Verification of dispersed storage network access control information

US 9,086,994 B2
Filed: 10/11/2013
Issued: 07/21/2015
Est. Priority Date: 08/27/2009
Status: Active Grant

First Claim

Patent Images

1. A method for securely publishing an access control list, the method comprises:

generating, by a dispersed storage (DS) managing unit of a dispersed storage network (DSN), an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN, and wherein the authentic and time-stamped access control list includes a signature of the DS managing unit and a time-stamp value;

sending, by the DS managing unit, the authentic and time-stamped access control list to a publisher unit; and

sending, by the publisher unit, the authentic and time-stamped access control list to a plurality of DS units.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securely publishing an access control list begins with a DS managing unit generating an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN. The method continues with the DS managing unit sending the authentic and time-stamped access control list to a publisher unit. The method continues with the publishing unit sending the authentic and time-stamped access control list to a plurality of DS units.

19 Citations

View as Search Results

10 Claims

1. A method for securely publishing an access control list, the method comprises:
- generating, by a dispersed storage (DS) managing unit of a dispersed storage network (DSN), an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN, and wherein the authentic and time-stamped access control list includes a signature of the DS managing unit and a time-stamp value;
  
  sending, by the DS managing unit, the authentic and time-stamped access control list to a publisher unit; and
  
  sending, by the publisher unit, the authentic and time-stamped access control list to a plurality of DS units.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the generating the authentic and time-stamped access control list comprises:
    - generating the time-stamp value;
      
      combining the time-stamp value with the access control list to produce a time-stamped access control list;
      
      generating the signature based on the time-stamped access control list and a private key of the DS managing unit; and
      
      combining the signature with the time-stamped access control list to produce the authentic and time-stamped access control list.
  - 3. The method of claim 1 further comprises:
    - identifying, by the DS managing unit, the publisher unit based on the identity of the plurality of DS units, wherein the publisher unit is affiliated with the plurality of DS units.
  - 4. The method of claim 1 further comprises:
    - receiving, by one of the plurality of DS units, the authentic and time-stamped access control list;
      
      parsing, by the one of the plurality of DS units, the authentic and time-stamped access control list to produce a signature and a time-stamped access control list;
      
      validating, by the one of the plurality of DS units, the signature based on a public key of the DS managing unit;
      
      when the signature is validated, extracting, by the one of the plurality of DS units, a time-stamp value and the access control list from the time-stamped access control list; and
      
      storing, by the one of the plurality of DS units, the access control list.
  - 5. The method of claim 1, wherein the access control list comprises at least one of:
    - a list of users allowed to access the DSN;
      
      a list of user transactions allowed on the DSN;
      
      a list of users allowed to access one or more vaults of the DSN; and
      
      a list of user transactions allowed on the one or more vaults of the DSN.

6. A computer readable storage device comprises:
- a first storage section that stores first operational instructions, that when executed by a dispersed storage (DS) managing unit of a dispersed storage network (DSN) causes the DS managing unit to generate an authentic and time-stamped access control list from the access control list, wherein the access control list provides a list of authorized accesses to the DSN, and wherein the authentic and time-stamped access control list includes a signature of the DS managing unit and a time-stamp value;
  
  a second storage section that stores second operational instructions, that when executed by the DS managing unit, causes the DS managing unit to send the authentic and time-stamped access control list to a publisher unit; and
  
  a third storage section that stores third operational instructions, that when executed by the publishing unit, causes the publishing unit to send the authentic and time-stamped access control list to a plurality of DS units.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer readable storage device of claim 6, wherein the first operational instructions for generating the authentic and time-stamped access control list further include instructions for:
    - generating the time-stamp value;
      
      combining the time-stamp value with the access control list to produce a time-stamped access control list;
      
      generating the signature based on the time-stamped access control list and a private key of the DS managing unit; and
      
      combining the signature with the time-stamped access control list to produce the authentic and time-stamped access control list.
  - 8. The computer readable storage device of claim 6 further comprises:
    - a fourth storage section that stores fourth operational instructions, that when executed by the DS managing unit, causes the DS managing unit to identify the publisher unit based on the identity of the plurality of DS units, wherein the publisher unit is affiliated with the plurality of DS units.
  - 9. The computer readable storage device of claim 6 further comprises:
    - a fourth storage section that stores fourth operational instructions, that when executed by one of the plurality of DS units, causes the one of the plurality of DS units to;
      
      receive the authentic and time-stamped access control list;
      
      parse the authentic and time-stamped access control list to produce a signature and a time-stamped access control list;
      
      validate the signature based on a public key of the DS managing unit;
      
      when the signature is validated, extract a time-stamp value and the access control list from the time-stamped access control list; and
      
      store the access control list.
  - 10. The computer readable storage device of claim 6, wherein the access control list comprises at least one of:
    - a list of users allowed to access the DSN;
      
      a list of user transactions allowed on the DSN;
      
      a list of users allowed to access one or more vaults of the DSN; and
      
      a list of user transactions allowed on the one or more vaults of the DSN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Resch, Jason K.
Primary Examiner(s)
Tabor, Amare F

Application Number

US14/051,588
Publication Number

US 20140040624A1
Time in Patent Office

648 Days
Field of Search

713/178, 713/168, 713/176, 726/27, 726/30
US Class Current

1/1
CPC Class Codes

G06F 11/1004   to protect a block of data ...

G06F 11/1024   Identification of the type ...

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 12/1483   using an access-table, e.g....

G06F 13/00   Interconnection of, or tran...

G06F 15/16   Combinations of two or more...

G06F 16/00   Information retrieval; Data...

G06F 21/44   Program or device authentic...

H04L 63/0281   Proxies

H04L 63/0823   using certificates cryptogr...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

H04L 9/32   including means for verifyi...

H04L 9/3297   involving time stamps, e.g....

Verification of dispersed storage network access control information

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Verification of dispersed storage network access control information

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links