creation and file uploads. Any changes to files stored among the members can be made over an unauthenticated channel if the file changes are secured by the authenticator and the group is able to verify the authenticator.
75 Citations
9 Claims
-
1. A method for secure file write processes in a serverless distributed file system, the method comprising:
-
in the serverless distributed file system, requiring a certificate for file creation; requiring the certificate for file uploads to the serverless distributed file system; receiving a request to change a file created using the certificate; in response to receiving the request to change the file created using the certificate, determining if predetermined criteria indicated by the certificate are satisfied, wherein the determining comprises; determining an expiration indicator that identifies a time period during which the certificate is valid; determining a version indicia for the created file; and determining whether the certificate is out of sequence based on a serial number of the certificate, wherein the distributed file system denies authorization for out-of-sequence certificates thereby preventing selective choice of certificates; and accepting changes to the file created using the certificate if the predetermined criteria indicated by the certificate are satisfied. - View Dependent Claims (2, 3)
-
-
4. A computer storage medium storing computer-executable instructions for performing acts comprising:
-
in a serverless distributed file system, requiring a certificate for file creation; requiring the certificate for file uploads to the serverless distributed file system; receiving a request to change a file created using the certificate; in response to receiving the request to change the file created using the certificate, determining if predetermined criteria indicated by the certificate are satisfied, wherein the determining comprises; determining an expiration indicator that identifies a time period during which the certificate is valid; determining a version indicia for the created file; and determining whether the certificate is out-of-sequence based on a serial number of the certificate, wherein the distributed file system denies authorization for out-of sequence certificates thereby preventing selective choice of certificates; and accepting changes to the file created using the certificate if the predetermined criteria indicated by the certificate are satisfied. - View Dependent Claims (5)
-
-
6. A method, comprising:
-
issuing a certificate with predetermined criteria that allows a user to update a file located on a serverless distributed file system, wherein the predetermined criteria include; an expiration indicator that identifies a time period during which the certificate is valid; and a version indicia for the file; storing the certificate on the user'"'"'s local machine; creating a log of updates that includes changes in the file contents, the log for updating the file in the serverless distributed file system; after a catastrophic event at a local machine; sending the log of updates and the certificate to the serverless distributed file system; and accepting the changes in the file contents included in the log of updates if the certificate meets the predetermined criteria; and authorizing the log of updates, wherein the log is only authorized if each update contains a unique serial number and each serial number is received by the distributed file system in a predetermined order. - View Dependent Claims (7, 8, 9)
-
Specification