Facilitating access of a dispersed storage network
First Claim
1. A method for execution by a managing unit of a dispersed storage network (DSN), wherein the method comprises:
- generating a temporary public-private key pair for a device;
generating, for the device, a restricted use certificate that includes a temporary public key of the temporary public-private key pair and a restriction indicator for indicating one or more restrictions regarding the restricted use certificate;
generating a temporary password for the device;
encoding, in accordance with a distributed authentication protocol and using the temporary password, a temporary private key of the temporary public-private key pair to produce a set of encoded private key shares;
encoding, in accordance with the distributed authentication protocol and using the temporary password, the restricted use certificate to produce a set of encoded certificate shares;
outputting the set of encoded private key shares and the set of encoded certificate shares to a set of authentication units for storage therein; and
outputting the temporary password to the device such that, when the device retrieves the set of encoded private key shares and the set of encoded certificate shares from the set of authentication units based on the temporary password, the device is able to recapture the temporary private key and the restricted use certificate to obtain a signed certificate for accessing a dispersed storage network (DSN).
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module generating a temporary public-private key pair, a restricted use certificate, and a temporary password for a device. The method continues with the DS processing encoding a temporary private key to produce a set of encoded private key shares and encoding the restricted use certificate to produce a set of encoded certificate shares. The method continues with the DS processing module outputting the set of encoded private key shares and the set of encoded certificate shares to a set of authentication units. The method continues with the DS processing module outputting the temporary password to the device such that, when the device retrieves the set of encoded private key shares and the set of encoded certificate shares, the device is able to recapture the temporary private key and the restricted use certificate for accessing a dispersed storage network (DSN).
-
Citations
20 Claims
-
1. A method for execution by a managing unit of a dispersed storage network (DSN), wherein the method comprises:
-
generating a temporary public-private key pair for a device; generating, for the device, a restricted use certificate that includes a temporary public key of the temporary public-private key pair and a restriction indicator for indicating one or more restrictions regarding the restricted use certificate; generating a temporary password for the device; encoding, in accordance with a distributed authentication protocol and using the temporary password, a temporary private key of the temporary public-private key pair to produce a set of encoded private key shares; encoding, in accordance with the distributed authentication protocol and using the temporary password, the restricted use certificate to produce a set of encoded certificate shares; outputting the set of encoded private key shares and the set of encoded certificate shares to a set of authentication units for storage therein; and outputting the temporary password to the device such that, when the device retrieves the set of encoded private key shares and the set of encoded certificate shares from the set of authentication units based on the temporary password, the device is able to recapture the temporary private key and the restricted use certificate to obtain a signed certificate for accessing a dispersed storage network (DSN). - View Dependent Claims (2, 3, 4)
-
-
5. A method comprises:
-
obtaining a temporary password associated with a temporary public-private key pair; retrieving a set of encoded private key shares and a set of encoded certificate shares from a set of authentication units based on the temporary password, wherein a temporary private key of the temporary public-private key pair is encoded using a distributed authentication protocol and the temporary password to produce the set of encoded private key shares and a restricted use certificate is encoded using the distributed authentication protocol and the temporary password to produce the set of encoded certificate shares; decoding, based on the temporary password, the set of encoded certificate shares to recover the restricted use certificate; decoding, based on the temporary password, the set of encoded private key shares to recover the temporary private key; requesting authentication with a certificate authority based on the restricted use certificate and the temporary private key; when authenticated by the certificate authority, generating a public-private key pair based on the recovered temporary private key and the restricted use certificate; outputting a certificate signing request (CSR) to the certificate authority (CA), wherein the CSR includes a certificate, which in turn, includes a public key of the public-private key pair; and receiving, from the certificate authority, a CA signed certificate of the certificate. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A dispersed storage (DS) module comprises:
-
a first module, when operable within a computing device, causes the computing device to; generate a temporary public-private key pair for a device; generate, for the device, a restricted use certificate that includes a temporary public key of the temporary public-private key pair and a restriction indicator for indicating one or more restrictions regarding the restricted use certificate; and generate a temporary password for the device; a second module, when operable within the computing device, causes the computing device to; encode, in accordance with a distributed authentication protocol and using the temporary password, a temporary private key of the temporary public-private key pair to produce a set of encoded private key shares; a third module, when operable within the computing device, causes the computing device to; encode, in accordance with the distributed authentication protocol and using the temporary password, the restricted use certificate to produce a set of encoded certificate shares; and a fourth module, when operable within the computing device, causes the computing device to; output the set of encoded private key shares and the set of encoded certificate shares to a set of authentication units for storage therein; and output the temporary password to the device such that, when the device retrieves the set of encoded private key shares and the set of encoded certificate shares from the set of authentication units based on the temporary password, the device is able to recapture the temporary private key and the restricted use certificate to obtain a signed certificate for accessing a dispersed storage network (DSN). - View Dependent Claims (12, 13, 14)
-
-
15. A dispersed storage (DS) module comprises:
-
a first module, when operable within a computing device, causes the computing device to; obtain a temporary password associated with a temporary public-private key pair; retrieve a set of encoded private key shares and a set of encoded certificate shares from a set of authentication units based on the temporary password, wherein a temporary private key of the temporary public-private key pair is encoded using a distributed authentication protocol and the temporary password to produce the set of encoded private key shares and a restricted use certificate is encoded using the distributed authentication protocol and the temporary password to produce the set of encoded certificate shares; a second module, when operable within the computing device, causes the computing device to; decode, based on the temporary password, the set of encoded certificate shares to recover the restricted use certificate; decode, based on the temporary password, the set of encoded private key shares to recover the temporary private key; request authentication with a certificate authority based on the restricted use certificate and the temporary private key; and a third module, when operable within the computing device, causes the computing device to; when authenticated by the certificate authority, generate a public-private key pair based on the recovered temporary private key and the restricted use certificate; output a certificate signing request (CSR) to the certificate authority (CA), wherein the CSR includes a certificate, which in turn, includes a public key of the public-private key pair; and receive, from the certificate authority, a CA signed certificate of the certificate. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification