Verifying data security in a dispersed storage network
First Claim
1. A method comprising:
- encoding a data segment of data in accordance with a dispersed storage error encoding function to produce a plurality of data slices;
for each data slice of the plurality of data slices, calculating, using a hash function, an integrity indicator to a plurality of integrity indicators, wherein the integrity indicator is representative of an original, error-free, version of a corresponding data slice of the plurality of data slices;
performing a function on the plurality of integrity indicators to produce an integrity record, wherein the integrity record is representative of an original, error-free, version of the plurality of data slices;
creating a plurality of copies of the integrity record;
for each of the plurality of data slices, appending one of the plurality of copies of the integrity record to a corresponding one of the plurality of data slices to produce a plurality of modified data slices, wherein a modified data slice of the plurality of modified data slices includes the corresponding data slice, the integrity indicator that represents the original, error-free, version of the corresponding data slice, and the integrity record that represents the original, error-free, version of the plurality of data slices; and
transmitting the plurality of modified data slices to slice storage units for storage therein.
5 Assignments
0 Petitions
Accused Products
Abstract
An integrity record is appended to data slices prior to being sent to multiple slice storage units. Each of the data slices includes a different encoded version of the same data segment. An integrity indicator of each data slice is computed, and the integrity record is generated based on each of the individual integrity indicators, and may be, for example, list or a hash of the combined integrity indicators. When retrieving data slices from storage, the integrity record can be stripped off, a new integrity indicator of the data slice calculated, and a new integrity record created. The new integrity record can be compared to the original integrity record, and used to verify the integrity of the data slices.
-
Citations
8 Claims
-
1. A method comprising:
-
encoding a data segment of data in accordance with a dispersed storage error encoding function to produce a plurality of data slices; for each data slice of the plurality of data slices, calculating, using a hash function, an integrity indicator to a plurality of integrity indicators, wherein the integrity indicator is representative of an original, error-free, version of a corresponding data slice of the plurality of data slices; performing a function on the plurality of integrity indicators to produce an integrity record, wherein the integrity record is representative of an original, error-free, version of the plurality of data slices; creating a plurality of copies of the integrity record; for each of the plurality of data slices, appending one of the plurality of copies of the integrity record to a corresponding one of the plurality of data slices to produce a plurality of modified data slices, wherein a modified data slice of the plurality of modified data slices includes the corresponding data slice, the integrity indicator that represents the original, error-free, version of the corresponding data slice, and the integrity record that represents the original, error-free, version of the plurality of data slices; and transmitting the plurality of modified data slices to slice storage units for storage therein. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus comprising:
-
a processor operable to; encode a data segment of data in accordance with a dispersed storage error encoding function to produce a plurality of data slices; for each data slice of the plurality of data slices, calculate, using a hash function, an integrity indicator to a plurality of integrity indicators, wherein the integrity indicator is representative of an original, error-free, version of a corresponding data slice of the plurality of data slices; perform a function on the plurality of integrity indicators to produce an integrity record, wherein the integrity record is representative of an original, error-free, version of the plurality of data slices; create a plurality of copies of the integrity record; for each of the plurality of data slices, append one of the plurality of copies of the integrity record to a corresponding one of the plurality of data slices to produce a plurality of modified data slices, wherein a modified data slice of the plurality of modified data slices includes the corresponding data slice, the integrity indicator that represents the original, error-free, version of the corresponding data slice, and the integrity record that represents the original, error-free, version of the plurality of data slices; and a communications interface operable to transmit the plurality of modified data slices to slice storage units for storage therein. - View Dependent Claims (6, 7, 8)
-
Specification