Identifying a compromised encoded data slice
First Claim
1. A computer-implemented method for execution by one or more processing modules of a computing device, the method comprises:
- in response to a read command, issuing at least a read threshold number of read requests regarding a set of encoded data slices, wherein a data segment is dispersed storage error encoded to produce the set of encoded data slices, wherein the data segment has a known integrity value, wherein a decode threshold number of encoded data slices of the set of encoded data slices is needed to recover the data segment, and wherein the read threshold number is greater than the decode threshold number;
receiving the at least the read threshold number of encoded data slices;
entering a loop that includes;
selecting a unique combination of encoded data slices from the set of the at least the read threshold number of encoded data slices, wherein the unique combination includes the decode threshold number of encoded data slices;
disperse storage error decoding the unique combination of encoded data slices to produce a recovered data segment;
generating an integrity value for the recovered data segment;
verifying the integrity value with the known integrity value;
when the integrity value is verified, indicating that the unique combination of encoded data slices is valid;
when the integrity value is not verified, indicating that the unique combination of encoded data slices is not valid;
repeating the loop when less than a desired number of unique combinations of encoded data slices have been processed; and
exiting the loop when the desired number of unique combinations of encoded data slices have been processed;
utilizing one of the recovered data segments corresponding to one of the valid unique combinations of encoded data slice as a response to the read command; and
identifying a compromised encoded data slice based on the unique combinations of encoded data slices that are not valid.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by processing module in response to a read command, issuing at least a read threshold number of read requests regarding a set of encoded data slices and receiving at least the read threshold number of encoded data slices. The method continues where the processing module selects a unique combination of encoded data slices and decodes the unique combination to produce a recovered data segment. The method continues where the processing module verifies an integrity value for the recovered data segment and indicates whether the unique combination is valid. The method continues where the processing module selects other combinations producing more recovered data segments for further validity verification. The method continues where the processing module utilizes a verified recovered data segment as a response to the read command and identifies a compromised encoded data slice.
-
Citations
14 Claims
-
1. A computer-implemented method for execution by one or more processing modules of a computing device, the method comprises:
-
in response to a read command, issuing at least a read threshold number of read requests regarding a set of encoded data slices, wherein a data segment is dispersed storage error encoded to produce the set of encoded data slices, wherein the data segment has a known integrity value, wherein a decode threshold number of encoded data slices of the set of encoded data slices is needed to recover the data segment, and wherein the read threshold number is greater than the decode threshold number; receiving the at least the read threshold number of encoded data slices; entering a loop that includes; selecting a unique combination of encoded data slices from the set of the at least the read threshold number of encoded data slices, wherein the unique combination includes the decode threshold number of encoded data slices; disperse storage error decoding the unique combination of encoded data slices to produce a recovered data segment; generating an integrity value for the recovered data segment; verifying the integrity value with the known integrity value; when the integrity value is verified, indicating that the unique combination of encoded data slices is valid; when the integrity value is not verified, indicating that the unique combination of encoded data slices is not valid; repeating the loop when less than a desired number of unique combinations of encoded data slices have been processed; and exiting the loop when the desired number of unique combinations of encoded data slices have been processed; utilizing one of the recovered data segments corresponding to one of the valid unique combinations of encoded data slice as a response to the read command; and identifying a compromised encoded data slice based on the unique combinations of encoded data slices that are not valid. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A dispersed storage (DS) processing module comprises:
-
an interface; a memory; a recover slices module, operably coupled to the interface and the memory, wherein the recover slices module, when operable within a computing device, causes the computing device to; in response to a read command, issue at least a read threshold number of read requests regarding a set of encoded data slices, wherein a data segment is dispersed storage error encoded to produce the set of encoded data slices, wherein the data segment has a known integrity value, wherein a decode threshold number of encoded data slices of the set of encoded data slices is needed to recover the data segment, and wherein the read threshold number is greater than the decode threshold number; and receive the at least the read threshold number of encoded data slices; a slice validity module, operably coupled to the interface and the memory, wherein the slice validity module, when operable within the computing device, causes the computing device to; enter a loop causing the computing device to; select a unique combination of encoded data slices from the set of the at least the read threshold number of encoded data slices, wherein the unique combination includes the decode threshold number of encoded data slices; disperse storage error decode the unique combination of encoded data slices to produce a recovered data segment; generate an integrity value for the recovered data segment; verify the integrity value with the known integrity value; when the integrity value is verified, indicate that the unique combination of encoded data slices is valid; when the integrity value is not verified, indicate that the unique combination of encoded data slices is not valid; repeat the loop when less than a desired number of unique combinations of encoded data slices have been processed; and exit the loop when the desired number of unique combinations of encoded data slices have been processed; and a response module, operably coupled to the interface and the memory, wherein the response module, when operable within the computing device, causes the computing device to; utilize one of the recovered data segments corresponding to one of the valid unique combinations of encoded data slice as a response to the read command; and identify a compromised encoded data slice based on the unique combinations of encoded data slices that are not valid. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification