Verification of dispersed storage network access control information
First Claim
Patent Images
1. A method for securely publishing an access control list, the method comprises:
- generating, by a dispersed storage (DS) managing unit of a dispersed storage network (DSN), an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN,wherein the generating the authentic and time-stamped access control list comprises;
generating time-stamp value;
combining the time-stamp value with the access control list to produce a time-stamped access control list;
generating a signature based on the time-stamped access control list and a private key of the DS managing unit; and
combining the signature with the time-stamped access control list to produce the authentic and time-stamped access control list;
identifying, by the DS managing unit, a plurality of dispersed storage (DS) units of the DSN to receive the access control list;
sending, by the DS managing unit using a one-way communication path, the authentic and time-stamped access control list and the identity of the plurality of DS units to a publisher unit; and
sending, by the publisher unit, the authentic and time-stamped access control list to the plurality of DS units using a plurality of one-way communication paths.
5 Assignments
0 Petitions
Accused Products
Abstract
In a dispersed storage network access control list information must be occasionally written out to system units across the network. A dispersed storage (DS) managing unit (18) combines (204) the access control list information with a clock stamp and hashes (206) that combined output. An encryptor (208) encrypts a security key (210) and the hash output to obtain a signature. A combiner (212) combines the signature and the output of combiner (204) and outputs to a publisher (214). Upon receipt of the output of the publisher (214) a dispersed storage unit (44) can reverse process and securely validate the access control list information provided by the publisher (214) to receive and store updated and valid access control list information. This processing is performed by the unit (44) using parsers (216), caches (218 and 228), hash operations (224), decryptors (222), comparators (226), logic (230), and key stores (220).
-
Citations
10 Claims
-
1. A method for securely publishing an access control list, the method comprises:
-
generating, by a dispersed storage (DS) managing unit of a dispersed storage network (DSN), an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN, wherein the generating the authentic and time-stamped access control list comprises; generating time-stamp value; combining the time-stamp value with the access control list to produce a time-stamped access control list; generating a signature based on the time-stamped access control list and a private key of the DS managing unit; and combining the signature with the time-stamped access control list to produce the authentic and time-stamped access control list; identifying, by the DS managing unit, a plurality of dispersed storage (DS) units of the DSN to receive the access control list; sending, by the DS managing unit using a one-way communication path, the authentic and time-stamped access control list and the identity of the plurality of DS units to a publisher unit; and sending, by the publisher unit, the authentic and time-stamped access control list to the plurality of DS units using a plurality of one-way communication paths. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A dispersed storage network (DSN) comprising:
a dispersed storage (DS) managing unit operable to; generate an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN, wherein the DS managing unit is further operable to generate the authentic and time-stamped access control list by; generating time-stamp value; combining the time-stamp value with the access control list to produce a time-stamped access control list; generating a signature based on the time-stamped access control list and a private key of the DS managing unit; and combining the signature with the time-stamped access control list to produce the authentic and time-stamped access control list; identify a plurality of dispersed storage (DS) units of the DSN to receive the access control list; send, using a one-way communication path, the authentic and time-stamped access control list and the identity of the plurality of DS units to a publisher unit; and the publisher unit operable to send the authentic and time-stamped access control list to the plurality of DS units using a plurality of one-way communication paths. - View Dependent Claims (7, 8, 9, 10)
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneePure Storage, Inc.
-
Original AssigneeCleversafe Incorporated (International Business Machines Corporation)
-
InventorsResch, Jason K.
-
Primary Examiner(s)Tabor, Amare F
-
Application NumberUS12/759,701Publication NumberTime in Patent Office1,280 DaysField of Search713/176, 713/168, 726/27, 726/30US Class Current713/176CPC Class CodesG06F 11/1004 to protect a block of data ...G06F 11/1024 Identification of the type ...G06F 11/1092 Rebuilding, e.g. when physi...G06F 12/1483 using an access-table, e.g....G06F 13/00 Interconnection of, or tran...G06F 15/16 Combinations of two or more...G06F 16/00 Information retrieval; Data...G06F 21/44 Program or device authentic...H04L 63/0281 ProxiesH04L 63/0823 using certificates cryptogr...H04L 63/0884 by delegation of authentica...H04L 63/10 for controlling access to d...H04L 63/101 Access control lists [ACL]H04L 63/20 for managing network securi...H04L 67/1097 for distributed storage of ...H04L 9/32 including means for verifyi...H04L 9/3297 involving time stamps, e.g....
