DISPERSED STORAGE NETWORK DATA SLICE INTEGRITY VERIFICATION
First Claim
1. A method comprises:
- issuing a retrieval request;
in response to the retrieval request, receiving secret shares of a set of secret shares to produce received secret shares;
when a threshold number of the secret shares is received, decoding the received secret shares in accordance with a secret share function to recapture a message authentication key;
in response to the retrieval request, receiving encoded data slices of a set of encoded data slices to produce received encoded data slices;
when a threshold number of the encoded data slices is received, identifying a received encoded data slice of the received encoded data slices having an authentication code associated therewith;
verifying the authentication code based on the message authentication key and the received encoded data slice; and
when the authentication code is verified, decoding the received encoded data slices in accordance with an error coding dispersal storage function to recapture a data segment.
5 Assignments
0 Petitions
Accused Products
Abstract
A method begins with a processing module issuing a retrieval request, receiving secret shares of a set of secret shares to produce received secret shares, and receiving encoded data slices of a set of encoded data slices. The method continues with the processing module decoding the received secret shares to recapture a message authentication key when a threshold number of the secret shares is received. The method continues with the processing module identifying a received encoded data slice of the received encoded data slices having an authentication code associated therewith when a threshold number of the encoded data slices is received. The method continues with the processing module verifying the authentication code based on the message authentication key and the received encoded data slice. The method continues with the processing module decoding the received encoded data slices to recapture a data segment when the authentication code is verified.
147 Citations
24 Claims
-
1. A method comprises:
-
issuing a retrieval request; in response to the retrieval request, receiving secret shares of a set of secret shares to produce received secret shares; when a threshold number of the secret shares is received, decoding the received secret shares in accordance with a secret share function to recapture a message authentication key; in response to the retrieval request, receiving encoded data slices of a set of encoded data slices to produce received encoded data slices; when a threshold number of the encoded data slices is received, identifying a received encoded data slice of the received encoded data slices having an authentication code associated therewith; verifying the authentication code based on the message authentication key and the received encoded data slice; and when the authentication code is verified, decoding the received encoded data slices in accordance with an error coding dispersal storage function to recapture a data segment. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprises:
-
encoding a data segment in accordance with an error coding dispersal storage function to produce a set of encoded data slices; generating an authentication code based on a message authentication key and an encoded data slice of the set of encoded data slices; outputting the authentication code and the encoded data slice to a dispersed storage (DS) unit of a set of DS units; encoding the message authentication key into a set of secret shares based on identity of at least some of the set of DS units; and outputting a secret share of the set of secret shares to a corresponding one of the at least some of the set of DS units. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer comprises:
-
an interface; and a processing module operable to; issue, via the interface, a retrieval request; receive, via the interface, secret shares of a set of secret shares to produce received secret shares in response to the retrieval request; decode the received secret shares in accordance with a secret share function to recapture a message authentication key when a threshold number of the secret shares is received; receive, via the interface, encoded data slices of a set of encoded data slices to produce received encoded data slices in response to the retrieval request; identify a received encoded data slice of the received encoded data slices having an authentication code associated therewith when a threshold number of the encoded data slices is received; verify the authentication code based on the message authentication key and the received encoded data slice; and decode the received encoded data slices in accordance with an error coding dispersal storage function to recapture a data segment when the authentication code is verified. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer comprises:
-
an interface; and a processing module operable to; encode a data segment in accordance with an error coding dispersal storage function to produce a set of encoded data slices; generate an authentication code based on a message authentication key and an encoded data slice of the set of encoded data slices; output, via the interface, the authentication code and the encoded data slice to a dispersed storage (DS) unit of a set of DS units; encode the message authentication key into a set of secret shares based on at least some of the set of DS units; and output, via the interface, a secret share of the set of secret shares to a corresponding one of the at least some of the set of DS units. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification