Securely rebuilding an encoded data slice
First Claim
1. A method comprises:
- issuing, by a requesting entity, a rebuild request regarding an encoded data slice to a set of distributed storage (DS) units, wherein a data segment of data is dispersed storage error encoded to produce a set of encoded data slices, wherein the set of encoded data slices includes the encoded data slice, wherein the data segment is reconstructable from a decode threshold number of encoded data slices of the set of encoded data slices, and wherein the encoded data slice is corrupted or lost;
in response to the rebuild request, generating, by each of at least some of the DS units of the set of DS units, a partial slice corresponding to the encoded data slice based on another encoded data slice of the set of encoded data slices stored by the respective DS unit to produce an array of partial slices;
encrypting, by the at least some of the DS units, the array of partial slices using a set of encryption keys, wherein each encryption key of the set of encryption keys is used 2*n times to produce an array of encrypted partial slices, where n is an integer greater than or equal to 1; and
rebuilding, by the requesting entity, the encoded data slice from the array of encrypted partial slices.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a requesting entity issuing a rebuild request regarding an encoded data slice to at least some of a set of distributed storage (DS) units. In response to the rebuild request, the method continues with each of at least some of the DS units of the set of DS units generating a partial slice corresponding to the encoded data slice to be rebuilt based on one of a set of encoded data slices stored by the respective DS unit to produce an array of partial slices. The method continues with the at least some of the DS units encrypting the array of partial slices using a set of encryption keys to produce an array of encrypted partial slices. The method continues with the requesting entity rebuilding the encoded data slice from the array of encrypted partial slices.
87 Citations
15 Claims
-
1. A method comprises:
-
issuing, by a requesting entity, a rebuild request regarding an encoded data slice to a set of distributed storage (DS) units, wherein a data segment of data is dispersed storage error encoded to produce a set of encoded data slices, wherein the set of encoded data slices includes the encoded data slice, wherein the data segment is reconstructable from a decode threshold number of encoded data slices of the set of encoded data slices, and wherein the encoded data slice is corrupted or lost; in response to the rebuild request, generating, by each of at least some of the DS units of the set of DS units, a partial slice corresponding to the encoded data slice based on another encoded data slice of the set of encoded data slices stored by the respective DS unit to produce an array of partial slices; encrypting, by the at least some of the DS units, the array of partial slices using a set of encryption keys, wherein each encryption key of the set of encryption keys is used 2*n times to produce an array of encrypted partial slices, where n is an integer greater than or equal to 1; and rebuilding, by the requesting entity, the encoded data slice from the array of encrypted partial slices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A dispersed storage (DS) module comprises:
-
a first module, when operable within a computing device, causes the computing device to receive a rebuild request regarding an encoded data slice, wherein a data segment of data is dispersed storage error encoded to produce a set of encoded data slices, wherein the set of encoded data slices includes the encoded data slice, wherein the data segment is reconstructable from a decode threshold number of encoded data slices of the set of encoded data slices, and wherein the encoded data slice is corrupted or lost; a second module, when operable within the computing device, causes the computing device to generate a partial slice corresponding to the encoded data slice based on another encoded data slice of the set of encoded data slices stored by a DS unit that includes the DS module; and a third module, when operable within the computing device, causes the computing device to encrypt the partial slice using an encryption key of a set of encryption keys to produce an encrypted partial slice, wherein the encryption key is used by another DS module of another DS unit to produce another encrypted partial slice. - View Dependent Claims (12, 13, 14, 15)
-
Specification