Storage and retrieval of dispersed storage network access information
First Claim
1. A method for execution by a computing device, the method comprises:
- receiving a certificate signing request (CSR) from a user device regarding a user, wherein the CSR includes user information regarding the user;
generating a set of hidden passwords based on the user information;
accessing a set of authenticating units to obtain a set of passkeys based on the set of hidden passwords and a set of random numbers;
retrieving a set of encrypted shares based on the user information from the set of authenticating units;
decrypting the set of encrypted shares based on the set of passkeys and the set of random numbers to produce a set of encoded shares;
decoding, in accordance with a share encoding function, the set of encoded shares to recapture a private key associated with the user;
generating a user signed certificate based on the private key;
discarding the private key to substantially protect the private key from the user device; and
outputting the user signed certificate to the user device.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module receiving a certificate signing request (CSR) from a user device. The method continues with the DS processing module generating a set of hidden passwords based on the CSR and accessing a set of authenticating units to obtain a set of passkeys. The method continues with the DS processing module retrieving a set of encrypted shares and decrypting the set of encrypted shares to produce a set of encoded shares. The method continues with the DS processing module decoding the set of encoded shares to recapture a private key and generating a user signed certificate based on the private key. The method continues with the DS processing module discarding the private key to substantially protect the private key from the user device and outputting the user signed certificate to the user device.
-
Citations
12 Claims
-
1. A method for execution by a computing device, the method comprises:
-
receiving a certificate signing request (CSR) from a user device regarding a user, wherein the CSR includes user information regarding the user; generating a set of hidden passwords based on the user information; accessing a set of authenticating units to obtain a set of passkeys based on the set of hidden passwords and a set of random numbers; retrieving a set of encrypted shares based on the user information from the set of authenticating units; decrypting the set of encrypted shares based on the set of passkeys and the set of random numbers to produce a set of encoded shares; decoding, in accordance with a share encoding function, the set of encoded shares to recapture a private key associated with the user; generating a user signed certificate based on the private key; discarding the private key to substantially protect the private key from the user device; and outputting the user signed certificate to the user device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An authentication token comprises:
-
memory; and a processing module, wherein the memory stores operational instructions that, when executed by the processing module, causes the processing module to; receive a certificate signing request (CSR) from a user device regarding a user, wherein the CSR includes user information regarding the user; generate a set of hidden passwords based on the user information; access a set of authenticating units to obtain a set of passkeys based on the set of hidden passwords and a set of random numbers; retrieve, from the memory, a set of encrypted shares based on the user information; decrypt the set of encrypted shares based on the set of passkeys and the set of random numbers to produce a set of encoded shares; decode, in accordance with a share encoding function, the set of encoded shares to recapture a private key associated with the user; generate a user signed certificate based on the private key; discard the private key to substantially protect the private key from the user device; and outputting the user signed certificate to the user device. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification