Entity registration in multiple dispersed storage networks

US 8,959,597 B2
Filed: 05/11/2011
Issued: 02/17/2015
Est. Priority Date: 05/19/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method for execution by a device seeking registration with a storage network, the method comprises:

outputting a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN, wherein the global DSN includes a plurality of DSNs and the local DSN is one of the plurality of DSNs;

receiving a registration response message that includes a global universal unique identifier (UUID) and a local UUID;

generating a global public-private key pair and a local public-private key pair;

generating a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair;

generating a local CSR based on the local UUID and a private key of the local public-private key pair;

sending the global and local CSRs to a certificate authority (CA);

wherein the local CSR includes;

a local authorization code, the local UUID and a local public key of the local public-private key pair;

wherein the global CSR includes;

a global authorization code, the global UUID and a global public key of the local public-private key pair;

andreceiving a signed global certificate and a signed local certificate, wherein the signed global certificate indicates that the device is authorized to access the plurality of DSNs and the signed local certificate indicates that the device is authorized to access the local DSN.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a processing module outputting a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN. The method continues with the processing module receiving a registration response message that includes a global universal unique identifier (UUID) and a local UUID. The method continues with the processing module generating a global public-private key pair and a local public-private key pair and generating a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair. The method continues with the processing module generating a local CSR based on the local UUID and a private key of the local public-private key pair, sending the global and local CSRs to a certificate authority (CA), and receiving a signed global certificate and a signed local certificate.

88 Citations

16 Claims

1. A method for execution by a device seeking registration with a storage network, the method comprises:
- outputting a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN, wherein the global DSN includes a plurality of DSNs and the local DSN is one of the plurality of DSNs;
  
  receiving a registration response message that includes a global universal unique identifier (UUID) and a local UUID;
  
  generating a global public-private key pair and a local public-private key pair;
  
  generating a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair;
  
  generating a local CSR based on the local UUID and a private key of the local public-private key pair;
  
  sending the global and local CSRs to a certificate authority (CA);
  
  wherein the local CSR includes;
  
  a local authorization code, the local UUID and a local public key of the local public-private key pair;
  
  wherein the global CSR includes;
  
  a global authorization code, the global UUID and a global public key of the local public-private key pair;
  
  andreceiving a signed global certificate and a signed local certificate, wherein the signed global certificate indicates that the device is authorized to access the plurality of DSNs and the signed local certificate indicates that the device is authorized to access the local DSN.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the registration request message comprises at least one of:
    - a requester identifier (ID);
      
      a DSN ID;
      
      a dispersed storage (DS) managing unit ID;
      
      a DS processing unit ID;
      
      a user device ID;
      
      a DSN storage capacity indicator;
      
      a DSN status indicator;
      
      a DSN storage availability indicator; and
      
      authority contact information.
  - 3. The method of claim 1, wherein the outputting the registration request message comprises:
    - sending the registration request message to at least one of a local DSN registration authority, a global DSN registration authority, a CA, a security authority, a management authority, a naming authority, a billing authority, and a publishing authority.
  - 4. The method of claim 1 whereinthe local CSR further includes a local signature, wherein the local signature includes an encrypted hash of the local CSR utilizing a private key of the local public-private key pair;
    - andthe global CSR further includes global signature, wherein the global signature includes an encrypted hash of the global CSR utilizing a private key of the global public-private key pair.

5. A method comprises:
- receiving a registration request from a valid requesting entity;
  
  determining whether the registration request includes requesting registration to a global dispersed storage network (DSN) that includes a plurality of DSNs; and
  
  in response to a registration request to the global DSN;
  
  determining whether the valid requesting entity has a local universally unique identifier (UUID) of a home DSN of the plurality of DSNs;
  
  when the valid requesting entity has the local UUID, generating a global UUID;
  
  when the valid requesting entity does not have the local UUID, generating the local UUID and the global UUID;
  
  sending, to the valid requesting entity, a registration response that includes the local UUID and the global UUID;
  
  receiving a global certificate signing request (CSR) from the valid requesting entity;
  
  when the global CSR is valid, generating a global signed certificate;
  
  sending the global signed certificate to the valid requesting entity, wherein the global signed certificate indicates that the valid requesting entity is authorized to access the global DSN;
  
  wherein when the valid requesting entity does not have the local UUID;
  
  receiving a local certificate signing request (CSR) from the valid requesting entity;
  
  when the local CSR is valid, generating a local signed certificate; and
  
  sending the local signed certificate to the valid requesting entity; and
  
  wherein the registration response further comprises;
  
  a global authorization code that is associated with the global UUID; and
  
  a local authorization code that is associated with the local UUID.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the generating the local UUID comprises:
    - when the valid requesting entity does not have the local UUID, facilitating initialization of billing information for the valid requesting entity.
  - 7. The method of claim 5 further comprises:
    - validating the global CSR by at least one of;
      
      a successful comparison of a received authorization code of the global CSR with a stored authorization code associated with the global UUID; and
      
      a successful comparison of a hash of the global CSR with a decrypted signature of the global CSR utilizing a public key of the global CSR.
  - 8. The method of claim 5 further comprises:
    - the global signed certificate including at least one of;
      
      the global CSR;
      
      a global certificate authority (CA) UUID;
      
      a CA signature; and
      
      a CA public key of a public-private key pair; and
      
      generating the CA signature including at least one of;
      
      hashing the global signed certificate;
      
      encrypting the global signed certificate utilizing a CA private key of the public-private key pair;
      
      hashing and encrypting the global signed certificate utilizing the CA private key of the public-private key pair; and
      
      retrieving the CA signature from another CA.

