Highly secure method for accessing a dispersed storage network

US 9,304,843 B2
Filed: 09/12/2012
Issued: 04/05/2016
Est. Priority Date: 11/01/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A highly secure method for accessing a distributed storage network (DSN), the method comprises:

sending, by a requesting entity, a certificate signing request to a certificate authority, wherein the certificate signing request includes one or more of a requesting entity identifier (ID), a public key of a public-private key pair associated with the requesting entity, a password, a shared secret, a signature generated by the requesting entity, and authorization information;

generating, by the certificate authority, a signature over the certificate signing request to produce a signed certificate utilizing a private key of a public-private key pair of the certificate authority, wherein the certificate authority sends the signed certificate to the requesting entity;

sending, by a requesting entity, a DSN access request to a request verification entity, which is located within first distributed storage (DS) unit at a first physical location that is separately located from a location of the requesting entity within the DSN, wherein the DSN access request includes the signed certificate, which indicates that the requesting entity is an authorized affiliate of the DSN, and DSN accessing information regarding how the requesting entity would like to access one or more of devices, units, and modules of the DSN regarding one or more types of requests;

sending, by the request verification entity, a signed DSN access request to the requesting entity when the request verification entity signs the DSN access request after verifying the signed certificate and the DSN accessing information, wherein the signed DSN access request includes a signature of the request verification entity, the signed certificate, and the DSN accessing information;

sending, by the requesting entity, the signed DSN access request to a DSN accessing entity that is located within second DS unit at a second physical location that is separately located from the first physical location and also from the location of the requesting entity; and

sending, by the DSN accessing entity, an authorized DSN access request to the DSN via a network connection when the DSN accessing entity verifies the signature of the request verification entity, wherein the authorized DSN access request includes, at a minimum, the DSN accessing information; and

wherein the DSN accessing information includes data access timing information.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method begins by a requesting entity sending a distributed storage network (DSN) access request to a request verification entity, wherein the DSN access request includes a signed certificate and DSN accessing information. The method continues by a request verification entity sending a signed DSN access request to the requesting entity when the request verification entity signs the DSN access request after verifying the signed certificate and the DSN accessing information. The method continues by the requesting entity sending the signed DSN access request to a DSN accessing entity. The method continues by the DSN accessing entity sending an authorized DSN access request to the DSN via a network connection when the DSN accessing entity verifies a signature of the request verification entity, wherein the authorized DSN access request includes, at a minimum, the DSN accessing information.

Citations

12 Claims

1. A highly secure method for accessing a distributed storage network (DSN), the method comprises:
- sending, by a requesting entity, a certificate signing request to a certificate authority, wherein the certificate signing request includes one or more of a requesting entity identifier (ID), a public key of a public-private key pair associated with the requesting entity, a password, a shared secret, a signature generated by the requesting entity, and authorization information;
  
  generating, by the certificate authority, a signature over the certificate signing request to produce a signed certificate utilizing a private key of a public-private key pair of the certificate authority, wherein the certificate authority sends the signed certificate to the requesting entity;
  
  sending, by a requesting entity, a DSN access request to a request verification entity, which is located within first distributed storage (DS) unit at a first physical location that is separately located from a location of the requesting entity within the DSN, wherein the DSN access request includes the signed certificate, which indicates that the requesting entity is an authorized affiliate of the DSN, and DSN accessing information regarding how the requesting entity would like to access one or more of devices, units, and modules of the DSN regarding one or more types of requests;
  
  sending, by the request verification entity, a signed DSN access request to the requesting entity when the request verification entity signs the DSN access request after verifying the signed certificate and the DSN accessing information, wherein the signed DSN access request includes a signature of the request verification entity, the signed certificate, and the DSN accessing information;
  
  sending, by the requesting entity, the signed DSN access request to a DSN accessing entity that is located within second DS unit at a second physical location that is separately located from the first physical location and also from the location of the requesting entity; and
  
  sending, by the DSN accessing entity, an authorized DSN access request to the DSN via a network connection when the DSN accessing entity verifies the signature of the request verification entity, wherein the authorized DSN access request includes, at a minimum, the DSN accessing information; and
  
  wherein the DSN accessing information includes data access timing information.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the DSN accessing information comprises:
    - addressing information of the requesting entity;
      
      addressing information of the DSN accessing entity; and
      
      data addressing information.
  - 3. The method of claim 1 further comprises:
    - verifying, by the request verification entity, the signed certificate by verifying identity of a certificate authority that generated the signed certificate; and
      
