SECURE AND PRIVATE BACKUP STORAGE AND PROCESSING FOR TRUSTED COMPUTING AND DATA SERVICES
First Claim
1. A method for hosting backup data, comprising:
- receiving, by at least one computing device in a first region of control from at least one computing device in a second region of control, encrypted data formed from encryption of full backup data for a defined data set of the at least one computing device in the second region of control according to at least one searchable encryption algorithm based on cryptographic key information;
receiving, by the at least one computing device in the first region of control from the at least one computing device in the second region of control, encrypted metadata formed from an analysis of the full backup data and encryption of an output of the analysis based on the cryptographic key information;
receiving trapdoor data enabling visible access to the encrypted data as defined by at least one cryptographic trapdoor of the trapdoor data; and
maintaining synthetic full data for the defined data set based on the encrypted data, encrypted metadata and trapdoor data.
2 Assignments
0 Petitions
Accused Products
Abstract
A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others.
132 Citations
20 Claims
-
1. A method for hosting backup data, comprising:
-
receiving, by at least one computing device in a first region of control from at least one computing device in a second region of control, encrypted data formed from encryption of full backup data for a defined data set of the at least one computing device in the second region of control according to at least one searchable encryption algorithm based on cryptographic key information; receiving, by the at least one computing device in the first region of control from the at least one computing device in the second region of control, encrypted metadata formed from an analysis of the full backup data and encryption of an output of the analysis based on the cryptographic key information; receiving trapdoor data enabling visible access to the encrypted data as defined by at least one cryptographic trapdoor of the trapdoor data; and maintaining synthetic full data for the defined data set based on the encrypted data, encrypted metadata and trapdoor data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for publishing backup data, comprising:
-
initiating, by at least one computing device in a first region of control, a full backup of primary data stored in memory of the at least one computing device to form full backup data, the full backup data for use in maintaining synthetic full backup data for the primary data by at least one remote computing device in a second region of control; generating structural metadata based on a traversal of the primary data; encrypting the primary data and the structural metadata to form encrypted data and encrypted metadata according to at least one searchable encryption algorithm based on cryptographic key information received from a key generator that generates the cryptographic key information; and generating at least one cryptographic trapdoor based on the cryptographic key information enabling traversal of the encrypted data as defined by the at least one cryptographic trapdoor. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for subscribing to backup data, comprising:
-
requesting a restore of at least one data item of a data set of at least one subscribing computing device from a backup data service accessible via at least one network that maintains synthetic full data corresponding to the data set in a searchably encrypted format for synthetic full backup service by the backup data service; receiving the at least one data item in a searchably encrypted format; and based on cryptographic key information used to encrypt the data set accessible to the at least one subscribing device, restoring the at least one item of the data set in memory of the at least one subscribing computing device.
-
Specification