Dispersed storage network data slice integrity verification
First Claim
1. A method for execution by one or more processing devices of a computing device, the method comprises:
- issuing, by the one or more processing devices of the computing device, a retrieval request;
in response to the retrieval request, receiving at least a threshold number of double appended encoded data slices to storage units, wherein a double appended encoded data slice of the at least the threshold number of double appended encoded data slices includes an encoded data slice of a set of encoded data slices, a secret share of a set of secret shares, and an authentication code of a set of authentication codes;
separating the at least the threshold number of double appended encoded data slices into at least a threshold number of secret shares and at least a threshold number of appended encoded data slices;
decoding at least one of the at least the threshold number of secret shares in accordance with a secret share function to recapture a message authentication key;
for each of the threshold number of appended encoded data slices, verifying the authentication code based on the message authentication key and the encoded data slice; and
when the authentication codes are verified for the at least the threshold number of appended encoded data slices, decoding the encoded data slices of the at least the threshold number of appended encoded data slices in accordance with an error coding dispersal storage function to recapture a data segment.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins with a processing module issuing a retrieval request, receiving secret shares of a set of secret shares to produce received secret shares, and receiving encoded data slices of a set of encoded data slices. The method continues with the processing module decoding the received secret shares to recapture a message authentication key when a threshold number of the secret shares is received. The method continues with the processing module identifying a received encoded data slice of the received encoded data slices having an authentication code associated therewith when a threshold number of the encoded data slices is received. The method continues with the processing module verifying the authentication code based on the message authentication key and the received encoded data slice. The method continues with the processing module decoding the received encoded data slices to recapture a data segment when the authentication code is verified.
-
Citations
20 Claims
-
1. A method for execution by one or more processing devices of a computing device, the method comprises:
-
issuing, by the one or more processing devices of the computing device, a retrieval request; in response to the retrieval request, receiving at least a threshold number of double appended encoded data slices to storage units, wherein a double appended encoded data slice of the at least the threshold number of double appended encoded data slices includes an encoded data slice of a set of encoded data slices, a secret share of a set of secret shares, and an authentication code of a set of authentication codes; separating the at least the threshold number of double appended encoded data slices into at least a threshold number of secret shares and at least a threshold number of appended encoded data slices; decoding at least one of the at least the threshold number of secret shares in accordance with a secret share function to recapture a message authentication key; for each of the threshold number of appended encoded data slices, verifying the authentication code based on the message authentication key and the encoded data slice; and when the authentication codes are verified for the at least the threshold number of appended encoded data slices, decoding the encoded data slices of the at least the threshold number of appended encoded data slices in accordance with an error coding dispersal storage function to recapture a data segment. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for execution by one or more processing devices of a computing device, the method comprises:
-
encoding, by the one or more processing devices, a data segment in accordance with an error coding dispersal storage function to produce a set of encoded data slices; generating a set of authentication codes based on a message authentication key and the set of encoded data slices; appending corresponding authentication codes of the set of authentication codes to corresponding encoded data slices of the set of encoded data slices to produce a set of appended encoded data slices, wherein a first authentication code is appended to a first encoded data slice; encoding the message authentication key into a set of secret shares based on the set of encoded data slices; appending corresponding secret shares of the set of secret shares to corresponding appended encoded data slices to produce a set of double appended encoded data slices, wherein a first secret share is appended to a first appended encoded data slice; and outputting the double appended encoded data slices to storage units. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer comprises:
-
an interface; and a processing module operable to; issue, via the interface, a retrieval request; in response to the retrieval request, receive, via the interface, at least a threshold number of double appended encoded data slices to storage units, wherein a double appended encoded data slice of the at least the threshold number of double appended encoded data slices includes an encoded data slice of a set of encoded data slices, a secret share of a set of secret shares, and an authentication code of a set of authentication codes; separate the at least the threshold number of double appended encoded data slices into at least a threshold number of secret shares and at least a threshold number of appended encoded data slices; decode at least one of the at least the threshold number of secret shares in accordance with a secret share function to recapture a message authentication key when a threshold number of the secret shares is received; for each of the threshold number of appended encoded data slices, verify the authentication code based on the message authentication key and the encoded data slice; and when the authentication codes are verified for the at least the threshold number of appended encoded data slices, decode the encoded data slices of the at least the threshold number of appended encoded data slices in accordance with an error coding dispersal storage function to recapture a data segment when the authentication code is verified. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computer comprises:
-
an interface; and a processing module operable to; encode a data segment in accordance with an error coding dispersal storage function to produce a set of encoded data slices; generate a set of authentication codes based on a message authentication key and the set of encoded data slices; append corresponding the authentication codes of the set of authentication codes to corresponding encoded data slices of the set of encoded data slices to produce a set of appended encoded data slices, wherein a first authentication code is appended to a first encoded data slice; encode the message authentication key into a set of secret shares based on the set of encoded data slices; append corresponding secret shares of the set of secret shares to corresponding appended encoded data slices to produce a set of double appended encoded data slices, wherein a first secret share is appended to a first appended encoded data slice; and output, via the interface, the double appended encoded data slices to storage units. - View Dependent Claims (17, 18, 19, 20)
-
Specification