Systems and methods for managing data generation, storage, and verification in a distributed system having a committee of validator nodes
US-11907174-B2 · Feb 20, 2024 · US
Processing a dispersed storage network access request utilizing certificate chain validation information
US9686268B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9686268-B2 |
| Application number | US-201414148118-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 6, 2014 |
| Priority date | Nov 3, 2011 |
| Publication date | Jun 20, 2017 |
| Grant date | Jun 20, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method begins by a processing module receiving a dispersed storage network (DSN) access request that includes a requester identifier (ID), wherein the requester ID is associated with a certificate chain. When the certificate chain is valid, the method continues with the processing module accessing registry information for the DSN. The method continues with the processing module identifying one of a plurality of access control lists based on at least one of information associated with the requester ID and information associated with the certificate chain, identifying one or more entries of the one of the plurality of access control lists based on the information associated with the certificate chain to produce one or more identified entries, and generating, for the DSN access request, permissions from one or more sets of permissions associated with the one or more identified entries.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for execution in a dispersed storage network (DSN), the method comprises: for a realm of a plurality of realms of the DSN, wherein the realm has a group of DSN devices affiliated therewith, has a set of certificate authorities affiliated therewith, and has a unique realm identifier and wherein at least one certificate authority of the set of certificate authorities is a root certificate authority for the realm: sending, by a dispersed storage managing unit certificate authority of the DSN, registry information to a storage unit of the DSN, wherein the registry information includes at least one of a network certificate and vault information; sending, by the dispersed storage managing unit certificate authority, a certificate signing request of the storage unit to a certificate authority of the set of certificate authorities; when the certificate authority is the root certificate authority, generating, by the root certificate authority, a root certificate in response to the certificate signing request, wherein the root certificate includes a signature of the root certificate authority; when the certificate authority is an intermediate certificate authority for the realm, generating, by the intermediate certificate authority, an intermediate certificate in response to the certificate signing request, wherein the intermediate certificate includes the root certificate and a signature based on the signature of the root certificate authority or signature of another certificate authority of the set of certificate authorities; generating, by the dispersed storage managing unit certificate authority, a certificate chain from the root certificate or the intermediate certificate; and sending, by the dispersed storage managing unit certificate authority, the certificate chain to the storage unit. 2. The method of claim 1 further comprises: when the certificate authority is a second intermediate certificate authority for the realm, generating, by the second intermediate certificate authority, a second intermediate certificate in response to the certificate signing request, wherein the second intermediate certificate includes the intermediate certificate and the root certificate; and generating, by the dispersed storage managing unit certificate authority, the certificate chain from the root certificate, the intermediate certificate, or the second intermediate certificate. 3. The method of claim 1 further comprises: sending, by the dispersed storage managing unit certificate authority, a second certificate signing request of the storage unit to a second certificate authority of the set of certificate authorities, wherein the second certificate authority is associated with a second realm; when the second certificate authority is a second root certificate authority, generating, by the second root certificate authority, a second root certificate in response to the second certificate signing request; when the second certificate authority is a second intermediate certificate authority, generating, by the second intermediate certificate authority, a second intermediate certificate in response to the second certificate signing request, wherein the second intermediate certificate includes the second root certificate; and generating, by the dispersed storage managing unit certificate authority, a second certificate chain from the second root certificate or the second intermediate certificate. 4. The method of claim 1 further comprises: updating the certificate chain when a new certificate authority is added to the set of certificate authorities by: when the new certificate authority is a new root certificate authority, generating, by the new root certificate authority, a new root certificate in response to the certificate signing request; when the new certificate authority is a new intermediate certificate authority for the realm, generating, by the new intermediate certificate authority, a new intermediate certificate in response to the certificate signing request, wherein the new intermediate certificate includes the new root certificate or the root certificate; and generating, by the dispersed storage managing unit certificate authority, an updated certificate chain from the new intermediate certificate. 5. The method of claim 4 further comprises: updating the certificate chain when the new certificate authority is replacing a phased-out certificate authority of the set of certificate authorities. 6. The method of claim 1 further comprises: providing, by the dispersed storage managing unit certificate authority, the certificate chain to a DSN device of the group of DSN devices for at least one of trusted access to the realm and trusted communication within the realm. 7. The method of claim 1 further comprises: receiving, by the dispersed storage managing unit certificate authority, a DSN access request from a DSN device of the group of DSN devices to access the realm, wherein the DSN access request includes a version of the certificate chain; determining, by the dispersed storage managing unit certificate authority, whether the version of the certificate chain is valid; and when the version of the certificate chain is valid, processing, by the dispersed storage managing unit certificate authority, the DSN access request. 8. A non-transitory computer readable storage medium comprises: for a realm of a plurality of realms of a dispersed storage network (DSN), wherein the realm has a group of DSN devices affiliated therewith, has a set of certificate authorities affiliated therewith, and has a unique realm identifier and wherein at least one certificate authority of the set of certificate authorities is a root certificate authority for the realm: a first memory section that stores operational instructions that, when executed by a dispersed storage managing unit certificate authority, causes the dispersed storage managing unit certificate authority to: send registry information to a storage unit of the DSN, wherein the registry information includes at least one of a network certificate and vault information; send a certificate signing request to Sa certificate authority of the set of certificate authorities; a second memory section that stores operational instructions that, when executed by the certificate authority, causes the certificate authority to: when the certificate authority is the root certificate authority, generate a root certificate in response to the certificate signing request, wherein the root certificate includes a signature of the root certificate authority; and when the certificate authority is an intermediate certificate authority for the realm, generate an intermediate certificate in response to the certificate signing request, wherein the intermediate certificate includes the root certificate and a signature based on the signature of the root certificate authority or signature of another certificate authority of the set of certificate authorities; and the first memory section further stores operation instructions that, when executed by the dispersed storage managing unit certificate authority, causes the dispersed storage managing unit certificate authority to: generate a certificate chain from the root certificate or the intermediate certificate; and send the certificate chain to the storage unit. 9. The non-transitory computer readable storage medium of claim 8 further comprises: the second memory section further stores operational instructions that, when executed by the certificate authority, causes the certificate authority to: when the certificate authority is a second intermediate certificate authority for the realm, generate a second intermediate cert
Assignees
Inventors
Classifications
- H04L9/3265Primary
using certificate chains, trees or paths; Hierarchical trust model · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9686268B2 cover?
- A method begins by a processing module receiving a dispersed storage network (DSN) access request that includes a requester identifier (ID), wherein the requester ID is associated with a certificate chain. When the certificate chain is valid, the method continues with the processing module accessing registry information for the DSN. The method continues with the processing module identifying on…
- Who is the assignee on this patent?
- Cleversafe Inc, IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3265. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 20 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).