Obtaining a signed certificate for a dispersed storage network

US 9,104,541 B2
Filed: 07/08/2014
Issued: 08/11/2015
Est. Priority Date: 10/04/2011
Status: Active Grant

First Claim

Patent Images

1. A method for execution by a computing device of a dispersed storage network (DSN), the method comprises:

sending certificate information to a storage unit of the DSN, wherein the certificate information includes information regarding a user device;

receiving, from the storage unit, a certificate signing request that at least partially include the certificate information;

after validation, sending the certificate signing request to a certificate authority device of the DSN;

receiving, from the certificate authority device, a signed certificate; and

after validation, sending the signed certificate to the storage unit such that the storage unit can certify access requests from the user device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a dispersed storage (DS) processing module generating a certificate signing request (CSR) that includes a certificate and a certificate extension, wherein the certificate includes information regarding a requesting device and wherein the certificate extension includes information regarding an accessible dispersed storage network (DSN) address range for the requesting device. The method continues with the DS processing module outputting the CSR to a certificate authority of a DSN and receiving a signed certificate from the certificate authority, wherein the signed certificate includes a certification signature of the certificate authority authenticating the certificate and the certificate extension. The method continues with the DS processing module storing the signed certificate for use when generating a DSN access request, wherein the DSN access request is requesting access to dispersed storage error encoded data in the DSN at an address within the accessible DSN address range.

11 Citations

View as Search Results

14 Claims

1. A method for execution by a computing device of a dispersed storage network (DSN), the method comprises:
- sending certificate information to a storage unit of the DSN, wherein the certificate information includes information regarding a user device;
  
  receiving, from the storage unit, a certificate signing request that at least partially include the certificate information;
  
  after validation, sending the certificate signing request to a certificate authority device of the DSN;
  
  receiving, from the certificate authority device, a signed certificate; and
  
  after validation, sending the signed certificate to the storage unit such that the storage unit can certify access requests from the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the certificate information comprises one or more pieces of information from a list of pieces of information that includes:
    - a universally unique identifier;
      
      a DSN identifier; and
      
      a device type.
  - 3. The method of claim 1, wherein the certificate information comprises:
    - information regarding each of a plurality of user devices, wherein the plurality of user devices includes the user device, and wherein each of the plurality of user devices have a common logical storage vault identifier.
  - 4. The method of claim 1, wherein validating the certificate signing request comprises:
    - comparing the certificate information of the certificate signing request to the certificate information sent to the storage unit; and
      
      when the certificate information of the certificate signing request compares favorably to the certificate information sent to the storage unit, validating the certificate signing request.
  - 5. The method of claim 1 further comprises:
    - the signed certificate includes a signature of the certificate authority device and at least a portion of the certificate signing request; and
      
      wherein validating the signed certificate includes;
      
      comparing the certificate signing request of the signed certificate to the certificate signing request sent to the certificate authority device; and
      
      when the certificate signing request of the signed certificate compares favorably to the certificate signing request sent to the certificate authority device, validating the signed certificate.
  - 6. The method of claim 1, wherein the signed certificate comprises:
    - a certificate bundle field;
      
      a certificate signature algorithm field; and
      
      a certificate signature field.
  - 7. The method of claim 6, wherein the certificate bundle field comprises:
    - a certificate; and
      
      one or more certificate extensions from a list of certificate extensions.

8. A dispersed storage (DS) module comprises:
- a first module, when operable within a computing device, causes the computing device to;
  
  send certificate information to a storage unit of a dispersed storage network (DSN), wherein the certificate information includes information regarding a user device;
  
  a second module, when operable within the computing device, causes the computing device to;
  
  receive, from the storage unit, a certificate signing request that at least partially include the certificate information;
  
  a third module, when operable within the computing device, causes the computing device to;
  
  after validation, send the certificate signing request to a certificate authority device of the DSN;
  
  the second module, when operable within the computing device, further causes the computing device to;
  
  receive, from the certificate authority device, a signed certificate; and
  
  the third module, when operable within the computing device, further causes the computing device to;
  
  after validation, send the signed certificate to the storage unit such that the storage unit can certify access requests from the user device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The DS module of claim 8, wherein the certificate information comprises one or more pieces of information from a list of pieces of information that includes:
    - a universally unique identifier;
      
      a DSN identifier; and
      
      a device type.
  - 10. The DS module of claim 8, wherein the certificate information comprises:
    - information regarding each of a plurality of user devices, wherein the plurality of user devices includes the user device, and wherein each of the plurality of user devices have a common logical storage vault identifier.
  - 11. The DS module of claim 8, wherein the third module, when operable within the computing device, further causes the computing device to validate the certificate signing request by:
    - comparing the certificate information of the certificate signing request to the certificate information sent to the storage unit; and
      
      when the certificate information of the certificate signing request compares favorably to the certificate information sent to the storage unit, validating the certificate signing request.
  - 12. The DS module of claim 8 further comprises:
    - the signed certificate includes a signature of the certificate authority device and at least a portion of the certificate signing request; and
      
      wherein the third module, when operable within the computing device, further causes the computing device to validating the signed certificate includes;
      
      comparing the certificate signing request of the signed certificate to the certificate signing request sent to the certificate authority device; and
      
      when the certificate signing request of the signed certificate compares favorably to the certificate signing request sent to the certificate authority device, validating the signed certificate.
  - 13. The DS module of claim 8, wherein the signed certificate comprises:
    - a certificate bundle field;
      
      a certificate signature algorithm field; and
      
      a certificate signature field.
  - 14. The DS module of claim 13, wherein the certificate bundle field comprises:
    - a certificate; and
      
      one or more certificate extensions from a list of certificate extensions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Resch, Jason K., Leggette, Wesley, Baptist, Andrew
Primary Examiner(s)
Gergiso, Techane

Application Number

US14/325,604
Publication Number

US 20140325208A1
Time in Patent Office

399 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 11/1076   Parity data used in redunda...

G06F 11/1446   Point-in-time backing up or...

G06F 15/17331   Distributed shared memory [...

G06F 21/33   using certificates

G06F 2211/1028   Distributed, i.e. distribut...

G06F 3/06   Digital input from, or digi...

G06F 3/0604   Improving or facilitating a...

G06F 3/067   Distributed or networked st...

H04L 2209/04   Masking or blinding

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 63/0823   using certificates cryptogr...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0863   involving passwords or one-...

H04L 9/0869   involving random numbers or...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

Obtaining a signed certificate for a dispersed storage network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Obtaining a signed certificate for a dispersed storage network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links