      verifying, by the request verification entity, the DSN accessing information by verifying one or more of;
      
      addressing information of the requesting entity;
      
      addressing information of the DSN accessing entity;
      
      data addressing information; and
      
      data access timing information.
  - 4. The method of claim 1 further comprises:
    - the request verification entity signing the DSN access request by generating the signature based on a private key of a public/private key pairing of the request verification entity.
  - 5. The method of claim 1 further comprises:
    - the DSN accessing entity verifying the signature of the request verification entity based on a public key of a public/private key pairing of the request verification entity.
  - 6. The method of claim 1 further comprises:
    - the DSN accessing entity verifying at least one of the signed certificate and the DSN accessing information.

7. A security system for a distributed storage network (DSN), the security system comprises:
- a requesting entity;
  
  a request verification entity that is located within first distributed storage (DS) unit at a first physical location that is separately located from a location of the requesting entity within the DSN; and
  
  a DSN accessing entity that is located within second DS unit at a second physical location that is separately located from the first physical location and also from the location of the requesting entity, wherein;
  
  sending, by the requesting entity, a certificate signing request to a certificate authority, wherein the certificate signing request includes one or more of a requesting entity identifier (ID), a public key of a public-private key pair associated with the requesting entity, a password, a shared secret, a signature generated by the requesting entity, and authorization information;
  
  generating, by the certificate authority, a signature over the certificate signing request to produce a signed certificate utilizing a private key of a public-private key pair of the certificate authority, wherein the certificate authority sends the signed certificate to the requesting entity;
  
  the requesting entity is operable to send a DSN access request to the request verification entity, wherein the DSN access request includes the signed certificate, which indicates that the requesting entity is an authorized affiliate of the DSN, and DSN accessing information regarding how the requesting entity would like to access one or more of devices, units, and modules of the DSN regarding one or more types of requests;
  
  the request verification entity is operable to send a signed DSN access request to the requesting entity when the request verification entity signs the DSN access request after verifying the signed certificate and the DSN accessing information, wherein the signed DSN access request includes a signature of the request verification entity, the signed certificate, and the DSN accessing information;
  
  the requesting entity is operable to send the signed DSN access request to the DSN accessing entity; and
  
  the DSN accessing entity is operable to send an authorized DSN access request to the DSN via a network connection when the DSN accessing entity verifies the signature of the request verification entity, wherein the authorized DSN access request includes, at a minimum, the DSN accessing information; and
  
  wherein the DSN accessing information includes data access timing information.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The security system of claim 7, wherein the DSN accessing information comprises:
    - addressing information of the requesting entity;
      
      addressing information of the DSN accessing entity; and
      
      data addressing information.
  - 9. The security system of claim 7 further comprises:
    - the request verification entity is operable to verify the signed certificate by verifying identity of a certificate authority that generated the signed certificate;
      
      andthe request verification entity is operable to verify the DSN accessing information by verifying one or more of;
      
      addressing information of the requesting entity;
      
      addressing information of the DSN accessing entity;
      
      data addressing information; and
      
      data access timing information.
  - 10. The security system of claim 7 further comprises:
    - the request verification entity is operable to sign the DSN access request by generating the signature based on a private key of a public/private key pairing of the request verification entity.
  - 11. The security system of claim 7 further comprises:
    - the DSN accessing entity is operable to verify the signature of the request verification entity based on a public key of a public/private key pairing of the request verification entity.
  - 12. The security system of claim 7 further comprises:
    - the DSN accessing entity is operable to verify at least one of the signed certificate and the DSN accessing information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Cleversafe Incorporated (International Business Machines Corporation)
Inventors
Resch, Jason K., Leggette, Wesley, Grube, Gary W.
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
Gracia, Gary

Application Number

US13/611,622
Publication Number

US 20130111609A1
Time in Patent Office

1,301 Days
Field of Search

726/29
US Class Current

1/1
CPC Class Codes

G06F 11/073   in a memory management cont...

G06F 11/1076   Parity data used in redunda...

G06F 21/62   Protecting access to data v...

G06F 2211/1028   Distributed, i.e. distribut...

H04L 1/0057   Block codes H04L1/0061, H04...

H04L 1/0061   Error detection codes

H04L 1/0072   Error control for data othe...

H04L 1/0083   Formatting with frames or p...

H04L 67/1097   for distributed storage of ...

Highly secure method for accessing a dispersed storage network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Highly secure method for accessing a dispersed storage network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links