9. A computer comprises:
- an interface;
  
  a memory for storing computer executable instructions; and
  
  a processor configured to execute computer executable instruction to;
  
  output, via the interface, a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN, wherein the global DSN includes a plurality of DSNs and the local DSN is one of the plurality of DSNs;
  
  receive, via the interface, a registration response message that includes a global universal unique identifier (UUID) and a local UUID;
  
  generate a global public-private key pair and a local public-private key pair;
  
  generate a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair;
  
  generate a local CSR based on the local UUID and a private key of the local public- private key pair;
  
  send, via the interface, the global and local CSRs to a certificate authority (CA);
  
  wherein the local CSR includes;
  
  a local authorization code, the local UUID and a local public key of the local public-private key pair;
  
  wherein the global CSR includes;
  
  a global authorization code, the global UUID and a global public key of the local public-private key pair;
  
  andreceive, via the interface, a signed global certificate and a signed local certificate, wherein the signed global certificate indicates that the computer is authorized to access the plurality of DSNs and the signed local certificate indicates that the computer is authorized to access the local DSN.
- View Dependent Claims (10, 11, 12)
- - 10. The computer of claim 9, wherein the registration request message comprises at least one of:
    - a requester identifier (ID);
      
      a DSN ID;
      
      a dispersed storage (DS) managing unit ID;
      
      a DS processing unit ID;
      
      a user device ID;
      
      a DSN storage capacity indicator;
      
      a DSN status indicator;
      
      a DSN storage availability indicator; and
      
      authority contact information.
  - 11. The computer of claim 9, wherein the processor functions to output the registration request message by:
    - sending the registration request message to at least one of a local DSN registration authority, a global DSN registration authority, a CA, a security authority, a management authority, a naming authority, a billing authority, and a publishing authority.
  - 12. The computer of claim 9 wherein:
    - the local CSR further includes a local signature, wherein the local signature includes an encrypted hash of the local CSR utilizing a private key of the local public-private key pair; and
      
      the global CSR further includes a global signature, wherein the global signature includes an encrypted hash of the global CSR utilizing a private key of the global public-private key pair.

13. A computer comprises:
- an interface;
  
  a memory for storing computer executable instructions; and
  
  a processor configured to execute computer executable instruction to;
  
  receive, via the interface, a registration request from a valid requesting entity;
  
  determine whether the registration request includes requesting registration to a global dispersed storage network (DSN) that includes a plurality of DSNs; and
  
  in response to a registration request to the global DSN;
  
  determine whether the valid requesting entity has a local universally unique identifier (UUID) of a home DSN of the plurality of DSNs;
  
  when the valid requesting entity has the local UUID, generate a global UUID;
  
  when the valid requesting entity does not have the local UUID, generate the local UUID and the global UUID;
  
  send, via the interface, to the valid requesting entity, a registration response that includes the local UUID and the global UUID;
  
  receive, via the interface, a global certificate signing request (CSR) from the valid requesting entity;
  
  when the global CSR is valid, generate a global signed certificate;
  
  send, via the interface, the global signed certificate to the valid requesting entity, wherein the global signed certificate indicates that the valid requesting entity is authorized to access the global DSN;
  
  wherein when the valid requesting entity does not have the local UUID;
  
  receiving a local certificate signing request (CSR) from the valid requesting entity;
  
  when the local CSR is valid, generating a local signed certificate; and
  
  sending the local signed certificate to the valid requesting entity; and
  
  wherein the registration response further comprises;
  
  a global authorization code that is associated with the global UUID; and
  
  a local authorization code that is associated with the local UUID.
- View Dependent Claims (14, 15, 16)
- - 14. The computer of claim 13, wherein the processor further functions to generate the local UUID by:
    - when the valid requesting entity does not have the local UUID, facilitating initialization of billing information for the valid requesting entity.
  - 15. The computer of claim 13, wherein the processor further functions to:
    - validate the global CSR by at least one of;
      
      a favorable comparison of a received authorization code of the global CSR with a stored authorization code associated with the global UUID; and
      
      a favorable comparison of a hash of the global CSR with a decrypted signature of the global CSR utilizing a public key of the global CSR.
  - 16. The computer of claim 13 further comprises:
    - the global signed certificate including at least one of;
      
      the global CSR;
      
      a global certificate authority (CA) UUID;
      
      a CA signature; and
      
      a CA public key of a public-private key pair; and
      
      the processor functions to generate the CA signature by at least one of;
      
      hashing the global signed certificate;
      
      encrypting the global signed certificate utilizing a CA private key of the public-private key pair;
      
      hashing and encrypting the global signed certificate utilizing the CA private key of the public-private key pair; and
      
      retrieving, via the interface, the CA signature from another CA.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Resch, Jason K., Grube, Gary W., Markison, Timothy W.
Primary Examiner(s)
Holder, Bradley
Assistant Examiner(s)
Tolentino, Roderick

Application Number

US13/105,135
Publication Number

US 20110289566A1
Time in Patent Office

1,378 Days
Field of Search

726 2- 6
US Class Current

726/5
CPC Class Codes

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 11/2094   Redundant storage or storag...

G06F 2211/1028   Distributed, i.e. distribut...

H04L 67/1097   for distributed storage of ...

H04L 67/52   specially adapted for the l...

Entity registration in multiple dispersed storage networks

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

88 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Entity registration in multiple dispersed storage networks

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links