VERIFYING DATA SECURITY IN A DISPERSED STORAGE NETWORK
First Claim
1. A method comprising:
- receiving a plurality of data slices, each of the plurality of data slices including a different encoded version of a data segment encoded to prevent reconstruction of the data segment using a single one of the plurality of data slices, and to permit reconstruction of the data segment using at least a threshold number of the plurality of data slices;
calculating first integrity indicators of each of the plurality of data slices;
generating an integrity record based on the first integrity indicators;
appending the integrity record to each of the plurality of data slices to generate modified data slices; and
transmitting the modified data slices to a plurality of slice storage units.
5 Assignments
0 Petitions
Accused Products
Abstract
An integrity record is appended to data slices prior to being sent to multiple slice storage units. Each of the data slices includes a different encoded version of the same data segment. An integrity indicator of each data slice is computed, and the integrity record is generated based on each of the individual integrity indicators, and may be, for example, list or a hash of the combined integrity indicators. When retrieving data slices from storage, the integrity record can be stripped off, a new integrity indicator of the data slice calculated, and a new integrity record created. The new integrity record can be compared to the original integrity record, and used to verify the integrity of the data slices.
169 Citations
22 Claims
-
1. A method comprising:
-
receiving a plurality of data slices, each of the plurality of data slices including a different encoded version of a data segment encoded to prevent reconstruction of the data segment using a single one of the plurality of data slices, and to permit reconstruction of the data segment using at least a threshold number of the plurality of data slices; calculating first integrity indicators of each of the plurality of data slices; generating an integrity record based on the first integrity indicators; appending the integrity record to each of the plurality of data slices to generate modified data slices; and transmitting the modified data slices to a plurality of slice storage units. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
receiving a plurality of data slices from a plurality of storage devices, each of the plurality of data slices including an encoded data slice and a first integrity record; each encoded data slice including a data segment encoded to prevent reconstruction of the data segment using a single data slice, and to permit reconstruction of the data segment using at least a threshold number of data slices; each first integrity record including information derived from integrity indicators of multiple different encoded data slices; separating the first integrity record from the encoded data slice included in each of the plurality of data slices; calculating a plurality of new integrity indicators, the plurality of new integrity indicators including a new integrity indicator of each encoded data slice; generating a new integrity record based on the plurality of new integrity indicators; determining that the new integrity record compares favorably with the first integrity record of at least a threshold number of the plurality of data slices; and in response to the determining, transmitting the at least a threshold number of the plurality of encoded data slices to a decoder. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A distributed storage processing unit comprising:
-
a communications interface to receive a plurality of data slices from a plurality of storage devices, each of the plurality of data slices including an encoded data slice and a first integrity record; each encoded data slice including a data segment encoded to prevent reconstruction of the data segment using a single data slice, and to permit reconstruction of the data segment using at least a threshold number of data slices; each first integrity record including information derived from hash values of multiple different encoded data slices; a processor to; separate the first integrity record from the encoded data slice included in each of the plurality of data slices; calculate a plurality of new hash values, the plurality of new hash values including a new hash value of each encoded data slice; generate a new integrity record based on the plurality of new hash values; determine that the new integrity record compares favorably with the first integrity record of at least a threshold number of the plurality of data slices; and provide the at least a threshold number of the plurality of encoded data slices to a decoder. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. An apparatus comprising:
-
a processor to receive a plurality of data slices, each of the plurality of data slices including a different encoded version of a data segment encoded to prevent reconstruction of the data segment using a single one of the plurality of data slices, and to permit reconstruction of the data segment using at least a threshold number of the plurality of data slices; the processor further to; calculate first integrity indicators of each of the plurality of data slices; generate an integrity record based on the first integrity indicators; append the integrity record to each of the plurality of data slices to generate modified data slices; and a communications output to transmit the modified data slices to a plurality of slice storage units. - View Dependent Claims (19, 20, 21, 22)
-
Specification