Verification of dispersed storage network access control information
First Claim
1. A method for securely publishing an access control list, the method comprises:
- generating, by a dispersed storage (DS) managing unit of a dispersed storage network (DSN), an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN,wherein the generating the authentic and time-stamped access control list comprises;
generating time-stamp value;
combining the time-stamp value with the access control list to produce a time-stamped access control list;
generating a signature based on the time-stamped access control list and a private key of the DS managing unit; and
combining the signature with the time-stamped access control list to produce the authentic and time-stamped access control list;
identifying, by the DS managing unit, a plurality of dispersed storage (DS) units of the DSN to receive the access control list;
sending, by the DS managing unit using a one-way communication path, the authentic and time-stamped access control list and the identity of the plurality of DS units to a publisher unit; and
sending, by the publisher unit, the authentic and time-stamped access control list to the plurality of DS units using a plurality of one-way communication paths.
5 Assignments
0 Petitions
Accused Products
Abstract
In a dispersed storage network access control list information must be occasionally written out to system units across the network. A dispersed storage (DS) managing unit (18) combines (204) the access control list information with a clock stamp and hashes (206) that combined output. An encryptor (208) encrypts a security key (210) and the hash output to obtain a signature. A combiner (212) combines the signature and the output of combiner (204) and outputs to a publisher (214). Upon receipt of the output of the publisher (214) a dispersed storage unit (44) can reverse process and securely validate the access control list information provided by the publisher (214) to receive and store updated and valid access control list information. This processing is performed by the unit (44) using parsers (216), caches (218 and 228), hash operations (224), decryptors (222), comparators (226), logic (230), and key stores (220).
-
Citations
10 Claims
-
1. A method for securely publishing an access control list, the method comprises:
-
generating, by a dispersed storage (DS) managing unit of a dispersed storage network (DSN), an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN, wherein the generating the authentic and time-stamped access control list comprises; generating time-stamp value; combining the time-stamp value with the access control list to produce a time-stamped access control list; generating a signature based on the time-stamped access control list and a private key of the DS managing unit; and combining the signature with the time-stamped access control list to produce the authentic and time-stamped access control list; identifying, by the DS managing unit, a plurality of dispersed storage (DS) units of the DSN to receive the access control list; sending, by the DS managing unit using a one-way communication path, the authentic and time-stamped access control list and the identity of the plurality of DS units to a publisher unit; and sending, by the publisher unit, the authentic and time-stamped access control list to the plurality of DS units using a plurality of one-way communication paths. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A dispersed storage network (DSN) comprising:
a dispersed storage (DS) managing unit operable to; generate an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN, wherein the DS managing unit is further operable to generate the authentic and time-stamped access control list by; generating time-stamp value; combining the time-stamp value with the access control list to produce a time-stamped access control list; generating a signature based on the time-stamped access control list and a private key of the DS managing unit; and combining the signature with the time-stamped access control list to produce the authentic and time-stamped access control list; identify a plurality of dispersed storage (DS) units of the DSN to receive the access control list; send, using a one-way communication path, the authentic and time-stamped access control list and the identity of the plurality of DS units to a publisher unit; and the publisher unit operable to send the authentic and time-stamped access control list to the plurality of DS units using a plurality of one-way communication paths. - View Dependent Claims (7, 8, 9, 10)
Specification