DELETION OF CONTENT IN STORAGE SYSTEMS

US 20140359309A1
Filed: 11/16/2012
Published: 12/04/2014
Est. Priority Date: 12/15/2011
Status: Abandoned Application

First Claim

Patent Images

1. A computerized system comprising:

a storage system for storing a plurality of objects and a plurality of attribute values associated to the plurality of objects; and

a key management means for deleting a key;

wherein the plurality of attribute values are organized according to a set of N, N≧

1, and a plurality of attribute types so that for each of said attribute type is an object that can be associated with an attribute value;

wherein each of said attribute type is also associated to a graph;

wherein each node of the graph is associated to the key;

wherein the key is wrapped with a key associated to a rent node of each node except for a root node and is associated to one attribute value for the attribute type corresponding to the graph;

wherein each of the plurality of objects is encrypted based on one or more keys; and

wherein each of said one or more keys is associated to one attribute value that is associated with each of the plurality of objects.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention notably relates to a computerized system (301) comprising a storage system (302, 308) storing objects and attribute values associated to the objects. The attribute values are organized according to a set of N attribute types, N≧1, such that, for each of said attribute types, an object can be associated with an attribute value. Each of said attribute types is associated to a respective graph. Each node of the respective graph is associated to a key. Said key is wrapped with a key associated to a parent node of said each node except for a root node. Also, said key is associated to one attribute value for the attribute type associated to the respective graph. Each of the objects is stored encrypted based on one or more keys. Each of said one or more keys is associated to one attribute value that is associated with said each of the objects. Such a system improves the deletion of objects stored on a storage system of a computerized system.

26 Citations

View as Search Results

13 Claims

1. A computerized system comprising:
- a storage system for storing a plurality of objects and a plurality of attribute values associated to the plurality of objects; and
  
  a key management means for deleting a key;
  
  wherein the plurality of attribute values are organized according to a set of N, N≧
  
  1, and a plurality of attribute types so that for each of said attribute type is an object that can be associated with an attribute value;
  
  wherein each of said attribute type is also associated to a graph;
  
  wherein each node of the graph is associated to the key;
  
  wherein the key is wrapped with a key associated to a rent node of each node except for a root node and is associated to one attribute value for the attribute type corresponding to the graph;
  
  wherein each of the plurality of objects is encrypted based on one or more keys; and
  
  wherein each of said one or more keys is associated to one attribute value that is associated with each of the plurality of objects.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computerized system of claim 1:
    - wherein one attribute type corresponds to a filesystem tree which is mapped onto a filesystem in the computerized system;
      
      wherein each node of the filesystem tree is associated with the following;
      
      (i) an attribute value uniquely identifying either a directory or a file of the filesystem, so that said each node corresponds to the directory or the file of the filesystem andii) a key wrapped with a key associated to a parent node of each node except for a root node; and
      
      wherein a plurality offiles of the filesystem corresponding to a plurality of leaf nodes of the filesystem tree are encrypted, and are encrypted based on the key associated to a leaf node of the filesystem tree.
  - 3. The computerized system of claim 2,wherein said plurality of files in the filesystem corresponding to the plurality of leaf nodes of the filesystem tree are encrypted, and are encrypted based on at least two keys;
    - andwherein one key is associated to a leaf node in the filesystem tree and another key is associated to an attribute type that corresponds to the filesystem tree.
  - 4. The computerized system of claim 1, wherein each object is encrypted based on at least two keys, wherein each key is associated with different types of the plurality of attribute values.
  - 5. The computerized system of claim 4, wherein each object is encrypted using a single key, wherein the single key is obtained based on at the at least two keys.
  - 6. The computerized system of claim 5, wherein each object is encrypted using a single key, wherein said single key is obtained via a one-way function using the at least two keys as input.
  - 7. The computerized system of claim 6, wherein at least one of the plurality of attribute types corresponds to a user, so that at least one attribute value for the at least one attribute type corresponds to at least one distinct user.
  - 8. The computerized system of claim 1, wherein at least one of the plurality of attribute type corresponds to time, so that at least one attribute value for the at least one attribute type corresponds to a distinct number of years.
  - 9. The computerized system of claim 1, wherein each of the plurality of objects is stored and encrypted based on an all-or-nothing transform, wherein a part of each of the plurality of objects is encrypted based on said one or more keys.

10. A method of securely managing objects stored in the computerized system, the method comprising:
- storing a plurality of objects and a plurality of attribute values associated to the plurality of objects; and
  
  deleting a key of a graph, to prevent fromderiving each key previously wrapped with the key that is deleted again and fromaccessing any object which is encrypted based on at least the key that is deleted;
  
  wherein the plurality of attribute values are organized according to a set of N, N≧
  
  1, and a plurality of attribute types so that for each of said attribute type is an object that can be associated with an attribute value;
  
  wherein each of said attribute type is also associated to a graph;
  
  wherein each node of the graph is associated to the key;
  
  wherein the key is wrapped with a key associated to a parent node of each node except for a root node and is associated to one attribute value for the attribute type corresponding to the graph;
  
  wherein each of the plurality of objects is encrypted based on one or more keys; and
  
  wherein each of said one or more keys is associated to one attribute value that is associated with each of the plurality of objects.
- View Dependent Claims (11)
- - 11. The method of claim 10, further comprising:
    - selecting a node in a graph;
      
      creating a key distinct from the key associated so far with that node, for associating the new key with that node;
      
      wrapping the plurality of keys associated to a plurality of child nodes of that node with the new key;
      
      whereindeleting the key further comprises deleting the key associated so far with that node.

12. A computer readable non-transitory article of manufacture tangibly embodying computer readable instructions which, when executed, cause a computer to carry out the steps of a method comprising:
- storing a plurality of objects and a plurality of attribute values associated to the plurality of objects; and
  
  deleting a key of a graph, to prevent from deriving each key previously wrapped with the key that is deleted again and accessing an object which is encrypted based on at least the key that is deleted;
  
  wherein the plurality of attribute values are organized according to a set of N, N≧
  
  1, a plurality of attribute types so that for each of said attribute type is an object that can be associated with an attribute value;
  
  wherein each of said attribute type is also associated to a graph;
  
  wherein each node of the graph is associated to the key;
  
  wherein the key is wrapped with a key associated to a parent node of each node except for a root node and associated to one attribute value for the attribute type corresponding to the graph;
  
  wherein each of the plurality of objects is encrypted based on one or more keys; and
  
  wherein each of said one or more keys is associated to one attribute value that is associated with each of the plurality of objects.
- View Dependent Claims (13)
- - 13. The computer according to claim 12, further comprising a data for recording a computer program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GlobalFoundries, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Cachin, Christian, Haas, Robert, Kurmus, Anil, Sorniotti, Alessandro, Hafner, Alexis

Application Number

US14/363,000
Publication Number

US 20140359309A1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 16/11   File system administration,...

G06F 21/602   Providing cryptographic fac...

H04L 9/0822   using key encryption key

H04L 9/0836   using tree structure or hie...

DELETION OF CONTENT IN STORAGE SYSTEMS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

DELETION OF CONTENT IN STORAGE SYSTEMS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links