Identifying a potentially compromised encoded data slice
First Claim
1. A method for execution by a processing module, the method comprises:
- selecting a data segment for determining whether at least a portion of the data segment has been compromised;
verifying integrity values of at least some encoded data slices of a set of encoded data slices, wherein the data segment is encoded in accordance with a dispersed storage error encoding function to produce the set of encoded data slices, which is stored in distributed storage (DS) units of a distributed storage network (DSN); and
when the integrity value of each of a decode threshold number of encoded data slices of the at least some of the set of encoded data slices are affirmatively verified;
verifying an integrity value of the data segment;
when the integrity value of the data segment is affirmatively verified, generating a new set of encoded data slices for the data segment in accordance with the dispersed storage error encoding function;
verifying concurrency of encoded data slices of the set of encoded data slices with corresponding encoded data slices of the new set of encoded data slices; and
for each of the encoded data slices having a negative concurrency verification, flagging the each of the encoded data slices as being potentially compromised.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module selecting a data segment and verifying integrity values of encoded data slices generated by encoding the data segment. When integrity values of a decode threshold number of encoded data slices are affirmatively verified, the method continues with the DS processing module verifying an integrity value of the data segment. When the integrity value of the data segment is affirmatively verified, the method continues with the DS processing module generating a new set of encoded data slices. The method continues with the DS processing module verifying concurrency of the set of encoded data slices with the new set of encoded data slices and for each encoded data slice having a negative concurrency verification, flagging the encoded data slice as being potentially compromised.
-
Citations
18 Claims
-
1. A method for execution by a processing module, the method comprises:
-
selecting a data segment for determining whether at least a portion of the data segment has been compromised; verifying integrity values of at least some encoded data slices of a set of encoded data slices, wherein the data segment is encoded in accordance with a dispersed storage error encoding function to produce the set of encoded data slices, which is stored in distributed storage (DS) units of a distributed storage network (DSN); and when the integrity value of each of a decode threshold number of encoded data slices of the at least some of the set of encoded data slices are affirmatively verified; verifying an integrity value of the data segment; when the integrity value of the data segment is affirmatively verified, generating a new set of encoded data slices for the data segment in accordance with the dispersed storage error encoding function; verifying concurrency of encoded data slices of the set of encoded data slices with corresponding encoded data slices of the new set of encoded data slices; and for each of the encoded data slices having a negative concurrency verification, flagging the each of the encoded data slices as being potentially compromised. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A dispersed storage (DS) module comprises:
-
a first module, when operable within a computing device, causes the computing device to; select a data segment for determining whether at least a portion of the data segment has been compromised; a second module, when operable within the computing device, causes the computing device to; verify integrity values of at least some encoded data slices of a set of encoded data slices, wherein the data segment is encoded in accordance with a dispersed storage error encoding function to produce the set of encoded data slices, which is stored in distributed storage (DS) units of a distributed storage network (DSN); and a third module, when operable within the computing device, causes the computing device to; when the integrity value of each of a decode threshold number of encoded data slices of the at least some of the set of encoded data slices are affirmatively verified; verify an integrity value of the data segment; when the integrity value of the data segment is affirmatively verified, generate a new set of encoded data slices for the data segment in accordance with the dispersed storage error encoding function; verify concurrency of encoded data slices of the set of encoded data slices with corresponding encoded data slices of the new set of encoded data slices; and for each of the encoded data slices having a negative concurrency verification, flag the each of the encoded data slices as being potentially compromised. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification