Highly secure method for accessing a dispersed storage network
First Claim
1. A highly secure method for accessing a distributed storage network (DSN), the method comprises:
- sending, by a requesting entity, a certificate signing request to a certificate authority, wherein the certificate signing request includes one or more of a requesting entity identifier (ID), a public key of a public-private key pair associated with the requesting entity, a password, a shared secret, a signature generated by the requesting entity, and authorization information;
generating, by the certificate authority, a signature over the certificate signing request to produce a signed certificate utilizing a private key of a public-private key pair of the certificate authority, wherein the certificate authority sends the signed certificate to the requesting entity;
sending, by a requesting entity, a DSN access request to a request verification entity, which is located within first distributed storage (DS) unit at a first physical location that is separately located from a location of the requesting entity within the DSN, wherein the DSN access request includes the signed certificate, which indicates that the requesting entity is an authorized affiliate of the DSN, and DSN accessing information regarding how the requesting entity would like to access one or more of devices, units, and modules of the DSN regarding one or more types of requests;
sending, by the request verification entity, a signed DSN access request to the requesting entity when the request verification entity signs the DSN access request after verifying the signed certificate and the DSN accessing information, wherein the signed DSN access request includes a signature of the request verification entity, the signed certificate, and the DSN accessing information;
sending, by the requesting entity, the signed DSN access request to a DSN accessing entity that is located within second DS unit at a second physical location that is separately located from the first physical location and also from the location of the requesting entity; and
sending, by the DSN accessing entity, an authorized DSN access request to the DSN via a network connection when the DSN accessing entity verifies the signature of the request verification entity, wherein the authorized DSN access request includes, at a minimum, the DSN accessing information; and
wherein the DSN accessing information includes data access timing information.
4 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a requesting entity sending a distributed storage network (DSN) access request to a request verification entity, wherein the DSN access request includes a signed certificate and DSN accessing information. The method continues by a request verification entity sending a signed DSN access request to the requesting entity when the request verification entity signs the DSN access request after verifying the signed certificate and the DSN accessing information. The method continues by the requesting entity sending the signed DSN access request to a DSN accessing entity. The method continues by the DSN accessing entity sending an authorized DSN access request to the DSN via a network connection when the DSN accessing entity verifies a signature of the request verification entity, wherein the authorized DSN access request includes, at a minimum, the DSN accessing information.
-
Citations
12 Claims
-
1. A highly secure method for accessing a distributed storage network (DSN), the method comprises:
-
sending, by a requesting entity, a certificate signing request to a certificate authority, wherein the certificate signing request includes one or more of a requesting entity identifier (ID), a public key of a public-private key pair associated with the requesting entity, a password, a shared secret, a signature generated by the requesting entity, and authorization information; generating, by the certificate authority, a signature over the certificate signing request to produce a signed certificate utilizing a private key of a public-private key pair of the certificate authority, wherein the certificate authority sends the signed certificate to the requesting entity; sending, by a requesting entity, a DSN access request to a request verification entity, which is located within first distributed storage (DS) unit at a first physical location that is separately located from a location of the requesting entity within the DSN, wherein the DSN access request includes the signed certificate, which indicates that the requesting entity is an authorized affiliate of the DSN, and DSN accessing information regarding how the requesting entity would like to access one or more of devices, units, and modules of the DSN regarding one or more types of requests; sending, by the request verification entity, a signed DSN access request to the requesting entity when the request verification entity signs the DSN access request after verifying the signed certificate and the DSN accessing information, wherein the signed DSN access request includes a signature of the request verification entity, the signed certificate, and the DSN accessing information; sending, by the requesting entity, the signed DSN access request to a DSN accessing entity that is located within second DS unit at a second physical location that is separately located from the first physical location and also from the location of the requesting entity; and sending, by the DSN accessing entity, an authorized DSN access request to the DSN via a network connection when the DSN accessing entity verifies the signature of the request verification entity, wherein the authorized DSN access request includes, at a minimum, the DSN accessing information; and wherein the DSN accessing information includes data access timing information. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A security system for a distributed storage network (DSN), the security system comprises:
-
a requesting entity; a request verification entity that is located within first distributed storage (DS) unit at a first physical location that is separately located from a location of the requesting entity within the DSN; and a DSN accessing entity that is located within second DS unit at a second physical location that is separately located from the first physical location and also from the location of the requesting entity, wherein; sending, by the requesting entity, a certificate signing request to a certificate authority, wherein the certificate signing request includes one or more of a requesting entity identifier (ID), a public key of a public-private key pair associated with the requesting entity, a password, a shared secret, a signature generated by the requesting entity, and authorization information; generating, by the certificate authority, a signature over the certificate signing request to produce a signed certificate utilizing a private key of a public-private key pair of the certificate authority, wherein the certificate authority sends the signed certificate to the requesting entity; the requesting entity is operable to send a DSN access request to the request verification entity, wherein the DSN access request includes the signed certificate, which indicates that the requesting entity is an authorized affiliate of the DSN, and DSN accessing information regarding how the requesting entity would like to access one or more of devices, units, and modules of the DSN regarding one or more types of requests; the request verification entity is operable to send a signed DSN access request to the requesting entity when the request verification entity signs the DSN access request after verifying the signed certificate and the DSN accessing information, wherein the signed DSN access request includes a signature of the request verification entity, the signed certificate, and the DSN accessing information; the requesting entity is operable to send the signed DSN access request to the DSN accessing entity; and
the DSN accessing entity is operable to send an authorized DSN access request to the DSN via a network connection when the DSN accessing entity verifies the signature of the request verification entity, wherein the authorized DSN access request includes, at a minimum, the DSN accessing information; andwherein the DSN accessing information includes data access timing information. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification