Secure recovery in a serverless distributed file system

US 7,428,751 B2
Filed: 12/05/2002
Issued: 09/23/2008
Est. Priority Date: 12/05/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for secure file write processes in a serverless distributed file system, the method comprising:

in the serverless distributed file system, requiring a certificate for file creation;

requiring the certificate for file uploads to the serverless distributed file system;

receiving a request to change a file created using the certificate;

in response to receiving the request to change the file created using the certificate, determining if predetermined criteria indicated by the certificate are satisfied, wherein the determining comprises;

determining an expiration indicator that identifies a time period during which the certificate is valid;

determining a version indicia for the created file; and

determining whether the certificate is out of sequence based on a serial number of the certificate, wherein the distributed file system denies authorization for out-of-sequence certificates thereby preventing selective choice of certificates; and

accepting changes to the file created using the certificate if the predetermined criteria indicated by the certificate are satisfied.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for secure file writes after a catastrophic event are allowed over an unauthenticated channel in a serverless distributed file system if an authenticator accompanies the secure file writes. The authenticator can be a power-of-attorney certificate with time limitations, a vector of message authenticated code, or a single message authenticator with secured with a secret shared among members of the serverless distributed file system. The serverless distributed file system includes at least 3f+1 participating computer members, with f representing a number of faults tolerable by the system. The group requires at least one authenticator for file creation and file uploads. Any changes to files stored among the members can be made over an unauthenticated channel if the file changes are secured by the authenticator and the group is able to verify the authenticator.

75 Citations

View as Search Results

9 Claims

1. A method for secure file write processes in a serverless distributed file system, the method comprising:
- in the serverless distributed file system, requiring a certificate for file creation;
  
  requiring the certificate for file uploads to the serverless distributed file system;
  
  receiving a request to change a file created using the certificate;
  
  in response to receiving the request to change the file created using the certificate, determining if predetermined criteria indicated by the certificate are satisfied, wherein the determining comprises;
  
  determining an expiration indicator that identifies a time period during which the certificate is valid;
  
  determining a version indicia for the created file; and
  
  determining whether the certificate is out of sequence based on a serial number of the certificate, wherein the distributed file system denies authorization for out-of-sequence certificates thereby preventing selective choice of certificates; and
  
  accepting changes to the file created using the certificate if the predetermined criteria indicated by the certificate are satisfied.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 wherein the certificate is a power-of-attorney certificate.
  - 3. The method of claim 1 wherein the certificate is associated with one or more files, the certificate signed by a user authorizing a machine to send files and changes to preexisting files.

4. A computer storage medium storing computer-executable instructions for performing acts comprising:
- in a serverless distributed file system, requiring a certificate for file creation;
  
  requiring the certificate for file uploads to the serverless distributed file system;
  
  receiving a request to change a file created using the certificate;
  
  in response to receiving the request to change the file created using the certificate, determining if predetermined criteria indicated by the certificate are satisfied, wherein the determining comprises;
  
  determining an expiration indicator that identifies a time period during which the certificate is valid;
  
  determining a version indicia for the created file; and
  
  determining whether the certificate is out-of-sequence based on a serial number of the certificate, wherein the distributed file system denies authorization for out-of sequence certificates thereby preventing selective choice of certificates; and
  
  accepting changes to the file created using the certificate if the predetermined criteria indicated by the certificate are satisfied.
- View Dependent Claims (5)
- - 5. The computer storage medium according to claim 4, wherein the certificate is associated with one or more files, the certificate signed by a user authorizing a machine to send files and changes to preexisting files.

6. A method, comprising:
- issuing a certificate with predetermined criteria that allows a user to update a file located on a serverless distributed file system, wherein the predetermined criteria include;
  
  an expiration indicator that identifies a time period during which the certificate is valid; and
  
  a version indicia for the file;
  
  storing the certificate on the user'"'"'s local machine;
  
  creating a log of updates that includes changes in the file contents, the log for updating the file in the serverless distributed file system;
  
  after a catastrophic event at a local machine;
  
  sending the log of updates and the certificate to the serverless distributed file system; and
  
  accepting the changes in the file contents included in the log of updates if the certificate meets the predetermined criteria; and
  
  authorizing the log of updates, wherein the log is only authorized if each update contains a unique serial number and each serial number is received by the distributed file system in a predetermined order.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein the certificate is associated with one or more files, the certificate signed by the user authorizing the machine to send files and changes to preexisting files.
  - 8. The method of claim 6, wherein the sending of the log of updates allows for updating of the file and one or more replicas of the file on the serverless distributed file system.
  - 9. The method of claim 8, wherein the file and the one or more replicas are stored on one or more distributed system portions of one or more computers on the serverless distributed file system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bolosky, William J., Douceur, John R., Adya, Atul, Oom Temudo de Castro, Miguel
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Dinh; Minh

Application Number

US10/310,440
Publication Number

US 20040111608A1
Time in Patent Office

2,119 Days
Field of Search

None
US Class Current

726/10
CPC Class Codes

G06F 16/182   Distributed file systems

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/62   Protecting access to data v...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04L 9/3255   using group based signature...

Secure recovery in a serverless distributed file system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Secure recovery in a serverless distributed file system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links