Disk sanitization using encryption
First Claim
1. A method of disk sanitization comprising:
- encrypting data stored on a disk, including a set of blocks, by using a first encryption key; and
in response to a request to delete the set of blocks, re-encrypting blocks stored on the disk other than the set of blocks, by using a second encryption key, and not re-encrypting the set of blocks; and
deleting the first encryption key.
3 Assignments
0 Petitions
Accused Products
Abstract
A technique for sanitizing data storage devices, such as magnetic disks, is disclosed. Logical data storage units such as files or portions thereof may be individually deleted and sanitized on a disk. A disk is divided into physical disk regions, each comprising one or more blocks. The contents of the disk are encrypted using a separate encryption key for each physical disk region. If a file or other data structure located in a first disk region and encrypted using a first encryption key is to be deleted, the logical portions (i.e., blocks) of that region that do not belong to the file are re-encrypted using a second encryption key, and the first encryption key is deleted.
-
Citations
21 Claims
-
1. A method of disk sanitization comprising:
-
encrypting data stored on a disk, including a set of blocks, by using a first encryption key; and
in response to a request to delete the set of blocks, re-encrypting blocks stored on the disk other than the set of blocks, by using a second encryption key, and not re-encrypting the set of blocks; and
deleting the first encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system to perform disk sanitization, the system comprising:
-
a disk including data encrypted using a first encryption key; and
a processor configured to respond to a command to delete a first set of encrypted blocks on the disk, the first set of encrypted blocks representing a file or a portion thereof, by;
decrypting blocks on the disk other than the first set of encrypted blocks, using a second encryption key to re-encrypt the blocks on the disk other than the first set of encrypted blocks, and not decrypting the first set of encrypted blocks, and deleting the first encryption key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for performing media sanitization of a disk that includes a plurality of regions, the method comprising:
-
encrypting data on the disk by using a different encryption key to encrypt each of the plurality of regions, the data on the disk including a file, wherein said encrypting includes encrypting the file using a first encryption key;
storing the first encryption key in a cryptographic key database;
receiving a command to delete the file; and
in response to the command to delete the file, identifying a first set of blocks on the disk which belong to the file and a second set of blocks on the disk which do not belong to the file;
re-encrypting the second set of blocks by using a second encryption key and not re-encrypting the first set of blocks; and
deleting the first encryption key by overwriting a portion of the cryptographic key database corresponding to the first encryption key. - View Dependent Claims (20, 21)
-
Specification