Identifying a potentially compromised encoded data slice
First Claim
1. A method for determining a compromised encoded slice in a dispersed storage network that is configured with a plurality of dispersed storage units, comprising:
- retrieving a first threshold combination of encoded slices from a first set of dispersed storage devices of the dispersed storage network to reconstruct a segment, in which the segment is dispersed error encoded to produce n number of encoded slices and stored in the plurality of dispersed storage units, and in which at least a threshold number of the n number of encoded slices are needed to reconstruct the segment, where the threshold number is less than n;
reconstructing the segment from the retrieved first threshold combination of encoded slices;
verifying integrity of the reconstructed segment from the first threshold combination of encoded slices;
when the reconstruction of the retrieved first threshold combination of encoded slices is negatively verified, replacing one of the encoded slices of the retrieved first threshold combination of encoded slices with one of the encoded slices of the segment stored in one of the dispersed storage units that is not an encoded slice forming the first threshold combination of encoded slices, in order to form a second threshold combination of encoded slices;
reconstructing the segment from the retrieved second threshold combination of encoded slices;
verifying integrity of the reconstructed segment from the second threshold combination of encoded slices; and
when the reconstruction of the retrieved second threshold combination of encoded slices is negatively verified, returning to the first threshold combination of encoded slices and replacing a second of the encoded slices of the retrieved first threshold combination of encoded slices to reconstruct the segment for verification and continue replacing other encoded slices of the retrieved first threshold combination of encoded slices one at a time to form other threshold combination of encoded slices, until affirmative verification is achieved to recover the segment.
6 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a dispersed storage (DS) processing module selecting a data segment and verifying integrity values of encoded data slices generated by encoding the data segment. When integrity values of a decode threshold number of encoded data slices are affirmatively verified, the method continues with the DS processing module verifying an integrity value of the data segment. When the integrity value of the data segment is affirmatively verified, the method continues with the DS processing module generating a new set of encoded data slices. The method continues with the DS processing module verifying concurrency of the set of encoded data slices with the new set of encoded data slices and for each encoded data slice having a negative concurrency verification, flagging the encoded data slice as being potentially compromised.
-
Citations
20 Claims
-
1. A method for determining a compromised encoded slice in a dispersed storage network that is configured with a plurality of dispersed storage units, comprising:
-
retrieving a first threshold combination of encoded slices from a first set of dispersed storage devices of the dispersed storage network to reconstruct a segment, in which the segment is dispersed error encoded to produce n number of encoded slices and stored in the plurality of dispersed storage units, and in which at least a threshold number of the n number of encoded slices are needed to reconstruct the segment, where the threshold number is less than n; reconstructing the segment from the retrieved first threshold combination of encoded slices; verifying integrity of the reconstructed segment from the first threshold combination of encoded slices; when the reconstruction of the retrieved first threshold combination of encoded slices is negatively verified, replacing one of the encoded slices of the retrieved first threshold combination of encoded slices with one of the encoded slices of the segment stored in one of the dispersed storage units that is not an encoded slice forming the first threshold combination of encoded slices, in order to form a second threshold combination of encoded slices; reconstructing the segment from the retrieved second threshold combination of encoded slices; verifying integrity of the reconstructed segment from the second threshold combination of encoded slices; and when the reconstruction of the retrieved second threshold combination of encoded slices is negatively verified, returning to the first threshold combination of encoded slices and replacing a second of the encoded slices of the retrieved first threshold combination of encoded slices to reconstruct the segment for verification and continue replacing other encoded slices of the retrieved first threshold combination of encoded slices one at a time to form other threshold combination of encoded slices, until affirmative verification is achieved to recover the segment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for determining a compromised encoded slice in a dispersed storage network that is configured with a plurality of dispersed storage units, comprising:
-
an interface for retrieving encoded slices from the dispersed storage units of the dispersed storage network; and a processor, configured with the interface, to; retrieve a first threshold combination of encoded slices from a first set of dispersed storage devices of the dispersed storage network to reconstruct a segment, in which the segment is dispersed error encoded to produce n number of encoded slices and stored in the plurality of dispersed storage units, and in which at least a threshold number of the n number of encoded slices are needed to reconstruct the segment, where the threshold number is less than n, reconstruct the segment from the retrieved first threshold combination of encoded slices; verify integrity of the reconstructed segment from the first threshold combination of encoded slices; when the reconstruction of the retrieved first threshold combination of encoded slices is negatively verified, replacing one of the encoded slices of the retrieved first threshold combination of encoded slices with one of the encoded slices of the segment stored in one of the dispersed storage units that is not an encoded slice forming the first threshold combination of encoded slices, in order to form a second threshold combination of encoded slices; reconstruct the segment from the retrieved second threshold combination of encoded slices; verify integrity of the reconstructed segment from the second threshold combination of encoded slices; and when the reconstruction of the retrieved second threshold combination of encoded slices is negatively verified, returning to the first threshold combination of encoded slices and to replace a second of the encoded slices of the retrieved first threshold combination of encoded slices to reconstruct the segment for verification and continue to replace other encoded slices of the retrieved first threshold combination of encoded slices one at a time to form other threshold combination of encoded slices, until affirmative verification is achieved to recover the segment. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification